1. Formal notice issued by CNIL

The French data protection authority (CNIL) issued a Lire la suite

Consequences of Brexit on data protection

Regime of data transfers to the United Kingdom

As part of the Trade and Cooperation Agreement concluded on 24 December 2020, the United Kingdom and the European Union have agreed that the General Data Protection Regulation (GDPR) will continue to apply in the United Kingdom on a ...Lire la suite

‘Cookie walls’: The French administrative supreme court partly quashes the CNIL’s guidance

Following a claim brought by professional associations from the media, communications and digital marketing sectors, the Conseil d’Etat has Lire la suite

A record-€50 millions fine for GOOGLE by the CNIL – The French Privacy Protection Authority

On January 21st, the CNIL sanctioned Google with a €50 million fine pursuant to the GDPR for lack of transparency, ...Lire la suite

Transposition of the new GDPR provisions – Publication of Decree n° 2018-687

Following the adoption of GDPR, France started to transpose this new European regulatory framework regarding data protection within its legal system. ...Lire la suite

Sapin II law: What are the new obligations for companies?

The law n°2016-1691of 9 December 2016 targeting transparency, anti-bribery and the modernization of the economic life, known as "Loi Sapin II" imposes new ...Lire la suite

Connected vehicles and personal data

The development of connected vehicles has raised many concerns from drivers concerning the protection of their personnel data.

With regard to the risk of the violation of the regulation applicable to the personal data by these new technological tools (sensors, ...Lire la suite

ECHR sets out the circumstances under which employees messages can be monitored

In its decision dated 5 September 2017, the Grand Chamber of the European Court of Human Rights (ECHR) sets out the circumstances under which employers can monitor their employees’ personal electronic communications at their workplace. It also states under which circumstances employers can ...Lire la suite

In light of the Equifax and CareFirst data hacking...

In light of the Equifax and CareFirst data hacking cases in the United States, Anne-Solène Gay was interviewed by Le Figaro on the French legal framework regarding class actions concerning personal data.

Article in Le Figaro.fr tech & web ...Lire la suite

G29: new opinion on data processing at work

The Opinion n°2/2017 (WP 249) adopted by the G29 on 8 June 2017 aims at evaluating the risks resulting from the use of new technologies at work especially in terms of respect of employees’ privacy. ...Lire la suite

The European Commission has published its proposal to reform the e-privacy directive

The 10 January 2017, the European Commission announced its draft regulation on privacy aims to reforming the Lire la suite

Open data in the health domain

To improve research and innovation in the health domain, the law n°2016-41 dated 26 January 2016 for the modernization of our health system created the national health ...Lire la suite

Personal data: class actions are now possible

The law n°2016-1547 dated 18 November 2016 for the modernization of the justice of the XXIst century has extended the right to class action in many areas and notably regarding personal ...Lire la suite

The French Supreme Court dispels any doubt: an IP address is personal data

In its decision dated 3 November 2016, the French Supreme court brings to an end many years of uncertainty by explicitly ...Lire la suite

Privacy Shield: a threatened future

On July 12th 2016, the European Commission issued an adequacy decision according to which it recognizes that the Privacy Shield provides a level of protection ...Lire la suite

Brexit: possible consequences on data protection

On June 24th 2016, the United Kingdom voted its withdrawal from the European Union (EU).

Under article 50 of the Lisbon Treaty, the United Kingdom (UK) will have to serve notice of intention to exit the EU to the European Commission. The UK will then have a two year period to negotiate ...Lire la suite

The new Regulation on the protection of data privacy will enter into force on May 25th, 2018

The Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data which was adopted by the European Parliament on ...Lire la suite

Privacy Shield: promises of a better protection of personal data

Since the Court of Justice of the European Union declared on October 6, 2015 that the "Safe Harbor" was invalid, a new framework for transatlantic data flows has been expected in ...Lire la suite

The Constitutional Council approves the core of the Intelligence Act

Referred to the Constitutional Council by the President of the Republic, the President of the Senate and more than 60 deputies, the Intelligence Act has now completed the legislative process. The Constitutional Council has approved the major part pf the law by its Lire la suite

New CNIL “Data protection governance” Label

By deliberation n°2014-500 dated December 11th 2014 on the adoption of a frame of reference regarding the grant of a label regarding procedures of data ...Lire la suite