Legal monitoring

2020 and Beyond Legal Watch – December 2019. It’s a new year, but also a new decade ahead, with its challenges, constraints, and promises. To better address these issues, let’s take a brief look back at 2019. More than a year after the GDPR came into force, a first assessment of the implementation […]

Facial recognition, artificial intelligence and ethics: the debate is gaining momentum Legal Watch – October 2019. Paying with your face rather than a credit card, using Amazon cameras to fight crime, as the Orlando police in the United States did, managing the movement of athletes and journalists at the Olympic Games in […]

We are sometimes more responsible than we think... or than we want to be Legal Watch – September 2019. This is the case when we install a simple plug-in on our website, even if we do not have access to the data collected through this means. A recent ruling by the Court of Justice of […]

A start to summer marked by record fines and new support measures. Legal Watch – July-August 2019. The start of summer sees a rise in the temperature, but also in the amount of fines for breaches of privacy protection rules. We note in particular the announcement by the ICO, the British supervisory authority, of its intention […]

GDPR One Year Later: What Lessons and What Outlook? Legal Watch – June 2019. On May 25, 2018, the General Data Protection Regulation came into force. This new text has brought about numerous changes in business practices, whether in terms of their internal organization or contacts […]

FOCUS GDPR and employees: what legal framework? Legal Watch – May 2019. Two recent cases involving a major online bookstore raise the question of employees' leeway when it comes to processing the personal data of the company's customers. While data processing is currently regulated […]

Sensitive Data: A Particularly Broad Scope Legal Watch No. 50 – August 2022. It can be difficult to assess the sensitive nature of the data collected, and to decide whether this data requires specific protection under the GDPR. We echoed these interpretation difficulties in our editorial in […]

Dark patterns: what you always wanted to know but were afraid to ask… Legal Watch No. 45 – March 2022. This difficult-to-translate English term is found in many publications concerning information technology. Related to “nudging,” which aims to subtly encourage Internet users to adopt the desired behavior, “[…]

Ransomware: attacks on the rise Legal Watch No. 51 – September 2022. Ransomware: attacks on the rise: The news this fall brings us back to a recurring concern of data controllers: security breaches. The cyberattack on the Essonne hospital and the dissemination of several gigabytes of data […]

Transfers of personal data to the United States: progress report Legal Watch No. 55 – January 2023 Transfers of personal data to the United States: progress report. The legal uncertainty currently weighing on data exchanges between Europe and the United States impacts areas as concrete as the fight against […]

Personal data: can the use of a fundamental right be bargained for? Legal Watch No. 54 – December 2022 Personal data: can the use of a fundamental right be bargained for? Commenting on the proceedings against Meta, the parent company of Facebook, WhatsApp, and Instagram, could become tiresome, as it attracts the wrath of data protection authorities. […]

Legal Actions: A New Dynamic for Class Actions? Legal Watch No. 53 – November 2022 Legal Actions: A New Dynamic for Class Actions? Legal actions concerning personal data protection issues are still few in number in France and Europe. If the […]

AI in all its forms Legal Watch No. 52 – October 2022 On October 17, 2022, the CNIL confirmed its regulatory authority in the field of artificial intelligence by fining Clearview AI €20 million. This sanction follows a formal notice that remained unanswered, and […]

Analyzing your audience to communicate better… what are the rules? Legal Watch No. 49 – July 2022 Analyzing your audience to communicate better… what are the rules? Media and social networks now allow companies to analyze their audience in order to better target their audience, improve their image and adapt their marketing strategy. […]

Metaverse Fashion Week in Decentraland, one of the most popular virtual worlds. Legal Watch No. 48 – June 2022 Brave New World. In March 2022, the Metaverse Fashion Week event took place in Decentraland, one of the most popular virtual worlds. An online concert streamed on the Fortnite gaming platform […]

Automated Decisions: How is the GDPR being implemented? Legal Watch No. 47 – May 2022 Automated Decisions: How is the GDPR being implemented? On May 17, the Future of Privacy Forum published an extensive report on the issue of automated decisions. This report analyzes more than 70 documents […]

DSA – DMA: Two Pillars of the European Digital Strategy. Legal Watch No. 46 – April 2022 DSA – DMA: Two Pillars of the European Digital Strategy. Since the conclusion of a political agreement during the night of April 22 to 23, the DSA or Digital Services Act has been the subject of numerous comments in the […]

Analytical tools: the impact of a court decision – and intelligence services – on our websites. Legal Watch No. 44 – February 2022 Analytical tools: the impact of a court decision – and intelligence services – on our websites. The “Schrems II” ruling of the Court of Justice of the European Union was already, […]

Sensitive data and special categories of data: six of one and half a dozen of the other? Legal Watch No. 43 – January 2022 Sensitive data and special categories of data: six of one and half a dozen of the other? When processing data relating to health, political or religious opinions, the qualification that immediately comes to mind […]

A new year under the sign of expectation Legal Watch No. 42 – December 2021 A new year under the sign of expectation In terms of data protection, the year that begins does not herald any major new developments but an evolution and perhaps strategic decisions concerning certain current issues. Let us focus on three of them: the […]

The lifecycle of personal data Legal Watch No. 41 – November 2021 The lifecycle of personal data. Among the obligations provided for by the GDPR, there is one that can quickly turn into a headache for the data controller, despite its seemingly innocuous nature: it is the […]

The CLOUD Act and European businesses: what scope of application? Legal Watch No. 40 – October 2021 The CLOUD Act and European businesses: what scope of application? The dematerialization of data and their storage in the “clouds” have fundamental, and complex, consequences for the obligations of businesses. Even when stored […]

Controller and subcontractor: who is liable? Legal Watch No. 39 – September 2021 Controller and subcontractor: who is liable? Many data controllers use subcontractors, whether for human resources management, advertising targeting, or data security. […]

WhatsApp Decision: End of impunity for GAFAM in Europe? Legal Watch No. 38 – August 2021 WhatsApp Decision: End of impunity for GAFAM in Europe? We echoed in a previous news item the difficulties of agreement at the European level concerning the implementation of the General Data Protection Regulation […]

Pegasus – Spyware Challenges the Law. Legal Watch No. 37 – July 2021 Pegasus – Spyware Challenges the Law. In July, the Pegasus project revealed the unprecedented surveillance impact of Israeli spyware that can listen to and extract data from smartphones running iOS or Android. […]

Towards a Europe of data protection: the road is long. Legal Watch No. 36 – June 2021 Towards a Europe of data protection: the road is long. The General Data Protection Regulation raised many hopes in terms of clarity and efficiency when it came into force […]

Exercising access rights, portability: what are the powers of an agent? Legal Watch No. 35 – May 2021 Exercising access rights, portability: what are the powers of an agent? Some data controllers have legitimately expressed their perplexity upon receiving a request from a company mandated to obtain […]

Artificial intelligence in line with the law and societal challenges. Legal Watch No. 34 – April 2021 Artificial intelligence in line with the law and societal challenges. Artificial intelligence and security are now linked in political and legal discourse. But how far can the adaptation of our regulatory framework to challenges such as terrorism […]

Smart Cameras and Privacy: Striking the Right Balance? Legal Watch No. 33 – March 2021 Smart Cameras and Privacy: Striking the Right Balance? Since March, cameras have been installed on public transport to monitor whether users are wearing masks. These measures are […]

Security, data leaks, and ransomware: attacks to be taken seriously. Legal Watch No. 32 – February 2021 Security, data leaks, and ransomware: attacks to be taken seriously. The press reported at the end of February about a massive data leak in the medical sector. Sensitive information concerning more than 500 […]

Regulatory News: Celebrations and Supervision Legal Watch No. 31 – January 2021 Regulatory News: Celebrations and Supervision. The last few days have been an opportunity to (virtually) celebrate several anniversaries. On January 28, privacy stakeholders in Europe, Africa, the Americas, and […]

What control strategy for 2020? In 2020, in addition to controls following complaints, issues revealed in the news or corrective measures, the CNIL will focus its control action on 3 priority themes linked to the daily concerns of the French: As every year, in addition […]

New year, review and outlook. New year, review and outlook. After a year that some are calling an annus horribilis, 2021 is being welcomed by many as a hope for change. It is true that recent months have tested the resilience of our societies in unprecedented ways. The impact of the pandemic on our health but […]

GDPR: Case law is becoming clearer! GDPR: Case law is becoming clearer! The CNIL had already distinguished itself by imposing a record fine of 50 million euros on Google last January for failing to inform its customers when using Android, a fine confirmed in June by the Council of State. […]

GDPR Compliance in Times of Crisis. GDPR Compliance in Times of Crisis. What are the priorities of supervisory authorities, and what controls can businesses expect in the current health and economic context? While the CNIL is clearly focusing its activities on data processing […]

Employee Health Data: How to Manage It in Times of COVID-19? Employee Health Data: How to Manage It in Times of COVID-19? Among the challenges our societies are facing during the health crisis, the one facing employers is not the least. In addition to working conditions […]

SCHREMS II, an expected and feared finale SCHREMS II, an expected and feared finale. On July 16, 2020, the Court of Justice of the European Union invalidated the Privacy Shield, a key agreement that formed the legal basis for transfers of personal data between Europe and the United States. More than 5,300 American companies […]

A tense anniversary Legal Watch No. 24 – May 2020 A tense anniversary. The GDPR is celebrating its second anniversary in a particularly turbulent context for fundamental rights. How resilient will the European data protection system be in the face of current health challenges? Already put to the test in the context of the […]

STOPCOVID: The Journey of a Controversial Application STOPCOVID: The Journey of a Controversial Application. Not a day goes by without the issue of "deconfinement" of the population being addressed, in France as elsewhere, in connection with the tracing of the virus and the individuals who transmit it. Recent developments mention the creation of a file […]

Data protection in full swing Legal Watch No. 20 – February 10, 2020 This is what we remember from the first weeks of this new year, with numerous debates on the occasion of significant events: February will not be left out, with the “intensive data protection” conference in Paris organized by the international association […]