News & Analysis as of

General Data Protection Regulation (GDPR) CNIL European Union

Follow this channel for updates and analysis on all aspects of the European Union's General Data Protection Regulation, a reform of EU's data protection rules that impacts... more +
Follow this channel for updates and analysis on all aspects of the European Union's General Data Protection Regulation, a reform of EU's data protection rules that impacts individuals throughout the Union and all businesses operating therein. less -
Goodwin

France and the new EU regulation on political advertising: the CNIL updates its doctrine ahead of the 2025 implementation

Goodwin on

Online political advertising has become central to modern electoral campaigns. However, the growing lack of transparency, particularly regarding funding, targeting, and data processing practices, raises serious concerns about...more

Skadden, Arps, Slate, Meagher & Flom LLP

CNIL Clarifies GDPR Basis for AI Training – But It’s Just One Part of the Compliance Picture

Skadden, Arps, Slate, Meagher & Flom LLP on

Key Points - - The French CNIL’s recent guidance regarding the application of legitimate interest as a legal basis in AI training is welcome, but several other AI regulatory issues remain unresolved. - Issues such as...more

Hogan Lovells

New CNIL’s guidelines on AI models: a practical approach amidst EU’s regulatory tangles

Hogan Lovells on

Finding a European consensus around the regulation of artificial intelligence (AI) does not start with the adoption of laws. It results from their common interpretation and articulation within a broader digital regulatory...more

A&O Shearman

CNIL publishes Data Transfer Impact Assessment guide

A&O Shearman on

On January 31, 2025, the French supervisory authority (CNIL) published the final version of its guide on transfer impact assessments (TIA). A TIA must be undertaken by organisations relying on one of the ‘appropriate...more

BCLP

CNIL Strategic Plan 2025

BCLP on

The CNIL has published its strategic plan for the period of 2025-2028. This is typical of the CNIL, who regularly inform its stakeholders of its priorities....more

Fox Rothschild LLP

Do App Permissions Satisfy Requirements for Valid Consent for the Purpose of GDPR?

Fox Rothschild LLP on

App permissions do not satisfy the requirements for valid consent for the purpose of GDPR because they lack sufficient detail and granularity, according to the Commission Nationale de l’Informatique et des Libertés (CNIL)....more

Pillsbury - Consumer Protection Dispatch

GDPR Enforcement: Lessons from Recent Data Privacy Penalties

Pillsbury - Consumer Protection Dispatch on

Recent decisions by the French data protection authority (CNIL) have highlighted the importance of GDPR compliance, particularly in the areas of data retention, consent for processing sensitive personal data, and marketing...more

BCLP

AI Developers - Make Sure You Are Compliant With the GDPR!

BCLP on

The CNIL’s newly released recommendations for AI system developers set out the regulator’s expectations for the entire development process of an AI system, from design to database creation and integration, ensuring...more

Barnea Jaffa Lande & Co.

GDPR – Company Fined for Improper Data Collection

Barnea Jaffa Lande & Co. on

The French Data Protection Authority (CNIL) recently imposed a EUR 310,000 fine, representing 1% of its turnover, on FORIOU, a telemarketing company promoting loyalty programs. The fine stemmed from FORIOU’s use of...more

Sheppard Mullin Richter & Hampton LLP

CNIL Fines Canal+ Over Marketing and Data Security Concerns

Sheppard Mullin Richter & Hampton LLP on

The French Data Protection Authority announced a €600,000 fine against Groupe Canal+ over concerns with the media company’s direct marketing activities. According to the CNIL, the company sent users email marketing without...more

Skadden, Arps, Slate, Meagher & Flom LLP

AI Insights: Public Consultation Period Closes for French CNIL Guidance on GDPR-Compliant Development of AI Systems

Skadden, Arps, Slate, Meagher & Flom LLP on

On 16 October 2023, France’s Data Protection Authority, the National Commission on Informatics and Liberty (CNIL), issued a set of guidelines for complying with the EU General Data Protection Regulation (GDPR) when...more

BCLP

Paris Litigation Gazette - Issue 4 - October 2023

BCLP on

In an important judgment handed down on 29 June 2023 (Case C-211/22), the Court of Justice of the European Union (the "CJEU") ruled that a vertical agreement to fix minimum prices does not necessarily constitute a restriction...more

BakerHostetler

DSIR Deeper Dive: How International and Domestic Regulatory Enforcement Spotlights the Information Governance Tensions Between...

BakerHostetler on

As we noted in our 2023 DSIR, there has been a flurry of activity within the information governance space, at home and abroad. This activity deserves further analysis, because while it seems from a distance that there are...more

Latham & Watkins LLP

CNIL Fines Health Website for Unlawful Data Processing

Latham & Watkins LLP on

The French Data Protection Authority imposed a €280,000 fine for GDPR infringements and a €100,000 fine for violation of French cookie rules. On 11 May 2023 the French Data Protection Authority (the CNIL) handed down its...more

Rothwell, Figg, Ernst & Manbeck, P.C.

What is “Data Minimization”? Could This Be a Future Hot Issue for U.S. Privacy Litigation?

Rothwell, Figg, Ernst & Manbeck, P.C. on

On March 16, 2023, the French Data Protection Agency (the “CNIL”) imposed a fine of € 25,000 on the company CITYSCOOT in connection with a finding that CITYSCOOT failed to comply with the obligation to ensure data...more

Sheppard Mullin Richter & Hampton LLP

CNIL Weighs in On GDPR Applicability to US Company

Sheppard Mullin Richter & Hampton LLP on

The French Data Protection Authority capped off 2022 by terminating an investigation into Lusha Systems, Inc.’s compliance with GDPR. CNIL concluded that the law did not apply to the US company’s activities...more

McDermott Will & Emery

European Regulators Provide Some Key Clarifications on Cookie Banners

McDermott Will & Emery on

The European Data Protection Board (EDPB) adopted a draft report of the work undertaken by the Cookie Banner Taskforce (the Report). The Report describes how regulators apply cookie legislation in handling certain types of...more

BCLP

Paris Litigation Gazette - Issue 1

BCLP on

Welcome to the first edition of the Litigation Gazette. Each quarter, BCLP's Paris team keep you informed of the main litigation news in competition law, commercial litigation, labor law, IP/IT/Data and compliance. In this...more

Fox Rothschild LLP

Make Sure You Have a Good Data Retention Plan. You Need It.

Fox Rothschild LLP on

You need a data retention plan. No really. And not just in the European Union. In California too. Commission Nationale de l’Informatique et des Libertés (CNIL) has fined messaging platform Discord 800,000 EUR for (non...more

Cooley LLP

Breach of Patients’ Data Leads to Heavy Sanctions in France

Cooley LLP on

At the end of February 2021, the French Data Protection Authority (CNIL) found out via the media about a massive personal data breach involving health-related data of about 500,000 French patients. After more than a year of...more

Fox Rothschild LLP

What Can the California Privacy Protection Agency Learn From Europe?

Fox Rothschild LLP on

What can the California Privacy Protection Agency learn from the EU experience as it gets ready to draft regulations regarding DPIAs? Here is a recap of my remarks from the CPRA Regulations Stakeholder Session:...more

ArentFox Schiff

Colorado Attorney General Seeks Rulemaking Comments for the Colorado Privacy Act

ArentFox Schiff on

Colorado Attorney General Seeks Rulemaking Comments for the Colorado Privacy Act - With the Notice of Proposed Rulemaking set for fall 2022, Colorado’s Attorney General office is currently inviting preliminary comments for...more

Stikeman Elliott LLP

Transferring Data from the EU: What to Take Away from the Recent Google Analytics GDPR Rulings

Stikeman Elliott LLP on

Companies using Google Analytics (“Analytics”) or similar platforms may be interested in recent rulings of several European data protection authorities that found Analytics data transfers to the U.S. to be non-compliant with...more

Hogan Lovells

French DPA opened public consultation on standards for Early Access and Compassionate Access

Hogan Lovells on

The healthcare sector is a current focus of the French data protection authority (CNIL) which just published two draft standards regarding processing of personal data in the context of Early Access and Compassionate Access....more

Sheppard Mullin Richter & Hampton LLP

CNIL Recommends Using US Analytics Tools Only for Anonymous Statistical Data

Sheppard Mullin Richter & Hampton LLP on

Following a similar case from Austria, the French data protection authority recently concluded that certain use of cookies placed by US data analytics tools violated GDPR. The case came before the CNIL as the result of a...more

95 Results
 / 
View per page
Page: of 4
Next »

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide