The Commission Nationale de l’Informatique et des Libertés (CNIL) is an independent French administrative regulatory body whose mission is to ensure that the collection, storage, and use of personal data comply with data...more
The CNIL has launched an investigation into a significant data breach affecting over 33 million individuals in France, involving third-party payment operators Viamedis and Almerys. It is the biggest breach in France involving...more
From 24 April, 2023, victims of cyber-attacks (as defined by the Criminal Code in italic text below) will have 72 hours to file a complaint with “competent authorities” if they want to obtain reimbursement under their...more
Google Analytics remains a hot topic for businesses and apparently also for data protection authorities (DPAs). With the advent of these new decisions and the new CNIL guidance, businesses have an even harder time justifying...more
The French Data Protection Authority (CNIL) has released a Q&A providing its position, possible alternative solutions as well as guidance on using a compliant audience measurement solution. It follows a set of formal notices...more
In this fourth alert in our series regarding the European Parliament’s formal endorsement of a new collective actions legislation titled the Directive of the European Parliament and of the Council on Representative Actions...more
Amazon’s financial records have revealed that the Luxembourg data protection supervisory authority, the Commission Nationale pour la Protection des Données (“CNPD”), is fining the retailer’s European arm (Amazon Europe Core...more
This quarterly update highlights some of the international data protection issues that have caught our attention, and the attention of our clients, in the past three months....more
United States - Regulatory—Policy, Best Practices, and Standard - NIST Unveils Draft Guidance to Protect Critical Infrastructure - On October 22, 2020, the National Institute of Standards and Technology ("NIST")...more
On October 14, 2020, the French Administrative Supreme Court (Conseil d’Etat) published its decision in a lawsuit requesting that the French health data platform (Health Data Hub) be suspended for breach of the GDPR in light...more
On January 21, 2019, the CNIL (the French data protection authority) issued a fine of €50 million to Google under the General Data Protection Regulation (the “GDPR”) for its failure to (1) provide notice in an easily...more
The Paris office of Hogan Lovells is pleased to provide this English language edition of our monthly e - newsletter, which offers a legal and regulatory update covering France and Europe for April 2018. ...more
Florida Introduces BIPA Legislation - A Florida state senator has introduced an identical version of the Illinois Biometric Information Privacy Act (BIPA)....more
On Jan. 21, 2019, the French Data Protection Authority (CNIL) levied a 50 million euros sanction against Google LLC for violating the EU General Data Protection Regulation2 (GDPR) in the context of the first enforcement...more
On January 21, 2019, the French data protection supervisory authority (“CNIL”) fined Google €50 million (approximately $57 million) for violating the European General Data Protection Regulation (“GDPR”). ...more
As predicted, the start of 2019 provided scant respite from the frenetic pace of privacy and cybersecurity developments during 2018. This past month alone, in a blizzard of activity, regulators amended regulations and...more
• Non-profit organizations are testing companies’ GDPR compliance through targeted requests for information and other means and are filing complaints against allegedly non-compliant companies. • Main areas for non-profit...more
On January 21, 2019, the French Data Protection Authority, the Commission Nationale de L’Informatique et de Libertés (“CNIL”) announced a sanction of 50 million euros against Google. ...more
Last month, the French data protection authority (the CNIL) issued initial guidance addressing issues that applications utilizing blockchain technology should consider in order to comply with the European General Data...more
The French Data Protection Authority (the CNIL) published its assessment of the first four months of GDPR and several guidelines, including one on how to make a GDPR compliant blockchain. ...more
In this month's edition of our Privacy & Cybersecurity Update, we examine Brazil's new data protection regulation, the French data protection authority's warning to two companies of potential GDPR violations and the U.S....more
On July 2, 2018, the French Data Protection Authority (“Commission Nationale de l’Informatique et des Libertés” or “CNIL”) published its yearly thematic guidance for the priority axes of its control activities, notably...more
In August 2017, the Supreme Court of India passed a judgment in the case of Justice K S Puttuswamy vs Union of India (Supreme Court of India, WRIT PETITION (CIVIL) NO 494 OF 2012), in which fundamental rights, as provided in...more
New York Attorney General Announces Record Number of Data Breach Notices in 2016 - On March 21, 2017, the New York Attorney General's Office announced that it received 1,300 reported data breaches in 2016—a 60 percent...more
On October 3, 2016, during a conference organized by the French Comity of Car Manufacturers (“CCFA”) during the Paris Motor Show, Mrs. Sophie Nerbonne, the Compliance Director of the French Data Protection Authority...more