On June 9, 2021, the French Supervisory Authority (“CNIL”) published recommendations to help strengthen the protection of minors online (see here, in French).  These recommendations are the result of a survey and public consultation conducted by the CNIL in 2020, which focused on the digital practices of minors (see our blog post here).  The results of the CNIL’s survey and public consultation indicate that children are accessing the Internet at an early age on a “massive” scale.  In light of this reality, the CNIL underscores the importance of ensuring that minors benefit from the effective protection of their personal data when engaging online.
Continue Reading French CNIL Publishes Recommendations for Protecting Minors Online

In January 2021, the French Supervisory Authority (“CNIL”) published a summary report of contributions it received in response to a public consultation and survey on the digital rights of minors launched in April 2020 (see the press release here and a summary report here, both in French).  Stakeholders who responded to the consultation included companies, professionals dedicated to the legal and educational issues related to children, parents and minors.

Continue Reading French Supervisory Authority Publishes Results of Public Consultation on the Digital Rights of Minors

On October 1, 2020, the French Supervisory Authority (“CNIL”) published the final version of its Guidelines on cookies and other tracking technologies (hereafter, “guidelines” – see announcement here, and guidelines here, in French), as well as an adjoining set of best practice recommendations (in French) with examples on how to implement the guidelines.  In this blog post, we summarize the key points mentioned in the CNIL’s guidelines.
Continue Reading French Supervisory Authority Publishes Final Version of Cookie Guidelines, Says It Will Start Enforcing Them in April 2021

On June 19, 2020, the French Council of State (Conseil d’État) decided that the French Supervisory Authority (“CNIL”) had gone too far in its guidance on cookies and similar technologies when it stated that conditioning a user’s access to a website upon his or her acceptance of certain cookies (commonly known as “cookie walls”) is never compliant with the consent requirements in the EU General Data Protection Regulation (“GDPR”).

According to the Council of State, such a blanket prohibition cannot be deduced from the text of the GDPR. The Council of State reminded the CNIL that its guidance is only soft law and therefore must follow the text of the GDPR. The CNIL has announced that it will adapt its guidance in light of the Council of State’s decision. The decision serves as a stark reminder that even EDPB or CNIL guidance is can only interpret the text of the GDPR, and cannot break fresh legal ground.
Continue Reading French Council of State Decides that the French Supervisory Authority Cannot Prohibit Cookie Walls

On June 2, 2020, the French Supervisory Authority (“CNIL”) published a paper on algorithmic discrimination prepared by the French independent administrative authority known as “Défenseur des droits”.  The paper is divided into two parts: the first part discusses how algorithms can lead to discriminatory outcomes, and the second part includes recommendations on how to identify and minimize algorithmic biases.  This paper follows from a 2017 paper published by the CNIL on “Ethical Issues of Algorithms and Artificial Intelligence”.
Continue Reading French CNIL Publishes Paper on Algorithmic Discrimination

On April 21, 2020, the French Supervisory Authority (“CNIL”) launched a public consultation on the rights of minors in the digital services. The consultation is open until June 1, 2020.  The CNIL will use the contributions it receives to prepare recommendations in this area.

Under the French Data Protection Law, minors over 15 years old

On January 14, 2020, the French Supervisory Authority (“CNIL”) published a new draft guidance on the use of cookies and similar technologies on websites and applications (see here, in French).  The draft guidance is open for public consultation until February 25, 2020.

In its nine articles, the guidance sets out how to properly inform users and collect their consent in this context.  For each requirement, the guidance provides examples and best practices.


Continue Reading French Supervisory Authority Publishes Second Guidance on Cookies and Similar Technologies

On November 15, 2019, the French Supervisory Authority (“CNIL”) published guidance on the use of facial recognition. The guidance is primarily directed at public authorities in France that want to experiment with facial recognition.

The guidance warns that this technology risks leading to biased results because the algorithms used are not 100% reliable and the

On September 24, 2019, the Court of Justice of the European Union (“CJEU”) adopted a decision on the geographical scope of the right to erasure under the GDPR (decision available here).  The court decided, in line with the opinion of Advocate General Szpunar, that a US-based search engine does not have to remove (de-reference) search results displayed on all the search engine’s versions.  According to the court, it suffices for search results to be deleted from the search engine’s EU versions (i.e., EU domain name extensions, such as .eu, .fr or .de).  For more information on the Advocate General’s opinion, see our prior blog post here.

Continue Reading GDPR’s right to be forgotten limited to EU websites