On February 6, 2025, the European Commission published guidelines clarifying the definition of an “AI system” under the EU AI Act. Only systems that meet this definition fall within the AI Act’s scope, making it a key...more
While some voices are asking for a pause in the implementation schedule of the EU AI Act, the EU Commission is required by the EU AI Act to issue guidelines to facilitate practical implementation of the Regulation. After...more
On 12 June 2025, the French data protection authority (CNIL) launched a public consultation on a draft recommendation regarding the use of tracking pixels in emails. This recommendation roughly assimilates pixels and any...more
On May 14, 2025, the Belgian Market Court delivered a landmark ruling regarding IAB Europe’s role in the Transparency and Consent Framework (TCF). The Court confirms that TC Strings qualify as personal data and that IAB...more
On April 22, 2025, the AI Office within the EU Commission launched a multi-stakeholder consultation to assist in the preparation of guidelines aiming at clarifying the scope of the rules for providers of GPAI models in the AI...more
In the face of rising cybercrime, end-to-end encryption has become a point of tension between the protection of secrets, public security, and technological sovereignty. At stake: preserving encryption as a safeguard for...more
On April 1st, 2025, the General Court of the European Union held its first hearing on the request initiated by member of French parliament Philippe Latombe for annulment of the EU-U.S. Data Privacy Framework (“DPF”) further...more
The French Data Protection Authority launches a public consultation on location data of connected vehicles, until May 20, 2025. This work will shape future regulations regarding the use of location data and its impact on...more
It would seem that for the Court of Justice of the European Union (CJEU), the answer is yes – let’s dig into the CJEU decision on the case No. C-247/23, issued on the 13th of March. VP, an Iranian transgender refugee, had his...more
In 2024, the CNIL stepped up its enforcement action, issuing 87 sanctions, 180 compliance orders and 64 reprimands. However, only 12 decisions were made public, thus complicating the exercise of making the regulator’s...more
Finding a European consensus around the regulation of artificial intelligence (AI) does not start with the adoption of laws. It results from their common interpretation and articulation within a broader digital regulatory...more
Anticipating enforcement priorities of regulators may partly rely on their long-term trajectory and domestic dynamics, which differ from a country to another. This action plan reflects CNIL’s ambition (i) to be appointed by...more
1/17/2025
/ Artificial Intelligence ,
CNIL ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
Minors ,
Mobile Apps ,
Privacy Laws ,
Privacy-By-Design ,
Regulatory Agenda
On July 9, 2024, the CNIL launched a public consultation on a draft recommendation (“Draft Recommendation”) on measuring diversity in the workplace. While measuring diversity is an important indicator in the fight against...more
Il n’y a pas de question plus difficile en matière contentieuse que celle de l’anticipation des risques de faire l’objet d’un contrôle ou d’une sanction. C’est la raison pour laquelle il est utile de se nourrir des évolutions...more
The Data Governance Act is meant to foster the creation of a single European market for data sharing and re-use to enhance its commercial and scientific potential. Data held by public sector bodies are likely to be of key...more