As we pass the mid-point of 2025, it’s a good time to review the important developments we have seen in the first 6 months of this year, particularly reforms to the UK’s data protection laws, the EU’s pathway to...more
On 16 October 2023, France’s Data Protection Authority, the National Commission on Informatics and Liberty (CNIL), issued a set of guidelines for complying with the EU General Data Protection Regulation (GDPR) when...more
As we noted in our 2023 DSIR, there has been a flurry of activity within the information governance space, at home and abroad. This activity deserves further analysis, because while it seems from a distance that there are...more
The European Data Protection Board (EDPB) adopted a draft report of the work undertaken by the Cookie Banner Taskforce (the Report). The Report describes how regulators apply cookie legislation in handling certain types of...more
Over the past few years there has been significant growth in the use of technology for monitoring workers, especially following the onset of the COVID-19 pandemic. Global demand (based on the number of internet searches...more
Here are a few takeaways from what I said this week at the InfoGov World Expo virtual auditorium. •Is it still “early days for GDPR?” Not if you ask Germany, France’s Commission Nationale de l’Informatique et des Libertés...more
This quarterly update highlights some of the international data protection issues that have caught our attention, and the attention of our clients, in the past three months....more
On October 1, the European Court of Justice (the “ECJ”) confirmed recent guidance from the UK and CNIL regulators in finding that the use of pre-checked boxes does not constitute consent for processing of personal information...more
The guidance provides general requirements for obtaining valid consent and details conditions under which audience management cookies may be exempt. On 4 July 2019, one day after the UK Information Commissioner’s Office...more
On July 18, 2019, the French Data Protection Authority (CNIL) issued new guidance on the use of cookies and similar tracking technologies (collectively referred to as “cookies” below). The guidance clarifies the instances in...more
Data protection authorities in the UK and France have released updated guidance for website operators that use cookies on their websites. This new guidance may mandate changes to existing cookie banners and provides further...more
The closure of four cases involving targeted advertising provides lessons for navigating compliance standards under the GDPR. The recent closure of cases brought by the French Data Protection Authority (CNIL) against four...more
Companies should identify data flows, implement a data transfer solution, and update internal documents and privacy notices. Since our blog on “What a “No Deal” Brexit Means for UK Data Privacy”, the European Data...more
UNITED STATES - Regulatory—Policy, Best Practices, and Standards - United States and China Renew Promise Not to Hack - On October 4, U.S. and Chinese officials agreed to not engage in targeted hacking. Per a...more
New York Attorney General Announces Record Number of Data Breach Notices in 2016 - On March 21, 2017, the New York Attorney General's Office announced that it received 1,300 reported data breaches in 2016—a 60 percent...more
In less than one year, from 25 May 2018, the General Data Protection Regulation (GDPR or Regulation) will become enforceable. The GDPR introduces a rigorous, far-reaching privacy framework for businesses that operate, target...more
The General Data Protection Regulation (GDPR) will come into force on 25 May 2018, replacing UK’s Data Protection Act 1998 (DPA). It is yet unclear how Brexit will play out, yet in the meantime the United Kingdom is moving to...more