On October 12, 2023, the French Data Protection Authority announced a €600,000 fine for mass media company Groupe Canal+ for failing to comply with its commercial prospecting obligations applicable under the French Post and Electronic Communications Code and several obligations of the EU General Data Protection Regulation.
Continue Reading CNIL Fines Groupe Canal+ 600,000 Euros For Direct Marketing and GDPR Infringements
Data Processor
French DPA Issues Guidelines on Data Protection and AI
On October 11, 2023, the French Data Protection Authority (the “CNIL”) published a new set of guidelines addressing the research and development of AI systems from a data protection perspective. …
Continue Reading French DPA Issues Guidelines on Data Protection and AI
Delaware Could Become the 13th State to Enact a Comprehensive State Privacy Law
On June 30, 2023, the Delaware House of Representatives passed the Delaware Personal Data Privacy Act (H.B. 154), a day after the Delaware Senate passed the legislation. The DPDPA heads to Governor John Carney for a final signature. …
Continue Reading Delaware Could Become the 13th State to Enact a Comprehensive State Privacy Law
Oregon Consumer Privacy Act
On June 22, 2023, the Oregon House of Representatives passed the Oregon Consumer Privacy Act (S.B. 619), which was previously passed by the Oregon Senate on June 20, 2023. The OCPA has been sent to the Oregon governor’s desk for signature. If signed, the OCPA would make Oregon the 12th state to have enacted comprehensive privacy legislation.
Continue Reading Oregon Consumer Privacy Act
Google Updates Privacy Terms to Shift Away From Offering Some Services as a “Service Provider” Under the CCPA
On May 24, 2023 Google LLC announced its recently updated privacy terms providing that, for many of Google’s advertising services, it will no longer act as a service provider for the purposes of the California Privacy Rights Act of 2020. …
Continue Reading Google Updates Privacy Terms to Shift Away From Offering Some Services as a “Service Provider” Under the CCPA
Texas Senate Passes Texas Data Privacy and Security Act
On May 10, 2023, the Texas Senate passed H.B. 4, also known as the Texas Data Privacy and Security Act. …
Continue Reading Texas Senate Passes Texas Data Privacy and Security Act
Montana and Tennessee Could Become Eighth and Ninth States to Enact Comprehensive Consumer Privacy Bills
On April 21, 2023, the Montana and Tennessee legislatures voted to enact comprehensive consumer privacy bills in their respective states. If signed by their governors, Montana’s Consumer Data Privacy Act (S.B. 384) and Tennessee’s Information Protection Act (H.B. 1181) could make these states the eighth and ninth U.S. states to enact comprehensive privacy legislation. …
Continue Reading Montana and Tennessee Could Become Eighth and Ninth States to Enact Comprehensive Consumer Privacy Bills
CNIL issues €125,000 Fine Against E-Scooter Rental Company
On March 28, 2023, the French Data Protection Authority announced a €125,000 fine on the e-scooter rental company Cityscoot for breaching EU and French data protection rules, in particular in the context of geolocation and use of Google reCAPTCHA. …
Continue Reading CNIL issues €125,000 Fine Against E-Scooter Rental Company
CJEU Clarifies Rules on Conflict of Interest in Relation to DPO Role
On February 9, 2023, the Court of Justice of the European Union issued a judgment in the X-FAB Dresden case. …
Continue Reading CJEU Clarifies Rules on Conflict of Interest in Relation to DPO Role
CIPL Responds to EDPB’s Calls for Public Comments on Recommendations for Controller Binding Corporate Rules
On January 10, 2023, the Centre for Information Policy Leadership at Hunton Andrews Kurth responded to a call for public comments from the European Data Protection Board regarding their Recommendations 1/2022 on the Application for Approval and on the elements and principles to be found in Controller Binding Corporate Rules (Art. 47 GDPR). …
Continue Reading CIPL Responds to EDPB’s Calls for Public Comments on Recommendations for Controller Binding Corporate Rules