On December 28, 2018, the French Data Protection Authority (the “CNIL”) published guidance regarding the conditions to be met by organizations in order to lawfully share personal data with business partners or other third parties, such as data brokers. The guidance focused, in particular, on such a scenario in the context of the EU General Data Protection Regulation (“GDPR”). The CNIL guidance sets forth the 5 following conditions:
Continue Reading

On October 17, 2018, the French data protection authority published a press release, detailing the rules applicable to devices that collect personal data from users’ mobile phones (media access control address) for the purposes of measuring the advertising audience and traffic in shopping malls and other public areas.
Continue Reading

Recent judicial interpretations of the Illinois Biometric Information Privacy Act, 740 ILCS 14, present potential litigation risks for retailers who employ biometric-capture technology, such as facial recognition, retina scan or fingerprint software. In a recent client alert, we discuss biometric privacy laws and recent case studies.
Continue Reading