Tag Archives: France

Google fined €50 million in France for GDPR violation

On January 21, 2019, the French Supervisory Authority for data protection (“CNIL”) issued a fine of €50 million against Google for violations of the General Data Protection Regulation (“GDPR”) (the decision was published in French here).  The CNIL’s decision was triggered by complaints from two non-profit organizations together representing 9974 individuals. The case raises a … Continue Reading

EU Advocate General: right to be forgotten is limited to EU

On January 10, 2019, Advocate General Szpunar of the Court of Justice of the European Union (CJEU) released his opinion regarding a 2016 enforcement action carried out by the French Supervisory Authority (CNIL) against Google.  In that case, the CNIL ordered Google to de-reference links to webpages containing personal data.  According to the CNIL, the … Continue Reading

European Regulators Are Intensifying GDPR Enforcement

Earlier this year, in the run-up to the General Data Protection Regulation’s (“GDPR”) May 25, 2018 date of application, a major question for stakeholders was how zealously the GDPR would be enforced.  Now, as the GDPR approaches its six-month birthday, an answer to that question is rapidly emerging.  Enforcement appears to be ramping up significantly.  … Continue Reading

Developments in the Right to Be Forgotten

As we approach the May 2018 effective date of the EU General Data Protection Regulation (“GDPR”), there have been a number of global developments over the last few months with respect to the so-called “right to be forgotten,” which will be codified under Article 17 of the GDPR. European Developments In the EU, we previously … Continue Reading

The CNIL and EDPS Launch Public Consultations

On June 16, 2016, the French data protection authority (“CNIL”) launched a public consultation on the General Data Protection Regulation (“GDPR).   The consultation focuses on four priority themes set out in the Article 29 Working Party’s 2016 Action plan: the data protection officer; the right to data portability; data protection impact assessments; and certification.… Continue Reading

EU DPA Enforcement Guidance Post-Schrems

Industry eagerly awaits further guidance from data protection authorities (“DPAs”) relating to the EU-U.S. Privacy Shield as well as on the validity (or otherwise) of other mechanisms for transfers to the U.S. such as standard contractual clauses (“SCCs”) and binding corporate rules (“BCRs”).  As we explained in recent posts (here and here), publication of an … Continue Reading

European Consumer Legislation and Online Privacy Policies: Opening Pandora’s Box?

Regulators and courts in the EU are increasingly vigilant in relation to privacy practices and policies of large online companies.  In recent years and months, the pressure increases not only through privacy-specific regulations and enforcement, but also through the application of consumer legislation.  As the below examples from France and Germany show, some courts or … Continue Reading
LexBlog