On 19 June 2025, CNIL published two additional “how-to-sheets” on artificial intelligence, one on legitimate interest and the other on the collection of data via web scraping. These documents aim to clarify the rules...more
In the context of a significant increase in data breaches and cyber-attacks impacting hospitals, the French Data Protection Authority (“CNIL”) has launched a series of investigations and issued several formal notices to...more
Finding a European consensus around the regulation of artificial intelligence (AI) does not start with the adoption of laws. It results from their common interpretation and articulation within a broader digital regulatory...more
On 24 April 2024, the European Data Protection Board ("EDPB") released a set of guidance documents and template complaint forms to facilitate the implementation of the redress mechanisms corresponding to the EU-U.S. Data...more
The revised French Health Data Hosting (HDS) certification framework, published on May 16, 2024, in the Official Journal, addresses data localization and transfers amidst concerns about digital sovereignty. The new provisions...more
On October 12, 2023, the CNIL released its first guidance on how to comply with the General Data Protection Regulation (GDPR) when developing and using artificial intelligence (AI) using personal data or impacting...more
This summer, the European Data Protection Board (“EDPB”) published the final version of its Recommendations 01/2022 (“Recommendations”) on Binding Corporate Rules for Controllers (“C-BCR”). During the turbulence caused by the...more
The French Data Protection Authority (CNIL) is still seeking input from Artificial Intelligence (AI) stakeholders on how to ensure that AI systems comply with data protection laws. Use of large amount of data and data...more
P. Latombe, who is not only a Member of the French Parliament, but also seated at the French Data Protection Authority (CNIL)'s Commission, lodged a request for annulment of the DPF on 6 September 2023 before the Court of...more
9/12/2023
/ Annulment ,
CNIL ,
Court of Justice of the European Union (CJEU) ,
Data Privacy ,
Data Protection ,
France ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Popular ,
Schrems I & Schrems II ,
Treaty on the Functioning of the European Union (TFEU)
On July 28, 2023, the CNIL published a call for contributions focusing on the creation of databases based on artificial intelligence. All stakeholders in the sector are invited to participate and share their experiences and...more
On 10 July 2023, the European Commission (EC) adopted its eagerly expected adequacy decision on data transfers under the EU-U.S. Data Privacy Framework (DPF). The adequacy decision was preceded by substantial changes to U.S....more
A few days after the European Parliament adoption of a compromise position on the Artificial Intelligence Act (the “AI Act”), the French Data Protection Authority (the “CNIL”) published, on 16 May 2023, a detailed 4-step...more
While the French Data Protection Authority (the "CNIL") has consistently emphasized the importance of protecting health data, there will be even more focus for 2023 with more investigations and sanctions in this sector. The...more
The French Data Protection Authority (CNIL) has released a Q&A providing its position, possible alternative solutions as well as guidance on using a compliant audience measurement solution. It follows a set of formal notices...more
A new French template agreement for clinical trials (Convention Unique) was published on April 9, 2022. This new version was much awaited since the initial version, dated back to 2016, was missing some key provisions...more
The healthcare sector is a current focus of the French data protection authority (CNIL) which just published two draft standards regarding processing of personal data in the context of Early Access and Compassionate Access....more
On February 19, the European Commission (EC) published the draft of its much hoped-for adequacy decision for transfers of personal data to the UK under the EU General Data Protection Regulation (EU GDPR) (Draft Adequacy...more
2/23/2021
/ Cybersecurity ,
Data Management ,
Data Protection ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
UK
The French Data Protection Authority (CNIL) has recently released new guidelines (French only) regarding human resources processing operations. ...more