On February 10, 2021, representatives of the EU Member States reached an agreement on the Council of the European Union’s negotiating mandate for the draft ePrivacy Regulation, which will replace the current ePrivacy Directive. The text approved by the EU Member States was prepared under Portugal’s Presidency and will form the basis of the Council’s negotiations with the European Parliament on the final terms of the ePrivacy Regulation.
Continue Reading EU Member States Agree on Council’s Text for the ePrivacy Regulation

On February 4, 2021, the French Data Protection Authority announced that it sent letters and emails to approximately 300 organizations, both private and public, to remind them of the new cookie law rules and the need to audit their sites and apps to comply with those rules by March 31, 2021.
Continue Reading CNIL Calls Organizations to Audit their Sites and Apps for Cookie Compliance

The recent UK case of Soriano v Forensic News and Others tested the territorial reach of the General Data Protection Regulation and represents the first UK judgment dealing with the territorial scope of the GDPR. This was a “service out” case, where the claimant, Walter T. Soriano, sought the Court’s permission under the UK Civil Procedure Rules to serve proceedings on the defendants, who were all domiciled in the U.S.
Continue Reading UK Case Tests the Territorial Application of the GDPR to U.S. Run Website

On December 10, 2020, the French Data Protection Authority announced that it has levied fines on Google LLC, Google Ireland Limited and Amazon Europe Core for alleged violations of the French cookie rules. This post examines the French cookie rules, CNIL’s territorial jurisdiction, the investigations and the sanctions levied against each company.
Continue Reading CNIL Fines Google and Amazon 135 Million Euros for Alleged Cookie Violations

On November 26, 2020, the Conference of the German Data Protection Authorities issued a press release with conclusions from their 100th anniversary meeting. The key issues discussed were the implications of Schrems II on German privacy and cybersecurity.
Continue Reading Takeaways from 100th Anniversary Meeting of German Data Protection Authorities

On November 26, 2020, the French Data Protection Authority announced that it imposed a fine of €2.25 million on Carrefour France and a fine of €800,000 on Carrefour Banque for various violations of the EU General Data Protection Regulation and Article 82 of the French Data Protection Act governing the use of cookies.
Continue Reading CNIL Fines Two Companies of the Carrefour Group 3.05 Million Euros for GDPR and Cookie Violations

On November 5, 2020, Hunton Andrews Kurth will host a panel discussion with representatives from the UK Information Commissioner’s Office (“ICO”) and the French Data Protection Authority (“CNIL”) to explore the latest developments on cookie guidance and compare their respective approaches. In our webinar titled “From a Regulator’s Perspective: Latest Developments on Cookie Guidance from the ICO and CNIL,” our speakers will discuss practical cookie law issues, including:
Continue Reading Webinar on the Latest Developments on Cookie Guidance Featuring the UK ICO and CNIL

On October 1, 2020, the French Data Protection Authority published a revised version of its guidelines on cookies and similar technologies, its final recommendations on the practical modalities for obtaining users’ consent to store or read non-essential cookies and similar technologies on their devices and a set of questions and answers on the Recommendations.
Continue Reading CNIL Publishes Updated Cookie Guidelines and Final Version of Recommendations on How to Get Users’ Consent