recommendations

On September 17, 2025, the German Supervisory Authorities (Konferenz der unabhängigen Datenschutzaufsichtsbehörden des Bundes und der Länder, DSK) published new guidelines and recommendations addressing the complex requirements for transferring personal data, particularly health data (including health data contained in biomaterials), to countries outside of the European Economic

Continue Reading New German Guidelines on GDPR Requirements for International Transfers of Health Data in Medical Research

On June 19, 2025, the French Data Protection Authority (“CNIL”) published two recommendations for AI developers.  The first recommendation covers reliance on the GDPR’s legitimate interest legal basis for developing an AI model.  It provides examples of legitimate interests that can justify the use of personal data for AI development.  The second recommendation discusses measures to implement when collecting personal data through “web scraping.”  It provides a list of measures that, if followed, will ensure compliance with the GDPR’s accountability principle.Continue Reading CNIL Publishes Recommendations on Legitimate Interest as a Legal Basis for AI Training

On October 1, 2020, the French Supervisory Authority (“CNIL”) published the final version of its Guidelines on cookies and other tracking technologies (hereafter, “guidelines” – see announcement here, and guidelines here, in French), as well as an adjoining set of best practice recommendations (in French) with examples on how to implement the guidelines.  In this blog post, we summarize the key points mentioned in the CNIL’s guidelines.
Continue Reading French Supervisory Authority Publishes Final Version of Cookie Guidelines, Says It Will Start Enforcing Them in April 2021