Following a wave of “session replay” wiretapping lawsuits in the United States, France’s Commission Nationale de l’Informatique et des Libertés (CNIL) has launched a consultation on tools for recording and replaying browsing...more
In 2024, the CNIL stepped up its enforcement action, issuing 87 sanctions, 180 compliance orders and 64 reprimands. However, only 12 decisions were made public, thus complicating the exercise of making the regulator’s...more
Recent decisions by the French data protection authority (CNIL) have highlighted the importance of GDPR compliance, particularly in the areas of data retention, consent for processing sensitive personal data, and marketing...more
The Commission Nationale de l’Informatique et des Libertés (CNIL) is an independent French administrative regulatory body whose mission is to ensure that the collection, storage, and use of personal data comply with data...more
The French Data Protection Authority (CNIL) recently imposed a EUR 310,000 fine, representing 1% of its turnover, on FORIOU, a telemarketing company promoting loyalty programs. The fine stemmed from FORIOU’s use of...more
On 18 October 2023, the Commercial Division of the French Supreme Court (Court of Cassation) issued a noteworthy ruling, in which it judged its own case law on restrictive competition practices to be "complex", a source of...more
Following the publication of several press articles and employee complaints, the French data protection regulator (“CNIL”) carried out an investigation at the Amazon France Logistique’s (“Amazon”) warehouses. The CNIL's...more
The French Data Protection Authority imposed a €280,000 fine for GDPR infringements and a €100,000 fine for violation of French cookie rules. On 11 May 2023 the French Data Protection Authority (the CNIL) handed down its...more
The European Data Protection Board (EDPB) adopted a draft report of the work undertaken by the Cookie Banner Taskforce (the Report). The Report describes how regulators apply cookie legislation in handling certain types of...more
In December, the French data protection agency, Commission Nationale de l’Informatique et des Libertés (CNIL), imposed a €60 million penalty against a global software development company accused of making it harder for users...more
France’s data protection authority, the Commission Nationale de Informatique et des Libertés (“CNIL”), has issued one of its highest General Data Protection Regulation (“GDPR”) sanctions to-date against Dedalus Biologie SAS...more
Best Practices for the Virginia Consumer Data Protection Act - The Virginia Consumer Data Protection Act (VCDA) Working Group of the Joint Commission on Technology and Science released its final report on best practices...more
The French data protection authority, La Commission nationale de l’informatique et des libertés ("CNIL"), one of Europe's ("EU") most active data protection regulators, has continued to focus on the lawfulness of the use of...more
This quarterly update highlights some of the international data protection issues that have caught our attention, and the attention of our clients, in the past three months....more
The European Union’s (EU) General Data Protection Regulation (GDPR) has been in effect since May 2018. The law’s goal of protecting EU citizens’ personal information and privacy seems to be coming into fruition. In the past,...more
On Oct. 30, 2020, the United Kingdom’s data protection authority, the Information Commissioner’s Office (ICO), in connection with France’s Commission nationale de l’informatique et des libertés (CNIL), announced the largest...more
On October 14, 2020, the French Administrative Supreme Court (Conseil d’Etat) published its decision in a lawsuit requesting that the French health data platform (Health Data Hub) be suspended for breach of the GDPR in light...more
The French Data Protection Authority, CNIL, has levied its first fine for enforcement of the General Data Protection Regulation (GDPR). The enforcement target, Spartoo, is a French online shoe retailer that makes its website...more
The CNIL has imposed a €250,000 fine on an online retailer for GDPR infringements in cooperation with other EU supervisory authorities. Founded in 2006 and headquartered in France, Spartoo SAS (Spartoo) is one of the...more
The Council decision contains useful considerations and clarifications on the “one-stop shop” mechanism, transparency obligations, and consent for targeted advertising. On 19 June 2020, France’s Highest Administrative...more
On January 21, 2019, the CNIL (the French data protection authority) issued a fine of €50 million to Google under the General Data Protection Regulation (the “GDPR”) for its failure to (1) provide notice in an easily...more
Recent action by the Hamburg authority may present implications for companies regulated by a lead data protection supervisory authority in Europe. A German supervisory authority has initiated an investigation into Google’s...more
Following in the footsteps of the CNIL and the ICO, the Berlin DPA will impose a multimillion-euro fine for breach of the GDPR. The Berlin Data Protection Authority (Berlin DPA) recently announced that it will issue a...more
The French CNIL imposed a new sanction of €180,000 last July 18th, 2019 to a French insurance company that provides car insurance to individuals (Active Assurances) which failed to adequately protect the personal data of...more
Le 28 mai 2019, la Commission nationale de l'informatique et des libertés (« CNIL ») a prononcé une amende de 400.000 euros à l’encontre de la société Sergic, une société de gestion immobilière, pour manquement à l’obligation...more