Each year, the CNIL selects key areas of high interest to concentrate its investigations and assess the compliance of select commercial sectors. On February 8, The CNIL announced its four main areas of focus for...more
The European Data Protection Board (EDPB) adopted a draft report of the work undertaken by the Cookie Banner Taskforce (the Report). The Report describes how regulators apply cookie legislation in handling certain types of...more
Pelosi Statement Dims the Lights on ADPPA - The prospects for the nation’s first comprehensive data privacy law, the American Data Privacy and Protection Act (the “ADPPA” or the “Bill”), dimmed after House Speaker Nancy...more
The European Data Protection Board (“EDPB”) on June 15, 2022 issued a final decision in a rare exercise of its authority under Article 65 GDPR to resolve cross-border disputes between different data protection supervisory...more
The French Data Protection Authority (CNIL) has released a Q&A providing its position, possible alternative solutions as well as guidance on using a compliant audience measurement solution. It follows a set of formal notices...more
California Privacy Protection Agency Releases Draft CPRA Regulations - The California Privacy Protection Agency (CPPA) just released proposed California Privacy Rights Act (CPRA) regulations. The regulations expand...more
Colorado Attorney General Seeks Rulemaking Comments for the Colorado Privacy Act - With the Notice of Proposed Rulemaking set for fall 2022, Colorado’s Attorney General office is currently inviting preliminary comments for...more
Following a similar case from Austria, the French data protection authority recently concluded that certain use of cookies placed by US data analytics tools violated GDPR. The case came before the CNIL as the result of a...more
FTC Warns Companies to Remediate Log4j Security Vulnerability - Log4j is a ubiquitous piece of software used to record activities in a wide range of systems found in consumer-facing products and services. Recently, a...more
Best Practices for the Virginia Consumer Data Protection Act - The Virginia Consumer Data Protection Act (VCDA) Working Group of the Joint Commission on Technology and Science released its final report on best practices...more
The French Data Protection Authority’s white paper discusses how companies can comply with data privacy and security obligations. The use of card, contactless, and innovative digital payment solutions has significantly...more
French CNIL issues guidance for organisations on transfer impact assessments, German DSK releases statement on supplementary measures and SCCs, and Hessian DPA comments on data transfer obligations (23 June 2021)....more
On 19 May 2021, the European Data Protection Board (EDPB) held its plenary session with a busy agenda. The first outcomes of the plenary have now been published by the EDPB....more
This quarterly update highlights some of the international data protection issues that have caught our attention, and the attention of our clients, in the past three months....more
"Under no circumstances shall an individual's interaction with a covered entity's product or service when the covered entity has a terms of service or a privacy policy, including the short-form privacy notice, in and of...more
United States - Regulatory—Policy, Best Practices, and Standard - NIST Unveils Draft Guidance to Protect Critical Infrastructure - On October 22, 2020, the National Institute of Standards and Technology ("NIST")...more
Following the French Administrative Supreme Court (Conseil d’État) dated 19 June 2020 (see our alert here), the French Supervisory (CNIL) published on 01 October 2020 its updated guidelines (the Guidelines), replacing its...more
Court’s decision struck down blanket prohibition on so-called “cookie walls” that prevent users from accessing a website or an application. France’s Highest Administrative Court (the Conseil d’Etat) issued a decision on 19...more
Following the outbreak of COVID-19, organizations have been implementing exceptional measures to maintain "business-as-usual" to the extent allowed by their particular circumstances and to protect their employees, customers...more
Recent action by the Hamburg authority may present implications for companies regulated by a lead data protection supervisory authority in Europe. A German supervisory authority has initiated an investigation into Google’s...more
On June 28, 2019, the French Data Protection Authority (CNIL) released its 2019-2020 action plan on ad targeting (action plan); among other things, the CNIL announced that it will issue new cookie guidance later this month...more
Much has happened since the European Union (EU) General Data Protection Regulation (GDPR) went into effect on May 25, 2018. Many EU countries have enacted national legislation to implement and expand the requirements of the...more
The closure of four cases involving targeted advertising provides lessons for navigating compliance standards under the GDPR. The recent closure of cases brought by the French Data Protection Authority (CNIL) against four...more
Companies should identify data flows, implement a data transfer solution, and update internal documents and privacy notices. Since our blog on “What a “No Deal” Brexit Means for UK Data Privacy”, the European Data...more