On 10 February 2022, the CNIL issued a formal notice to a website operator using Google Analytics cookies to comply with the GDPR and more specifically with the CJEU Schrems 2 ruling on the transfer of data to the US.
The CNIL considers that as long as the US authorities can access users’ data, the use of Google Analytics is not legal. The Authority has therefore asked the website operator to comply with the GDPR and if necessary, to stop using Google Analytics cookies.
On June 4, 2021, the European Commission released two new set of contractual clauses : A set of clauses for personal data transfers from Controller to Processor within the Union as required under article 28 GDPR (C to P clauses)
Following the publication of its response to a data subject in a German newspapers the “Standard“, the Bavarian Data Protection Authority (DPA) took this opportunity to respond to recurring criticism and draw the attention of people on its actual enforcement
By order of 12 March 2021, the Conseil d’Etat (the French supreme administrative court) dismissed the request of various associations, including the Syndicat de la Médecine Générale (SMG) and the Ligue des Droits de l’Homme (Human Rights League), asking the interim relief judge of the Conseil d’Etat to order the suspension of the partnership between the Ministry of Health and the company Doctolib as part of the plan to accelerate vaccination against COVID-19, insofar as its online appointment booking system involved the hosting of health data with an American company (AWS).
During its 40th and 41st plenary sessions that took place in November, the European data protection board (EDBP) adopted the following recommendations: – Recommendations on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal