On March 2, 2023, the Court of Justice of the EU (“CJEU”) decided, in case C-268/21, that the GDPR applies to the production of evidence in civil court proceedings. The case sets limits on, but does not preclude, the production of personal data in court proceedings.
Continue Reading Court of Justice of the EU Clarifies Rules on the Production of Evidence Containing Personal Data in Civil Litigation
The French CNIL Reminds Two Medical Research Organizations of their Data Protection Obligations
As permitted by the GDPR, France has enacted some specific requirements for the processing of health data, in particular in the context of medical research. Following a report, the French supervisory authority (“CNIL”) audited two organizations carrying out medical research in early 2022 to check their compliance with these requirements. On March 13, 2023, the
French CNIL Finds GDPR Not Applicable to a US Company Providing a Browser Extension
On December 20th, 2022, the French Data Protection Authority (“CNIL”) closed down an investigation against a US company providing a browser extension (the “Company”), after finding that its activities were not subject to the GDPR. The CNIL’s decision is available here in French.
The Company provides a browser extension (the “Extension”) allowing users to obtain
CNIL Tests Tools to Audit AI Systems
With the growing use of AI systems and the increasing complexity of the legal framework relating to such use, the need for appropriate methods and tools to audit AI systems is becoming more pressing both for professionals and for regulators. The French Supervisory Authority (“CNIL”) has recently tested tools that could potentially help its auditors
France Enacts New Law on Parental Controls
On March 2, 2022, following a fast-track legislative process in the French National Assembly and Senate, President Macron of France signed into law a new piece of legislation designed to reinforce parental controls over minors’ access to the Internet (the “Law”) (see final text of the Law published in the Official Journal here, in French).
The Law will apply primarily to manufacturers of devices that enable minors to access online services and content “likely to harm [their] physical, mental or moral development” (e.g., computers, smart phones, and tablets). The Law – which extends only to devices sold with an operating system (e.g., PCs, mobile phones, tablets, smart TVs) – requires manufacturers of such devices to provide a pre-installed parental control system which can be activated by parents or guardians upon first use. The installation, use, and (where applicable) uninstallation the system must be provided to end users at no additional cost.
French National Assembly’s Committee Approves Bill on Internet Parental Control
On 12 January 2022, the French National Assembly’s Committee on Cultural Affairs and Education (the “Committee”) unanimously approved a draft bill seeking to “encourage the use of parental controls on certain equipment and services sold in France and allowing access to the Internet” (the “Bill”).
- Background
In 2021, the French Supervisory Authority (“CNIL”)