On February 13, 2024, the European Data Protection Board (“EDPB”) adopted Opinion 04/2024 on the notion of the main establishment of a controller in the Union under Article 4(16)(a) of the EU General Data Protection Regulation (“GDPR”) (the “Opinion”).Continue Reading EDPB Adopts Opinion on the Notion of Main Establishment
CNIL
CNIL Publishes 2024 Investigation Focus Plan
On February 8, 2024, the French Data Protection Authority announced the priority topics for its inspections in 2024. This blog entry provides a summary of the key topics.
Continue Reading CNIL Publishes 2024 Investigation Focus Plan
CNIL Opens Consultation on Transfer Impact Assessment Guide
On January 8, 2024, the French Data Protection Authority opened a consultation on its draft guidance for the use of transfer impact assessments. …
Continue Reading CNIL Opens Consultation on Transfer Impact Assessment Guide
CNIL Fines Groupe Canal+ 600,000 Euros For Direct Marketing and GDPR Infringements
On October 12, 2023, the French Data Protection Authority announced a €600,000 fine for mass media company Groupe Canal+ for failing to comply with its commercial prospecting obligations applicable under the French Post and Electronic Communications Code and several obligations of the EU General Data Protection Regulation.
Continue Reading CNIL Fines Groupe Canal+ 600,000 Euros For Direct Marketing and GDPR Infringements
French DPA Issues Guidelines on Data Protection and AI
On October 11, 2023, the French Data Protection Authority (the “CNIL”) published a new set of guidelines addressing the research and development of AI systems from a data protection perspective. …
Continue Reading French DPA Issues Guidelines on Data Protection and AI
CNIL Publishes Action Plan on AI
On May 16, 2023, the French Data Protection Authority announced its action plan on artificial intelligence. …
Continue Reading CNIL Publishes Action Plan on AI
CNIL issues €125,000 Fine Against E-Scooter Rental Company
On March 28, 2023, the French Data Protection Authority announced a €125,000 fine on the e-scooter rental company Cityscoot for breaching EU and French data protection rules, in particular in the context of geolocation and use of Google reCAPTCHA. …
Continue Reading CNIL issues €125,000 Fine Against E-Scooter Rental Company
CNIL Fines TikTok 5 Million Euros Over Cookie Infringements
On January 12, 2023, the French Data Protection Authority announced that it imposed a €5,000,000 fine on social network TikTok at the end of 2022 for violations of applicable cookies rules.
Continue Reading CNIL Fines TikTok 5 Million Euros Over Cookie Infringements
CNIL Fines Apple 8 Million Euros Over Personalized Ads
On December 29, 2022, the French Data Protection Authority announced that it imposed an €8,000,000 fine on Apple for violations of the French rules on targeted advertising and the use of cookies and similar tracking technologies.
Continue Reading CNIL Fines Apple 8 Million Euros Over Personalized Ads
Italian Supreme Court Grants Global Delisting Order Under National Law
On November 15, 2022, the Italian Supreme Court held that an Italian court or competent data protection authority has jurisdiction to issue a global delisting order. …
Continue Reading Italian Supreme Court Grants Global Delisting Order Under National Law