The revised French Health Data Hosting (HDS) certification framework, published on May 16, 2024, in the Official Journal, addresses data localization and transfers amidst concerns about digital sovereignty. The new provisions...more
On May 16, 2024, the CNIL announced a critical public consultation and three significant updates to adapt health research regulations in France. These updates, focusing on remote quality control, home monitoring, and...more
The CNIL has launched an investigation into a significant data breach affecting over 33 million individuals in France, involving third-party payment operators Viamedis and Almerys. It is the biggest breach in France involving...more
The French Data Protection Authority (the "CNIL") has just published two new reference methodologies for research, studies, or evaluations necessitating access to the data in the French Healthcare database. These new...more
The French Data Protection Authority (CNIL) is still seeking input from Artificial Intelligence (AI) stakeholders on how to ensure that AI systems comply with data protection laws. Use of large amount of data and data...more
P. Latombe, who is not only a Member of the French Parliament, but also seated at the French Data Protection Authority (CNIL)'s Commission, lodged a request for annulment of the DPF on 6 September 2023 before the Court of...more
9/12/2023
/ Annulment ,
CNIL ,
Court of Justice of the European Union (CJEU) ,
Data Privacy ,
Data Protection ,
France ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Popular ,
Schrems I & Schrems II ,
Treaty on the Functioning of the European Union (TFEU)
A decision issued on May 4, 2023 by the European Court of Justice (the "ECJ") provides clarifications that are particularly welcome when answering requests for access from data subjects. In this decision, the ECJ, in response...more
A few days after the European Parliament adoption of a compromise position on the Artificial Intelligence Act (the “AI Act”), the French Data Protection Authority (the “CNIL”) published, on 16 May 2023, a detailed 4-step...more
Les derniers mois ont vu une activité bouillonnante de la CNIL avec l’adoption de nombreuses délibérations. Nous avons analysé ces décisions pour comprendre les principales orientations prises par l’autorité française....more
While the French Data Protection Authority (the "CNIL") has consistently emphasized the importance of protecting health data, there will be even more focus for 2023 with more investigations and sanctions in this sector. The...more
Prenant en compte les conclusions de l’arrêt « Schrems II » du 16 juillet 2020, le nouvel Executive Order signé par le Président Biden, le 7 octobre 2022, introduit de nouvelles garanties notamment (i) en limitant les...more
The French Data Protection Authority (CNIL) has released a Q&A providing its position, possible alternative solutions as well as guidance on using a compliant audience measurement solution. It follows a set of formal notices...more
A new French template agreement for clinical trials (Convention Unique) was published on April 9, 2022. This new version was much awaited since the initial version, dated back to 2016, was missing some key provisions...more
The healthcare sector is a current focus of the French data protection authority (CNIL) which just published two draft standards regarding processing of personal data in the context of Early Access and Compassionate Access....more
Le 15 février 2022, la CNIL a publié deux projets de référentiels. Ces référentiels étaient très attendus car l’Autorisation Unique 041 sur les traitements de données personnelles dans le cadre des Autorisations Temporaires...more
The General Data Protection Regulation 2016/679 (GDPR) provides means to enforce provisions related to personal data processing by you as a data controller or data processor. It introduces collective actions everywhere in...more
On October 8, 2020, France’s data protection authority (CNIL) provided the French Administrative Supreme Court (Conseil d’Etat) with a brief presenting its arguments against the hosting of some French public health data by...more
We would be delighted if you'd join us for the second webinar in the data class actions webinar series.
When data subjects – the people whose data is at issue – believe the processing of their data has infringed their...more
5/14/2020
/ Class Action ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Data Subjects Rights ,
Opt-In ,
Opt-Outs ,
Personally Identifiable Information ,
Webinars
The French Data Protection Authority (CNIL) has recently released new guidelines (French only) regarding human resources processing operations. ...more
The General Data Protection Regulation 2016/679 (GDPR) provides means to enforce provisions related to personal data processing by you as a data controller or data processor. It introduces collective actions everywhere in...more
11/22/2019
/ Burden of Proof ,
Class Action ,
Cybersecurity ,
Data Breach ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
European Commission ,
Evidence ,
Forum Shopping ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Litigation Strategies ,
Personal Data ,
Personally Identifiable Information ,
Private Right of Action ,
Risk Management ,
Russia
Whilst political uncertainty may have businesses’ attention fixed, the Hogan Lovells Global Survey on Digital Regulation: ‘A Turning Point for Tech’ suggests that tech companies should be looking elsewhere. During yesterday’s...more
10/31/2019
/ 5G Network ,
Big Tech ,
Business Model ,
Competition ,
Copyright ,
Corporate Taxes ,
Cybersecurity ,
Data Protection ,
Digital Platforms ,
Enforcement Programs ,
EU ,
Freedom of Expression ,
General Data Protection Regulation (GDPR) ,
Innovative Technology ,
Privacy Concerns ,
Regulatory Agenda ,
Regulatory Oversight ,
Regulatory Standards ,
United Arab Emirates (UAE)
On 19 July the French Data Protection Authority (the “CNIL”) published new guidelines on cookies and trackers. These replace the existing Recommendation No. 2013-378 of 5 December 2013, are intended to be in line with...more
7/22/2019
/ CNIL ,
Cookies ,
Data Protection ,
e-Privacy Directive ,
EU ,
France ,
General Data Protection Regulation (GDPR) ,
Grace Period ,
Information Technology ,
Internet ,
New Guidance ,
Opt-In ,
Prior Express Consent ,
Regulatory Oversight ,
Regulatory Requirements ,
Web Tracking ,
Websites
Clinical trials in the EU include the collection of sensitive health data from patients. Trial sponsors are obliged to reconcile their respect of regulations governing data protection with regulations governing the conduct of...more
4/25/2019
/ Clinical Trials ,
Data Collection ,
Data Processors ,
Data Protection ,
Electronic Medical Records ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Informed Consent ,
Personal Data ,
Pharmaceutical Industry ,
Regulatory Standards ,
Scientific Research
The French Data Protection Authority (the CNIL) published its assessment of the first four months of GDPR and several guidelines, including one on how to make a GDPR compliant blockchain. ...more
10/11/2018
/ Big Data ,
Biometric Information ,
Blockchain ,
CCTV ,
CNIL ,
Cybersecurity ,
Data Protection ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Distributed Ledger Technology (DLT) ,
EU ,
France ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Right to Erasure
The General Data Protection Regulation (GDPR) will enter into force on 25 May 2018. In light of the urgency to adapt Law no. 78-17 dated 6 January 1978 to the new European Union law, the French Government has initiated an...more