Nota Bene Episode 135: Europe Q3 Check In: Brexit, Data Protection, and Block Exemption Regulations with Oliver Heinisch
E14: The Three Pillars of GDPR
E13: GDPR Wedding Day & Beyond
E12: GDPR Article 22 and Automated Decision Making
E8: Interview with Cookiebot CEO on Technical Solutions to GDPR Readiness
How to avoid a €20m fine. Meritas guide to the steps companies should take to comply with GDPR
Data Privacy Trouble Surrounding Google Street View Cars Presents Lesson for Smaller Companies
On May 21, 2024, France adopted law No. 2024-449 to secure and regulate the digital space. This law grants new enforcement powers and authority to the French Data Protection Authority (CNIL), including to seize documents,...more
On January 12, 2022, the French data protection authority (“CNIL“) published guidance on the reuse of personal data by processors for their purposes (“Guidance”). This the most recent guidance of a major EU regulator on a...more
The French data protection authority’s decisions cite violations of the cookie rules under the ePrivacy Directive and provide important insights on explicit consent. Between December 2019 and May 2020, the French data...more
The Council decision contains useful considerations and clarifications on the “one-stop shop” mechanism, transparency obligations, and consent for targeted advertising. On 19 June 2020, France’s Highest Administrative...more
On January 21, 2019, the CNIL (the French data protection authority) issued a fine of €50 million to Google under the General Data Protection Regulation (the “GDPR”) for its failure to (1) provide notice in an easily...more
The European Data Protection Board (EDPB) and a number of European data protection supervisory authorities have recently issued guidance on processing personal data, including special categories of personal data (i.e., health...more
The EU General Data Protection Regulation allows the temporary suspension of some data-protection rights in times of crisis, such as the outbreak of the 2019 Novel Coronavirus. This installment of The eData Guide to GDPR...more
The Situation: On July 4, 2019, the French data protection authority ("CNIL") published revised guidelines on the implementation of cookies or similar tracking technologies in order to take into account the new requirements...more
Q1/ Applicable legislation - (a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation? Old legislation has been updated....more
On September 24, 2019, the highest court of the European Union (EU), the Court of Justice of the EU (CJEU), attempted to limit the territorial scope and authority of EU data protection authorities in its recent decision...more
I. Les BCR pour faciliter les transferts intra-groupes - Les données personnelles ont vocation à circuler sans s’arrêter aux frontières de l’Union européenne (« UE »). Aussi, le règlement général sur la protection des...more
The French CNIL imposed a €400,000 fine on a company specialized in real estate development, purchase, sale, rental and property management, for failing to adequately protect the data of users of its website and for...more
After Google was ordered to pay €50 million (about $57 million) by the French data protection authority—the largest financial penalty under the General Data Protection Regulation (GDPR) to date—other companies were left to...more
The French Data Protection Authority, CNIL, has fined Google $50 Million Euros for Google’s alleged failure to comply with the EU’s sweeping General Data Protection Regulation (GDPR). The enforcement action is significant for...more
The General Data Protection Act has been making headlines for quite some time now, especially the potential fines that can be levied for non-compliance. Since the law’s recent enactment in May 2018, legal professionals and...more
Welcome back to our two-part series examining CNIL vs. Google: 10 lessons from the largest data protection fine ever issued. In this post we continue our analysis of CNIL vs. Google by taking a closer look at the additional...more
In January 2019, the French data protection authority, CNIL (Commission Nationale de l’informatique et des libertés), announced that it had fined Google 57 million euros (approximately £44 million or USD$65 million) for...more
France’s data protection authority (DPA) (CNIL) recently announced that it has fined Google $57 million for violations of the General Data Protection Regulation (GDPR). This is the first fine by a European DPA of an American...more
Paris partner Fabienne Arrighi publishes an Employment Alert about HR data processing and the new EU GDPR. ...more
Dans moins de quatre mois, le 25 mai 2018, le règlement général de l'Union européenne sur la protection des données (« RGPD ») entrera en vigueur et la loi française, actuellement en discussion devant le parlement, qui tient...more
On May 29, 2017, the French Data Protection Authority (Commission Nationale Informatique et Libertés, or "CNIL") announced that it had authorized nine banking institutions to implement, on an experimental basis,...more
In the online advertising sector, achieving a successful advertising campaign often involves implementing cookies (small files stored on computers or mobile devices that contain information on the user's browsing history),...more
On December 28, 2016, the New York Department of Financial Services ("DFS") released a revised version of a proposed regulation that would require banks, insurance companies, and other financial services institutions...more
The question of how "big data" should be treated in merger control and antitrust enforcement was a key issue for the European Commission and national regulators in European Union member states in 2016, with competition...more
After the European Court of Justice invalidated Safe Harbor on October 6, ?2015, the Article 29 Working Party announced in an October 16, 2015 statement that US companies that were Safe Harbor certified had until the end of...more