Online political advertising has become central to modern electoral campaigns. However, the growing lack of transparency, particularly regarding funding, targeting, and data processing practices, raises serious concerns about...more
On June 12 2025, the French supervisory authority (CNIL) requested public comments on the draft recommendations on the use of tracking pixels in emails (Draft Recommendations)....more
On 12 June 2025, the French data protection authority (CNIL) launched a public consultation on a draft recommendation regarding the use of tracking pixels in emails. This recommendation roughly assimilates pixels and any...more
On April 24 2025, the French supervisory authority (CNIL) issued a draft recommendation to address challenges in collecting user consent for cookies and trackers across multiple devices (the Draft Recommendation). The new...more
The French Data Protection Authority launches a public consultation on location data of connected vehicles, until May 20, 2025. This work will shape future regulations regarding the use of location data and its impact on...more
While mobile apps have become one of the major means of access to digital services, their ubiquity is accompanied by significant risks to users' privacy, due to the massive amount of personal data they collect and process....more
App permissions do not satisfy the requirements for valid consent for the purpose of GDPR because they lack sufficient detail and granularity, according to the Commission Nationale de l’Informatique et des Libertés (CNIL)....more
Recent decisions by the French data protection authority (CNIL) have highlighted the importance of GDPR compliance, particularly in the areas of data retention, consent for processing sensitive personal data, and marketing...more
On 18 October 2023, the Commercial Division of the French Supreme Court (Court of Cassation) issued a noteworthy ruling, in which it judged its own case law on restrictive competition practices to be "complex", a source of...more
The French Data Protection Authority imposed a €280,000 fine for GDPR infringements and a €100,000 fine for violation of French cookie rules. On 11 May 2023 the French Data Protection Authority (the CNIL) handed down its...more
European regulators unofficially announced the major theme of this new year, through the release of several decisions pertaining to cookies and other tracking technologies in the first 10 days of 2022. As the General Data...more
The Commission Nationale de l’Informatique et des Libertés, the French Data Protection Agency, has issued a 150M Euro fine against Google and a 60M Euro fine against Facebook/Meta for cookie consent violations...more
The French Supervisory Authority has set 31 March 2021 as the end of the “reasonable period” to bring websites and mobile applications into compliance. Following the adoption and publication of its updated guidelines along...more
On 7 December 2020, the French supervisory authority CNIL (Commission nationale de l’informatique et des libertés, French data protection authority) imposed substantive fines on Amazon and Google for allegedly placing...more
The Commission nationale de l'informatique et des libertés (CNIL) is the national data protection authority in France. Recently, it announced new guidance on cookies and online trackers (Guidelines). Operators of...more
The Council decision contains useful considerations and clarifications on the “one-stop shop” mechanism, transparency obligations, and consent for targeted advertising. On 19 June 2020, France’s Highest Administrative...more
McDermott Will & Emery a le plaisir de vous convier à un webinaire sur le thème "Ce que vous avez peut-être manqué des actualités RGPD: la montée en puissance de l’accountability?" qui abordera les thèmes suivants: -...more
In our latest webinar we will be examining what you may have missed in the development of GDPR in the current global landscape, focusing in particular on: - Data transfers outside the EU: what to do with its standard...more
The Situation: On July 4, 2019, the French data protection authority ("CNIL") published revised guidelines on the implementation of cookies or similar tracking technologies in order to take into account the new requirements...more
On January 14, 2020, the French data protection authority (CNIL) launched a public consultation on its draft recommendations for the collection of consent in the context of cookies and other tracking technologies (the ‘draft...more
The legal requirements for the use of cookies have been subject to discussion over the last few years, with little to no enforcement and guidance from European data protection authorities (DPAs). That has changed recently....more
Several weeks ago, we published a CCPA FAQS on Cookies, which provides a high-level look at how the impending CCPA may apply to website cookies. The CCPA’s definition of personal information is expansive, and in preparation...more
In its long-awaited judgment, the European Court of Justice (CJEU) decided the data protection requirements for obtaining consent when using cookies. The court held that “passive” acceptance of cookies through prechecked...more
The perplexing question of what U.S. companies must do to comply with EU “cookie” law became slightly more clear with the recent decision of the European Court of Justice (CJEU) in Planet49 GmbH, but numerous questions still...more
On October 1, the European Court of Justice (the “ECJ”) confirmed recent guidance from the UK and CNIL regulators in finding that the use of pre-checked boxes does not constitute consent for processing of personal information...more