Legal monitoring

Legal Watch No. 84 – June 2025. Augmented Cameras: The CNIL Sets New Guidelines. On July 11, the CNIL (French Data Protection Authority) ruled that the use of "augmented" cameras to estimate the age of customers in tobacco shops in order to control the sale of products prohibited to minors is neither necessary nor proportionate. These […]

Legal Watch No. 83 – May 2025. European data sovereignty: wishful thinking? Microsoft's blocking of the email account of the Chief Prosecutor of the International Criminal Court (ICC), Karim Khan, raises the crucial question of the digital sovereignty of France and Europe in general in the face of […]

Legal Watch No. 82 – April 2025. Data Protection and Simplification of Standards: What to Expect? The issue of simplifying standards, a recurring topic of discussion in Europe, has taken on particular importance since the change of leadership in the White House. At the Paris Artificial Intelligence (AI) Summit in […]

Legal Watch No. 81 – March 2025. Data breaches: how is the law applied, and what are the penalties? Who hasn't recently received an email from their telecommunications service provider, or from the NGO to which they make a monthly donation, informing them that their contact details, login credentials, and sometimes even their bank details, have been compromised?

Legal Watch No. 80 – February 2025. Data transfers to the United States: a weakened legal framework. On February 5th, 19 Members of the European Parliament from across the political spectrum asked the European Commission to examine whether the Data Protection Framework (DPF), which governs data transfers to the United States, is sufficient to maintain the legal framework for data processing.

Legal Watch No. 79 – January 2025. Hosting professional data: beware of consumer platforms. Data hosting providers' obligations regarding the fight against child pornography have a far-reaching impact on the confidentiality of the documents we entrust to them. This is what a Parisian lawyer recently discovered to his detriment, […]

Legal Watch No. 78 – December 2024. What are the prospects for data protection in 2025? The new year continues with the gradual implementation of the European Union's "digital package," as well as new legislation aimed at strengthening the protection of personal data in the face of the challenges posed by […]

Legal Watch No. 77 – November 2024. Artificial intelligence as a work tool: what regulations are in place? The use of AI in the workplace is exploding today, often without prior planning and without employers knowing exactly how their employees are using the new tools at their disposal. Whether it concerns the now-classic language models […]

Legal Watch No. 76 – October 2024. Cyberattacks: Increased Risk and an Evolving Legal Framework. The number of cyberattacks targeting businesses and public services in France this autumn is countless. After Boulanger, Cultura, Truffaut, Grosbill, and SFR, it is now Free's turn to suffer a […]

Legal Watch No. 75 – September 2024. Anonymization or pseudonymization: evolving classifications over time? On September 5, 2024, the CNIL (French Data Protection Authority) fined Cegedim Santé €800,000 for, among other things, processing health data without authorization. The supervisory authority noted that this data remained identifiable […]

Legal Watch No. 74 – August 2024. Telegram, Signal, WhatsApp… How good are instant messaging services in a professional context? There have been numerous media reactions to the arrest in France of Pavel Durov, the founder of the Telegram messaging app. Regardless of the political debates surrounding this issue, the case provides us with an opportunity to examine […]

Legal Watch No. 73 – July 2024. Cloud services: what criteria for which choice? Since the Covid pandemic, there has been a growing use of cloud services in both the public and private sectors. Although the European framework in this area is becoming clearer, many uncertainties remain. Should we choose […]

Legal Watch No. 72 – June 2024. Communication and marketing on social media: what rules apply to professionals? Social networks constitute a wealth of data for targeting prospects. The use of this data, whether publicly accessible on the social network or through building a network of contacts, remains […]

Legal Watch No. 70 – April 2024. Data Transfers Outside the EU: Current Situation. The landscape of international data transfers is becoming clearer with each decision and institutional position taken. Several recent initiatives at both the European and national levels aim to facilitate data flows […]

Legal Watch No. 69 – March 2024. Data security, cyber threats: current situation and guidelines. Several organizations are publishing their reports on the state of the cybersecurity threat at the beginning of this year: an opportunity to review the risks and advice for protecting personal data. The European Agency […]

Legal Watch No. 68 – February 2024. CNIL Audits: What are the priorities for 2024? As it does every year, the CNIL published its annual report and priorities for the coming months at the beginning of 2024. It indicates a steady increase in audits, made more effective by the implementation […]

Legal Watch No. 67 – January 2024. Role and resources of DPOs: the results of a year of audits. On January 17, the CNIL and its European counterparts published the results of their investigations into the role and resources of Data Protection Officers (DPOs) in the context of the GDPR. […]

Legal Watch No. 66 – December 2023. GDPR Case Law: Key Trends of 2023. Whether in France or at the European level, data protection authorities and judicial bodies issued numerous decisions in 2023 clarifying the conditions for applying the GDPR. At the European level, the most significant sanctions imposed by the authorities […]

Legal Watch No. 65 – November 2023. Complaints and sanctions: what is the 2024 agenda for data protection authorities? The entry into force of the GDPR has led to increased awareness of data protection, both among data controllers and individuals. This has resulted in an increase in […]

Legal Watch No. 64 – October 2023. Encryption and backdoors: from technical constraints to societal challenges. Recent events in France echo the current debate in Europe concerning law enforcement access to the content of encrypted messaging services. The Minister of the Interior, commenting on the radio on the recent attack at the Arras high school, […]

Legal Watch No. 63 – September 2023. Brexit: an overview of data protection. Since the United Kingdom's departure from the European Union on January 31, 2020, increasingly significant differences have emerged between data protection frameworks on both sides of the Channel. The country still applies the law […]

Legal Watch No. 62 – August 2023. DMA, DSA: the new obligations of tech giants. At the beginning of September, the protection of online user rights is expanding, with the application of the Digital Services Act to major platforms and the publication of the list of companies subject to the Digital Markets Act. Since the 25th […]

Legal Watch No. 61 – July 2023. APIs at the heart of personal data sharing. Application programming interfaces, commonly known as "APIs" (from their English name "application programming interface"), are frequently used to facilitate the sharing of information between public and private organizations. This sharing of […]

Legal Watch No. 59 – May 2023. Meta fine: €1.2 billion… and then what? The fine imposed on May 12 by the Irish data protection authority on Meta, Facebook's parent company, is the highest ever imposed by a data protection authority since the GDPR came into effect, at the time […]

Legal Watch No. 58 – April 2023. ChatGPT: What legal framework for new artificial intelligence applications? ChatGPT, Google Bard, Stable Diffusion, and Dall-E are Large Language Models (LLMs), a subcategory of existing language models. Language models are computer programs designed to process […]

Legal Watch No. 57 – March 2023. Smart Cameras and Biometrics – What Will Be the Impact of the Law Relating to the Olympic Games? On March 23, the National Assembly adopted Article 7 of the law on the Olympic Games. The bill, passed in a sparsely attended assembly (73 out of 577 members were present), […]

2020 and Beyond Legal Watch – December 2019. It’s a new year, but also a new decade ahead, with its challenges, constraints, and promises. To better address these issues, let’s take a brief look back at 2019. More than a year after the GDPR came into force, a first assessment of the implementation […]

Data security: to err is (often) human Legal Watch – November 2019. Data security: to err is (often) human. This is the observation of the public authorities responsible for the protection of personal data, meeting in Tirana from October 21 to 24. Several resolutions were adopted within the framework of […]

Facial recognition, artificial intelligence and ethics: the debate is gaining momentum Legal Watch – October 2019. Paying with your face rather than a credit card, using Amazon cameras to fight crime, as the Orlando police in the United States did, managing the movement of athletes and journalists at the Olympic Games in […]

We are sometimes more responsible than we think... or than we want to be Legal Watch – September 2019. This is the case when we install a simple plug-in on our website, even if we do not have access to the data collected through this means. A recent ruling by the Court of Justice of […]

A start to summer marked by record fines and new support measures. Legal Watch – July-August 2019. The start of summer sees a rise in the temperature, but also in the amount of fines for breaches of privacy protection rules. We note in particular the announcement by the ICO, the British supervisory authority, of its intention […]

GDPR One Year Later: What Lessons and What Outlook? Legal Watch – June 2019. On May 25, 2018, the General Data Protection Regulation came into force. This new text has brought about numerous changes in business practices, whether in terms of their internal organization or contacts […]

FOCUS GDPR and employees: what legal framework? Legal Watch – May 2019. Two recent cases involving a major online bookstore raise the question of employees' leeway when it comes to processing the personal data of the company's customers. While data processing is currently regulated […]

Sensitive Data: A Particularly Broad Scope Legal Watch No. 50 – August 2022. It can be difficult to assess the sensitive nature of the data collected, and to decide whether this data requires specific protection under the GDPR. We echoed these interpretation difficulties in our editorial in […]

Dark patterns: what you always wanted to know but were afraid to ask… Legal Watch No. 45 – March 2022. This difficult-to-translate English term is found in many publications concerning information technology. Related to “nudging,” which aims to subtly encourage Internet users to adopt the desired behavior, “[…]

Ransomware: attacks on the rise Legal Watch No. 51 – September 2022. Ransomware: attacks on the rise: The news this fall brings us back to a recurring concern of data controllers: security breaches. The cyberattack on the Essonne hospital and the dissemination of several gigabytes of data […]

Transfers of personal data to the United States: progress report Legal Watch No. 55 – January 2023 Transfers of personal data to the United States: progress report. The legal uncertainty currently weighing on data exchanges between Europe and the United States impacts areas as concrete as the fight against […]

Personal data: can the use of a fundamental right be bargained for? Legal Watch No. 54 – December 2022 Personal data: can the use of a fundamental right be bargained for? Commenting on the proceedings against Meta, the parent company of Facebook, WhatsApp, and Instagram, could become tiresome, as it attracts the wrath of data protection authorities. […]

Legal Actions: A New Dynamic for Class Actions? Legal Watch No. 53 – November 2022 Legal Actions: A New Dynamic for Class Actions? Legal actions concerning personal data protection issues are still few in number in France and Europe. If the […]

AI in all its forms Legal Watch No. 52 – October 2022 On October 17, 2022, the CNIL confirmed its regulatory authority in the field of artificial intelligence by fining Clearview AI €20 million. This sanction follows a formal notice that remained unanswered, and […]

Analyzing your audience to communicate better… what are the rules? Legal Watch No. 49 – July 2022 Analyzing your audience to communicate better… what are the rules? Media and social networks now allow companies to analyze their audience in order to better target their audience, improve their image and adapt their marketing strategy. […]

Metaverse Fashion Week in Decentraland, one of the most popular virtual worlds. Legal Watch No. 48 – June 2022 Brave New World. In March 2022, the Metaverse Fashion Week event took place in Decentraland, one of the most popular virtual worlds. An online concert streamed on the Fortnite gaming platform […]

Automated Decisions: How is the GDPR being implemented? Legal Watch No. 47 – May 2022 Automated Decisions: How is the GDPR being implemented? On May 17, the Future of Privacy Forum published an extensive report on the issue of automated decisions. This report analyzes more than 70 documents […]

DSA – DMA: Two Pillars of the European Digital Strategy. Legal Watch No. 46 – April 2022 DSA – DMA: Two Pillars of the European Digital Strategy. Since the conclusion of a political agreement during the night of April 22 to 23, the DSA or Digital Services Act has been the subject of numerous comments in the […]

Analytical tools: the impact of a court decision – and intelligence services – on our websites. Legal Watch No. 44 – February 2022 Analytical tools: the impact of a court decision – and intelligence services – on our websites. The “Schrems II” ruling of the Court of Justice of the European Union was already, […]

Sensitive data and special categories of data: six of one and half a dozen of the other? Legal Watch No. 43 – January 2022 Sensitive data and special categories of data: six of one and half a dozen of the other? When processing data relating to health, political or religious opinions, the qualification that immediately comes to mind […]

A new year under the sign of expectation Legal Watch No. 42 – December 2021 A new year under the sign of expectation In terms of data protection, the year that begins does not herald any major new developments but an evolution and perhaps strategic decisions concerning certain current issues. Let us focus on three of them: the […]

The lifecycle of personal data Legal Watch No. 41 – November 2021 The lifecycle of personal data. Among the obligations provided for by the GDPR, there is one that can quickly turn into a headache for the data controller, despite its seemingly innocuous nature: it is the […]

The CLOUD Act and European businesses: what scope of application? Legal Watch No. 40 – October 2021 The CLOUD Act and European businesses: what scope of application? The dematerialization of data and their storage in the “clouds” have fundamental, and complex, consequences for the obligations of businesses. Even when stored […]

Controller and subcontractor: who is liable? Legal Watch No. 39 – September 2021 Controller and subcontractor: who is liable? Many data controllers use subcontractors, whether for human resources management, advertising targeting, or data security. […]

WhatsApp Decision: End of impunity for GAFAM in Europe? Legal Watch No. 38 – August 2021 WhatsApp Decision: End of impunity for GAFAM in Europe? We echoed in a previous news item the difficulties of agreement at the European level concerning the implementation of the General Data Protection Regulation […]

Pegasus – Spyware Challenges the Law. Legal Watch No. 37 – July 2021 Pegasus – Spyware Challenges the Law. In July, the Pegasus project revealed the unprecedented surveillance impact of Israeli spyware that can listen to and extract data from smartphones running iOS or Android. […]

Towards a Europe of data protection: the road is long. Legal Watch No. 36 – June 2021 Towards a Europe of data protection: the road is long. The General Data Protection Regulation raised many hopes in terms of clarity and efficiency when it came into force […]

Exercising access rights, portability: what are the powers of an agent? Legal Watch No. 35 – May 2021 Exercising access rights, portability: what are the powers of an agent? Some data controllers have legitimately expressed their perplexity upon receiving a request from a company mandated to obtain […]

Artificial intelligence in line with the law and societal challenges. Legal Watch No. 34 – April 2021 Artificial intelligence in line with the law and societal challenges. Artificial intelligence and security are now linked in political and legal discourse. But how far can the adaptation of our regulatory framework to challenges such as terrorism […]

Smart Cameras and Privacy: Striking the Right Balance? Legal Watch No. 33 – March 2021 Smart Cameras and Privacy: Striking the Right Balance? Since March, cameras have been installed on public transport to monitor whether users are wearing masks. These measures are […]

Security, data leaks, and ransomware: attacks to be taken seriously. Legal Watch No. 32 – February 2021 Security, data leaks, and ransomware: attacks to be taken seriously. The press reported at the end of February about a massive data leak in the medical sector. Sensitive information concerning more than 500 […]

Regulatory News: Celebrations and Supervision Legal Watch No. 31 – January 2021 Regulatory News: Celebrations and Supervision. The last few days have been an opportunity to (virtually) celebrate several anniversaries. On January 28, privacy stakeholders in Europe, Africa, the Americas, and […]

What control strategy for 2020? In 2020, in addition to controls following complaints, issues revealed in the news or corrective measures, the CNIL will focus its control action on 3 priority themes linked to the daily concerns of the French: As every year, in addition […]

New year, review and outlook. New year, review and outlook. After a year that some are calling an annus horribilis, 2021 is being welcomed by many as a hope for change. It is true that recent months have tested the resilience of our societies in unprecedented ways. The impact of the pandemic on our health but […]

GDPR: Case law is becoming clearer! GDPR: Case law is becoming clearer! The CNIL had already distinguished itself by imposing a record fine of 50 million euros on Google last January for failing to inform its customers when using Android, a fine confirmed in June by the Council of State. […]

GDPR Compliance in Times of Crisis. GDPR Compliance in Times of Crisis. What are the priorities of supervisory authorities, and what controls can businesses expect in the current health and economic context? While the CNIL is clearly focusing its activities on data processing […]

Employee Health Data: How to Manage It in Times of COVID-19? Employee Health Data: How to Manage It in Times of COVID-19? Among the challenges our societies are facing during the health crisis, the one facing employers is not the least. In addition to working conditions […]

SCHREMS II, an expected and feared finale SCHREMS II, an expected and feared finale. On July 16, 2020, the Court of Justice of the European Union invalidated the Privacy Shield, a key agreement that formed the legal basis for transfers of personal data between Europe and the United States. More than 5,300 American companies […]

A tense anniversary Legal Watch No. 24 – May 2020 A tense anniversary. The GDPR is celebrating its second anniversary in a particularly turbulent context for fundamental rights. How resilient will the European data protection system be in the face of current health challenges? Already put to the test in the context of the […]

STOPCOVID: The Journey of a Controversial Application STOPCOVID: The Journey of a Controversial Application. Not a day goes by without the issue of "deconfinement" of the population being addressed, in France as elsewhere, in connection with the tracing of the virus and the individuals who transmit it. Recent developments mention the creation of a file […]

Data protection in full swing Legal Watch No. 20 – February 10, 2020 This is what we remember from the first weeks of this new year, with numerous debates on the occasion of significant events: February will not be left out, with the “intensive data protection” conference in Paris organized by the international association […]