In response to a record year of personal data breaches in 2024, affecting millions of individuals, the French data protection authority (CNIL) has published a set of security directives for operators of large databases. While...more
Recent decisions by the French data protection authority (CNIL) have highlighted the importance of GDPR compliance, particularly in the areas of data retention, consent for processing sensitive personal data, and marketing...more
The CNIL has launched an investigation into a significant data breach affecting over 33 million individuals in France, involving third-party payment operators Viamedis and Almerys. It is the biggest breach in France involving...more
The French Data Protection Authority announced a €600,000 fine against Groupe Canal+ over concerns with the media company’s direct marketing activities. According to the CNIL, the company sent users email marketing without...more
French authorities have fined an air freight company for a string of employee data violations, and for its failure to fully cooperate with their investigation....more
The French supervisory authority (CNIL) asked for public comments on its draft recommendation on data security in relation to processing that presents particularly high risks to individuals or to the public interest (the...more
On 25 January 2023, France’s Orientation and Programming Law of the Ministry of the Interior (LOPMI) was published in the Official Journal. LOPMI amends various legislative acts, including the French Insurance Code....more
France’s data protection authority, the Commission Nationale de Informatique et des Libertés (“CNIL”), has issued one of its highest General Data Protection Regulation (“GDPR”) sanctions to-date against Dedalus Biologie SAS...more
France’s data protection regulator (the CNIL) said this week it has fined Google and Facebook a combined €210 million for breaches of laws on cookies use and tracking of user online activity. These fines were not under the...more
In addition to the not-insignificant €2.25 million fine, CNIL's enforcement action against Carrefour France raises some universal points for companies handling data, both in the EU and in the U.S. Big Picture Takeaways:...more
French Data Protection Authority Issues Guidelines on Cookie Use - CNIL, France’s data protection authority, has released new rulesfor obtaining consumer consent under the GDPR for companies using cookies and other tracking...more
Le 28 mai 2019, la Commission nationale de l'informatique et des libertés (« CNIL ») a prononcé une amende de 400.000 euros à l’encontre de la société Sergic, une société de gestion immobilière, pour manquement à l’obligation...more
Much has happened since the European Union (EU) General Data Protection Regulation (GDPR) went into effect on May 25, 2018. Many EU countries have enacted national legislation to implement and expand the requirements of the...more
Google Receives Record GDPR Fine - Marking the first major penalty against a U.S. tech company under the General Data Protection Regulation (GDPR), the French data-protection authority, CNIL, has fined Google a record $57...more
The French data protection authority CNIL has received 3,767 data protection complaints since EU’s General Data Protection Regulation (GDPR) came into effect on May 25, 2018. According to CNIL this is a 64 percent increase...more
Four months after the GDPR came into effect, the French Data Protection Authority (“CNIL“) published a first assessment with some impressive figures: ..It received more than 600 personal data breach notifications, ?i.e.,...more
In this month's edition of our Privacy & Cybersecurity Update, we examine Brazil's new data protection regulation, the French data protection authority's warning to two companies of potential GDPR violations and the U.S....more
The Situation: Even before the General Data Protection Regulation ("GDPR") became effective on May 25, there has been a noticeable trend in the enforcement of security obligations through increased sanctions. The...more
UNITED STATES - Regulatory—Policy, Best Practices, and Standards - United States and China Renew Promise Not to Hack - On October 4, U.S. and Chinese officials agreed to not engage in targeted hacking. Per a...more
New York Attorney General Announces Record Number of Data Breach Notices in 2016 - On March 21, 2017, the New York Attorney General's Office announced that it received 1,300 reported data breaches in 2016—a 60 percent...more