Podcast - Regulating AI in Healthcare: The Road Ahead
No Password Required: Former Lead Attorney at U.S. Cyber Command, Cyber Law Strategist, and Appreciator of ‘Mad Men’ Hats
We get Privacy for work – Episode 6: The Potential Privacy Risks Inherent to Mergers and Acquisitions
Compliance Tip of the Day: Rethinking Corporate AI Governance Through Design Intelligence
FCPA Compliance Report: Ethical Challenges in AI, Data Protection, and Sports with Andre Paris
We get Privacy for work: The Privacy Pitfalls of a Remote Workforce
No Password Required: From AOL to Award-Winning Cuisine to High-Stakes Hacking
Everything Compliance: Episode 156, To Document or Not Edition
AI on the Job: How to Stay Ahead of Employment and Data Privacy Risks
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — Regulatory Oversight Podcast
Constangy Clips Ep. 10 - 3 Ways the GDPR Is Evolving with Today’s Tech Landscape
The Privacy Insider Podcast Episode 14: The Pig Around the Corner: Privacy and Trade with Constantine Karbaliotis of nNovation LLP
FCPA Compliance Report: AI, Data Compliance, and Ownership - A Conversation with Andrew Hopkins
A Less is More Strategy for Data Risk Mitigation
Weathering the 2025 Whirlwind: How to Keep Calm & Carry On
Approach to Responsible AI
Why Privacy Matters to Your Business and What's in Store for 2025
No Password Required Podcast: Senior Security Researcher at Nokia and Guardian of Secure AI Networks
Getting Bang for Your Buck: Spend Your 2025 Privacy Budget Wisely
Constangy Clips Ep. 7- 4 New Year’s Resolutions to Keep Your Cyber Data Safe and Secure in 2025
As we pass the mid-point of 2025, it’s a good time to review the important developments we have seen in the first 6 months of this year, particularly reforms to the UK’s data protection laws, the EU’s pathway to...more
France's Data Protection Authority (the “Commission Nationale de l'Informatique et des Libertés” or “CNIL”) has issued comprehensive recommendations intended to assist businesses that are develop artificial intelligence...more
On June 12 2025, the French supervisory authority (CNIL) requested public comments on the draft recommendations on the use of tracking pixels in emails (Draft Recommendations)....more
Key Points - - The French CNIL’s recent guidance regarding the application of legitimate interest as a legal basis in AI training is welcome, but several other AI regulatory issues remain unresolved. - Issues such as...more
On 12 June 2025, the French data protection authority (CNIL) launched a public consultation on a draft recommendation regarding the use of tracking pixels in emails. This recommendation roughly assimilates pixels and any...more
In response to a record year of personal data breaches in 2024, affecting millions of individuals, the French data protection authority (CNIL) has published a set of security directives for operators of large databases. While...more
On April 24 2025, the French supervisory authority (CNIL) issued a draft recommendation to address challenges in collecting user consent for cookies and trackers across multiple devices (the Draft Recommendation). The new...more
We are excited to welcome Mathilde Carle as a partner in Morgan Lewis’s Paris office and as a guest contributor to our Tech & Sourcing Spotlight series to discuss intellectual property (IP) protection and other related issues...more
Following a wave of “session replay” wiretapping lawsuits in the United States, France’s Commission Nationale de l’Informatique et des Libertés (CNIL) has launched a consultation on tools for recording and replaying browsing...more
The French Data Protection Authority launches a public consultation on location data of connected vehicles, until May 20, 2025. This work will shape future regulations regarding the use of location data and its impact on...more
In 2024, the CNIL stepped up its enforcement action, issuing 87 sanctions, 180 compliance orders and 64 reprimands. However, only 12 decisions were made public, thus complicating the exercise of making the regulator’s...more
While mobile apps have become one of the major means of access to digital services, their ubiquity is accompanied by significant risks to users' privacy, due to the massive amount of personal data they collect and process....more
On January 31, 2025, the French supervisory authority (CNIL) published the final version of its guide on transfer impact assessments (TIA). A TIA must be undertaken by organisations relying on one of the ‘appropriate...more
On 9 February 2025, prior to the commencement of the Artificial Intelligence (AI) Action Summit in Paris, President Emmanuel Macron in an interview on French national TV announced a substantial €109 billion investment in AI...more
The CNIL has published its strategic plan for the period of 2025-2028. This is typical of the CNIL, who regularly inform its stakeholders of its priorities....more
Recent decisions by the French data protection authority (CNIL) have highlighted the importance of GDPR compliance, particularly in the areas of data retention, consent for processing sensitive personal data, and marketing...more
As the Paris 2024 Summer Olympic and Paralympic Games (the “Games”) turn onto the final straight, the Games have yet again captured widespread global attention, on and off the track. With over 15.3 million visitors in Paris...more
On May 21, 2024, France adopted law No. 2024-449 to secure and regulate the digital space. This law grants new enforcement powers and authority to the French Data Protection Authority (CNIL), including to seize documents,...more
On April 8, 2024, the French Data Protection Authority (CNIL) published recommendations on the development phase of artificial intelligence (AI) systems1 (Recommendations). They are the first set of recommendations designed...more
The CNIL has launched an investigation into a significant data breach affecting over 33 million individuals in France, involving third-party payment operators Viamedis and Almerys. It is the biggest breach in France involving...more
On January 8, 2024, the CNIL launched a public consultation on a draft guide (Draft Guide) covering Transfer Impact Assessments (TIA). Under GDPR, as interpreted by the Court of Justice of the European Union (CJEU) and...more
The French Data Protection Authority (the "CNIL") has just published two new reference methodologies for research, studies, or evaluations necessitating access to the data in the French Healthcare database. These new...more
On October 12, 2023, the CNIL released its first guidance on how to comply with the General Data Protection Regulation (GDPR) when developing and using artificial intelligence (AI) using personal data or impacting...more
The French Data Protection Authority (CNIL) is still seeking input from Artificial Intelligence (AI) stakeholders on how to ensure that AI systems comply with data protection laws. Use of large amount of data and data...more