Employers are increasingly monitoring and filtering the web browsing habits of employees. The Commission Nationale de l’Informatique et des Libertés (CNIL) recently released new guidance (for public comment) on how...more
On May 16, 2023 the CNIL issued a statement in which it said that it will be looking into privacy issues posed by generative AIs, large language models (LLMs) and derived applications (chatbots). The official statement is a...more
On 24 January and 8 April 2022, the procedure before the French Data Protection Authority (CNIL) was reformed with the aim notably to better respond to the growing number of complaints that the CNIL receives each year...more
What can the California Privacy Protection Agency learn from the EU experience as it gets ready to draft regulations regarding DPIAs? Here is a recap of my remarks from the CPRA Regulations Stakeholder Session:...more
On 19 February 2021, CNIL released guidance on the use of chatbots in compliance with data protection law (the Guidelines). The CNIL notes that in order to operate the chatbots, controllers will often need to process personal...more
Following the outbreak of COVID-19, organizations have been implementing exceptional measures to maintain "business-as-usual" to the extent allowed by their particular circumstances and to protect their employees, customers...more
The French Data Protection Authority (CNIL) published new Guidelines (French only) on December 10, 2019 applicable to whistleblowing schemes, following a public consultation process. The Guidelines replace the former Single...more
We heard recently from French Data Protection Authority CNIL on the topic of Data Protection Impact Assessments (DPIAs). Now, Ireland’s Data Protection Commission has issued its own Guidance Note on DPIAs under The General...more
The French Data Protection Authority CNIL has issued guidance on types of data processing for which a Data Protection Impact Assessment (DPIA) is not required under GDPR: HR-related processing, not including profiling, for...more
The French Data protection authority, CNIL, has issued a “Developer Kit” setting forth best practices for data protection. Key takeaways: Before using a development tool, especially for personal data, read the...more
The French Data Protection Authority (the CNIL) published its assessment of the first four months of GDPR and several guidelines, including one on how to make a GDPR compliant blockchain. ...more
On April 12, 2018, Kilpatrick Townsend hosted the International Association of Privacy Professionals (IAPP) Atlanta KnowledgeNet Chapter Meeting. With more than 80 IAPP members in attendance, Jon Neiditz and Amanda Witt,...more