News & Analysis as of

General Data Protection Regulation (GDPR) CNIL

Follow this channel for updates and analysis on all aspects of the European Union's General Data Protection Regulation, a reform of EU's data protection rules that impacts... more +
Follow this channel for updates and analysis on all aspects of the European Union's General Data Protection Regulation, a reform of EU's data protection rules that impacts individuals throughout the Union and all businesses operating therein. less -
Goodwin

France and the new EU regulation on political advertising: the CNIL updates its doctrine ahead of the 2025 implementation

Goodwin on

Online political advertising has become central to modern electoral campaigns. However, the growing lack of transparency, particularly regarding funding, targeting, and data processing practices, raises serious concerns about...more

Hogan Lovells

Development of an AI system: CNIL issues guidelines regarding collection of data via web scraping

Hogan Lovells on

On 19 June 2025, CNIL published two additional “how-to-sheets” on artificial intelligence, one on the legitimate interest and the other on the collection of data via web scraping. These documents aim to clarify the rules...more

Skadden, Arps, Slate, Meagher & Flom LLP

CNIL Clarifies GDPR Basis for AI Training – But It’s Just One Part of the Compliance Picture

Skadden, Arps, Slate, Meagher & Flom LLP on

Key Points - - The French CNIL’s recent guidance regarding the application of legitimate interest as a legal basis in AI training is welcome, but several other AI regulatory issues remain unresolved. - Issues such as...more

King & Spalding

New Security Measures for Large Databases: When a DPA’s Directives Set Standards

King & Spalding on

In response to a record year of personal data breaches in 2024, affecting millions of individuals, the French data protection authority (CNIL) has published a set of security directives for operators of large databases. While...more

Hogan Lovells

Connected vehicles: CNIL’s consultation promotes driver’s consent over fraud and car theft

Hogan Lovells on

The French Data Protection Authority launches a public consultation on location data of connected vehicles, until May 20, 2025. This work will shape future regulations regarding the use of location data and its impact on...more

Hogan Lovells

Overview of the CNIL’s enforcement actions in 2024: the simplified procedure generates an increase in sanctions

Hogan Lovells on

In 2024, the CNIL stepped up its enforcement action, issuing 87 sanctions, 180 compliance orders and 64 reprimands. However, only 12 decisions were made public, thus complicating the exercise of making the regulator’s...more

Hogan Lovells

New CNIL’s guidelines on AI models: a practical approach amidst EU’s regulatory tangles

Hogan Lovells on

Finding a European consensus around the regulation of artificial intelligence (AI) does not start with the adoption of laws. It results from their common interpretation and articulation within a broader digital regulatory...more

BCLP

Mobile Apps: What Does the CNIL Recommend From a Privacy Perspective?

BCLP on

While mobile apps have become one of the major means of access to digital services, their ubiquity is accompanied by significant risks to users' privacy, due to the massive amount of personal data they collect and process....more

A&O Shearman

CNIL publishes Data Transfer Impact Assessment guide

A&O Shearman on

On January 31, 2025, the French supervisory authority (CNIL) published the final version of its guide on transfer impact assessments (TIA). A TIA must be undertaken by organisations relying on one of the ‘appropriate...more

BCLP

CNIL Strategic Plan 2025

BCLP on

The CNIL has published its strategic plan for the period of 2025-2028. This is typical of the CNIL, who regularly inform its stakeholders of its priorities....more

Fox Rothschild LLP

Do App Permissions Satisfy Requirements for Valid Consent for the Purpose of GDPR?

Fox Rothschild LLP on

App permissions do not satisfy the requirements for valid consent for the purpose of GDPR because they lack sufficient detail and granularity, according to the Commission Nationale de l’Informatique et des Libertés (CNIL)....more

Hogan Lovells

CNIL 2025-2028 strategic plan: AI, Minors, Mobile Apps & Cybersecurity

Hogan Lovells on

Anticipating enforcement priorities of regulators may partly rely on their long-term trajectory and domestic dynamics, which differ from a country to another. This action plan reflects CNIL’s ambition (i) to be appointed by...more

Pillsbury - Consumer Protection Dispatch

GDPR Enforcement: Lessons from Recent Data Privacy Penalties

Pillsbury - Consumer Protection Dispatch on

Recent decisions by the French data protection authority (CNIL) have highlighted the importance of GDPR compliance, particularly in the areas of data retention, consent for processing sensitive personal data, and marketing...more

Goodwin

Navigating New CNIL Sanctions: What You Need to Know

Goodwin on

The Commission Nationale de l’Informatique et des Libertés (CNIL) is an independent French administrative regulatory body whose mission is to ensure that the collection, storage, and use of personal data comply with data...more

BCLP

AI Surveillance and Data Privacy at the Games

BCLP on

As the Paris 2024 Summer Olympic and Paralympic Games (the “Games”) turn onto the final straight, the Games have yet again captured widespread global attention, on and off the track. With over 15.3 million visitors in Paris...more

BCLP

Analysing the CNIL’s Latest Recommendations for AI Systems

BCLP on

Following the very recent adoption of the EU Regulation on AI (the AI Regulation) the CNIL (the French data regulator) has issued the second in its series of recommendations for the development of privacy-friendly AI models....more

Fox Rothschild LLP

California’s CPPA Partners with France’s CNIL to Safeguard Personal Information

Fox Rothschild LLP on

Is California going to start policing CCPA violations like the French police GDPR violations? The California Privacy Protection Agency (CPPA) and France’s Commission Nationale de l’Informatique et des Libertés (CNIL)...more

Hogan Lovells

Bilan de l’activité contentieuse de la CNIL en 2023 : un rétroviseur pour lire l’avenir

Hogan Lovells on

Il n’y a pas de question plus difficile en matière contentieuse que celle de l’anticipation des risques de faire l’objet d’un contrôle ou d’une sanction. C’est la raison pour laquelle il est utile de se nourrir des évolutions...more

BCLP

AI Developers - Make Sure You Are Compliant With the GDPR!

BCLP on

The CNIL’s newly released recommendations for AI system developers set out the regulator’s expectations for the entire development process of an AI system, from design to database creation and integration, ensuring...more

Barnea Jaffa Lande & Co.

GDPR – Company Fined for Improper Data Collection

Barnea Jaffa Lande & Co. on

The French Data Protection Authority (CNIL) recently imposed a EUR 310,000 fine, representing 1% of its turnover, on FORIOU, a telemarketing company promoting loyalty programs. The fine stemmed from FORIOU’s use of...more

BCLP

CNIL's Strategic Focus Areas for Data Protection in 2024 The Summer Olympics and Beyond

BCLP on

Each year, the CNIL selects key areas of high interest to concentrate its investigations and assess the compliance of select commercial sectors. On February 8, The CNIL announced its four main areas of focus for...more

BCLP

Employee Monitoring: Lessons from CNIL’s EUR 32M Fine Against Amazon France Logistique

BCLP on

Following the publication of several press articles and employee complaints, the French data protection regulator (“CNIL”) carried out an investigation at the Amazon France Logistique’s (“Amazon”) warehouses. The CNIL's...more

Hogan Lovells

Transfer Impact Assessments: the CNIL is seeking public input on TIA guide

Hogan Lovells on

On January 8, 2024, the CNIL launched a public consultation on a draft guide (Draft Guide) covering Transfer Impact Assessments (TIA). Under GDPR, as interpreted by the Court of Justice of the European Union (CJEU) and...more

Sheppard Mullin Richter & Hampton LLP

CNIL Fines Canal+ Over Marketing and Data Security Concerns

Sheppard Mullin Richter & Hampton LLP on

The French Data Protection Authority announced a €600,000 fine against Groupe Canal+ over concerns with the media company’s direct marketing activities. According to the CNIL, the company sent users email marketing without...more

Skadden, Arps, Slate, Meagher & Flom LLP

AI Insights: Public Consultation Period Closes for French CNIL Guidance on GDPR-Compliant Development of AI Systems

Skadden, Arps, Slate, Meagher & Flom LLP on

On 16 October 2023, France’s Data Protection Authority, the National Commission on Informatics and Liberty (CNIL), issued a set of guidelines for complying with the EU General Data Protection Regulation (GDPR) when...more

197 Results
 / 
View per page
Page: of 8
Next »

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide