Under the Radar: DOJ's Data Security Rules and Their Impact on Payments Companies — Payments Pros – The Payments Law Podcast
Podcast - Regulating AI in Healthcare: The Road Ahead
No Password Required: Former Lead Attorney at U.S. Cyber Command, Cyber Law Strategist, and Appreciator of ‘Mad Men’ Hats
We get Privacy for work – Episode 6: The Potential Privacy Risks Inherent to Mergers and Acquisitions
Compliance Tip of the Day: Rethinking Corporate AI Governance Through Design Intelligence
FCPA Compliance Report: Ethical Challenges in AI, Data Protection, and Sports with Andre Paris
We get Privacy for work: The Privacy Pitfalls of a Remote Workforce
No Password Required: From AOL to Award-Winning Cuisine to High-Stakes Hacking
Everything Compliance: Episode 156, To Document or Not Edition
AI on the Job: How to Stay Ahead of Employment and Data Privacy Risks
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — Regulatory Oversight Podcast
Constangy Clips Ep. 10 - 3 Ways the GDPR Is Evolving with Today’s Tech Landscape
The Privacy Insider Podcast Episode 14: The Pig Around the Corner: Privacy and Trade with Constantine Karbaliotis of nNovation LLP
FCPA Compliance Report: AI, Data Compliance, and Ownership - A Conversation with Andrew Hopkins
A Less is More Strategy for Data Risk Mitigation
Weathering the 2025 Whirlwind: How to Keep Calm & Carry On
Approach to Responsible AI
Why Privacy Matters to Your Business and What's in Store for 2025
No Password Required Podcast: Senior Security Researcher at Nokia and Guardian of Secure AI Networks
Getting Bang for Your Buck: Spend Your 2025 Privacy Budget Wisely
As we pass the mid-point of 2025, it’s a good time to review the important developments we have seen in the first 6 months of this year, particularly reforms to the UK’s data protection laws, the EU’s pathway to...more
Employers are increasingly monitoring and filtering the web browsing habits of employees. The Commission Nationale de l’Informatique et des Libertés (CNIL) recently released new guidance (for public comment) on how...more
France's Data Protection Authority (the “Commission Nationale de l'Informatique et des Libertés” or “CNIL”) has issued comprehensive recommendations intended to assist businesses that are develop artificial intelligence...more
Key Points - - The French CNIL’s recent guidance regarding the application of legitimate interest as a legal basis in AI training is welcome, but several other AI regulatory issues remain unresolved. - Issues such as...more
On 12 June 2025, the French data protection authority (CNIL) launched a public consultation on a draft recommendation regarding the use of tracking pixels in emails. This recommendation roughly assimilates pixels and any...more
Finding a European consensus around the regulation of artificial intelligence (AI) does not start with the adoption of laws. It results from their common interpretation and articulation within a broader digital regulatory...more
On January 31, 2025, the French supervisory authority (CNIL) published the final version of its guide on transfer impact assessments (TIA). A TIA must be undertaken by organisations relying on one of the ‘appropriate...more
The CNIL has published its strategic plan for the period of 2025-2028. This is typical of the CNIL, who regularly inform its stakeholders of its priorities....more
App permissions do not satisfy the requirements for valid consent for the purpose of GDPR because they lack sufficient detail and granularity, according to the Commission Nationale de l’Informatique et des Libertés (CNIL)....more
Recent decisions by the French data protection authority (CNIL) have highlighted the importance of GDPR compliance, particularly in the areas of data retention, consent for processing sensitive personal data, and marketing...more
The CNIL’s newly released recommendations for AI system developers set out the regulator’s expectations for the entire development process of an AI system, from design to database creation and integration, ensuring...more
The French Data Protection Authority announced a €600,000 fine against Groupe Canal+ over concerns with the media company’s direct marketing activities. According to the CNIL, the company sent users email marketing without...more
On 16 October 2023, France’s Data Protection Authority, the National Commission on Informatics and Liberty (CNIL), issued a set of guidelines for complying with the EU General Data Protection Regulation (GDPR) when...more
At the end of February 2021, the French Data Protection Authority (CNIL) found out via the media about a massive personal data breach involving health-related data of about 500,000 French patients. After more than a year of...more
Following the 2020 Court of Justice of the European Union’s (CJEU) ruling invalidating the Privacy Shield (see our alert here), personal data transfers from the European Union to the United States required EU companies to...more
What can the California Privacy Protection Agency learn from the EU experience as it gets ready to draft regulations regarding DPIAs? Here is a recap of my remarks from the CPRA Regulations Stakeholder Session:...more
Companies using Google Analytics (“Analytics”) or similar platforms may be interested in recent rulings of several European data protection authorities that found Analytics data transfers to the U.S. to be non-compliant with...more
The healthcare sector is a current focus of the French data protection authority (CNIL) which just published two draft standards regarding processing of personal data in the context of Early Access and Compassionate Access....more
European regulators unofficially announced the major theme of this new year, through the release of several decisions pertaining to cookies and other tracking technologies in the first 10 days of 2022. As the General Data...more
In this fourth alert in our series regarding the European Parliament’s formal endorsement of a new collective actions legislation titled the Directive of the European Parliament and of the Council on Representative Actions...more
Here are a few takeaways from what I said this week at the InfoGov World Expo virtual auditorium. •Is it still “early days for GDPR?” Not if you ask Germany, France’s Commission Nationale de l’Informatique et des Libertés...more
Amazon’s financial records have revealed that the Luxembourg data protection supervisory authority, the Commission Nationale pour la Protection des Données (“CNPD”), is fining the retailer’s European arm (Amazon Europe Core...more
The French data protection authority, La Commission nationale de l’informatique et des libertés ("CNIL"), one of Europe's ("EU") most active data protection regulators, has continued to focus on the lawfulness of the use of...more
On 19 May 2021, the European Data Protection Board (EDPB) held its plenary session with a busy agenda. The first outcomes of the plenary have now been published by the EDPB....more
Given the challenges of conducting clinical trials during the COVID-19 pandemic, many countries — including France — have allowed for some use of remote quality controls. In response to guidelines issued recently by European...more