Other News
Schrems 2 : The Commission Issues an Adequacy Decision Allowing EU-US Data Transfers (again)
On 10 July 2023, the European Commission adopted a new adequacy decision concerning personal date transfers to the United States. This decision brings to an end a judicial epic that began in 2016 with the first Schrems ruling and which...
GDPR : Employee’s right of access
The General Data Protection Regulation (GDPR) gives data subjects rights over their own personal data, including the right of access to personal data processed by a controller (Article 15). In practice, the data subject can ask an organisation to access...
CNIL – FR: Direct Marketing, Employee Monitoring and Cloud are the 2022 Audit Priorities
On 15 February 2022, the CNIL released its control programme for the year 2022. This year the priority themes are as follows: Direct marketing ; Employee's monitoring in the context of remote working; Cloud computing...
Google Analytics: The CNIL Asked a Website Operator to Stop Using Google Analytics
On 10 February 2022, the CNIL issued a formal notice to a website operator using Google Analytics cookies to comply with the GDPR and more specifically with the CJEU Schrems 2 ruling on the transfer of data to the US. The CNIL considers that as long as the US authorities can access users’ data...
Cookies and other Trackers : How to Comply
Following the hundreds of million fines imposed Amazon, Google and Facebook by the CNIL and other authorities relating to their use of cookies, this article aims to review the CNIL's practical recommendations in this area so that to help organisations to understand the requirements in France and to...
Google Analytics – GDPR : The EDPS & Austrian DPA Consider Data Transfers to Google LLC (US) Illegal
The European Data Protection Supervisor ("EDPS") and the Austrian Data Protection Authority have both recently issued a decision ruling that the transfers of personal data to Google LLC (US) entailed by the use of Google Analytics tool on the European Parliament and by a company located in Austria...
Cookies – FR : The CNIL Imposes Fines of € 60 Million and € 150 Million on Facebook and Google for Non-Compliant Cookies Refusal Mechanism
On 30 and 31 December 2021, the CNIL sanctionned : FACEBOOK IRELAND LIMITED with a € 60 million fine ; and GOOGLE with a fine totalling €150 million (€ 90 million for GOOGLE LLC and € 60 million for GOOGLE IRELAND LIMITED) because they did not allow users of the social network facebook.com and...
CJEU: Displaying an advertisement in the guise of an e-mail without users’ consent is an unfair commercial practice
By a decision of November 25, 2021, the Court of Justice of the European Union (CJEU) ruled that the practice of displaying an advertisement under the appearance of an e-mail in the users' e-mail box is subject to the prior information and consent of the users (as required under directive...
This post is also available in fr_FR.