In response to a record year of personal data breaches in 2024, affecting millions of individuals, the French data protection authority (CNIL) has published a set of security directives for operators of large databases. While...more
The CNIL has published its strategic plan for the period of 2025-2028. This is typical of the CNIL, who regularly inform its stakeholders of its priorities....more
Anticipating enforcement priorities of regulators may partly rely on their long-term trajectory and domestic dynamics, which differ from a country to another. This action plan reflects CNIL’s ambition (i) to be appointed by...more
Il n’y a pas de question plus difficile en matière contentieuse que celle de l’anticipation des risques de faire l’objet d’un contrôle ou d’une sanction. C’est la raison pour laquelle il est utile de se nourrir des évolutions...more
The CNIL’s newly released recommendations for AI system developers set out the regulator’s expectations for the entire development process of an AI system, from design to database creation and integration, ensuring...more
On October 12, 2023, the CNIL released its first guidance on how to comply with the General Data Protection Regulation (GDPR) when developing and using artificial intelligence (AI) using personal data or impacting...more
The French supervisory authority (CNIL) asked for public comments on its draft recommendation on data security in relation to processing that presents particularly high risks to individuals or to the public interest (the...more
A few days after the European Parliament adoption of a compromise position on the Artificial Intelligence Act (the “AI Act”), the French Data Protection Authority (the “CNIL”) published, on 16 May 2023, a detailed 4-step...more
On May 10, the French data protection agency, Commission Nationale de l’Informatique et des Libertés (CNIL), fined a facial recognition company an overdue penalty payment in the amount of €5.2 million for failing to comply...more
Les derniers mois ont vu une activité bouillonnante de la CNIL avec l’adoption de nombreuses délibérations. Nous avons analysé ces décisions pour comprendre les principales orientations prises par l’autorité française....more
Alla luce del recente provvedimento dell’Autorità Garante per la Protezione dei Dati Personali Francese, la Commission nationale de l'informatique et des libertés (“Garante” o “CNIL”), riportiamo di seguito un’analisi del...more
Google Analytics remains a hot topic for businesses and apparently also for data protection authorities (DPAs). With the advent of these new decisions and the new CNIL guidance, businesses have an even harder time justifying...more
On 24 January and 8 April 2022, the procedure before the French Data Protection Authority (CNIL) was reformed with the aim notably to better respond to the growing number of complaints that the CNIL receives each year...more
Connecticut Passes the Fifth US State Consumer Privacy Law - The Connecticut governor has formally signed and passed An Act Concerning Personal Data Privacy and Online Monitoring (CPDA), making this law the fifth US state...more
France’s data protection authority, the Commission Nationale de Informatique et des Libertés (“CNIL”), has issued one of its highest General Data Protection Regulation (“GDPR”) sanctions to-date against Dedalus Biologie SAS...more
The healthcare sector is a current focus of the French data protection authority (CNIL) which just published two draft standards regarding processing of personal data in the context of Early Access and Compassionate Access....more
France's data protection authority (DPA), Commission Nationale de l'Informatique et des Libertés (CNIL), announced its ruling on February 10, 2022, that the use of Google Analytics by companies in the EU violates Article 44...more
Le 15 février 2022, la CNIL a publié deux projets de référentiels. Ces référentiels étaient très attendus car l’Autorisation Unique 041 sur les traitements de données personnelles dans le cadre des Autorisations Temporaires...more
On January 12, 2022, the French Data Protection Authority (CNIL) issued guidance (available in French only) that sets out the conditions for processors to reuse the personal data entrusted by controllers for their own...more
FTC Warns Companies to Remediate Log4j Security Vulnerability - Log4j is a ubiquitous piece of software used to record activities in a wide range of systems found in consumer-facing products and services. Recently, a...more
France’s data protection authority (CNIL) has proved again its determination to continue its enforcement strategy by issuing some 30 new formal notices to comply with its new guidelines on cookies on December 14, 2021....more
In this fourth alert in our series regarding the European Parliament’s formal endorsement of a new collective actions legislation titled the Directive of the European Parliament and of the Council on Representative Actions...more
Amazon’s financial records have revealed that the Luxembourg data protection supervisory authority, the Commission Nationale pour la Protection des Données (“CNPD”), is fining the retailer’s European arm (Amazon Europe Core...more
The French data protection authority, La Commission nationale de l’informatique et des libertés ("CNIL"), one of Europe's ("EU") most active data protection regulators, has continued to focus on the lawfulness of the use of...more