Blog Post
CCPA Blog Series, Part 3: Confused over opt-out rights? You're not alone.
In Part 3 of our CCPA Blog Series, we look at the third core right – Opt out from the sale of personal information (and the related Opt in requirements for children). We'll consider when the right to opt out applies, how it compares to similar rights under the GDPR and the practical steps businesses should take to stay compliant.
Blog Post
CCPA Blog Series, Part 2: Rethinking access and data portability rights
In this second part of our CCPA Blog Series, we'll be delving more deeply into the next consumer right – the right to access – which comes hand in hand with the right to data portability. We'll consider how these rights differ to their equivalent counterparts under the GDPR, and what this means from a practical implementation standpoint.
Blog Post
CCPA Blog Series, Part 1: We just got through GDPR… Here we go again?
This is the first of a number of blog posts intended to condense the key takeaways and compliance actions for the CCPA. The blog series is directed, in particular, to companies that want to leverage the work they have already done for GDPR to meet the CCPA's compliance obligations. This first blog post focuses on introducing the CCPA and its key concepts, its general scope of application, and the Notice requirements.
Blog Post
EDPB prepares for a "no deal" Brexit
As time goes by, the prospect of the United Kingdom leaving the European Union on 29th March 2019 with no deal seems more and more realistic. While the UK government strives for a better deal that can get adopted by the UK Parliament, the European institutions on the other hand have started planning and preparing for the UK's departure of the EU without any deal.
Blog Post
CNIL issues 50 million euro fine against Google in the first major GDPR infringement case
On 25 and 28 May 2018, the French Data Protection Authority (the "CNIL") received group complaints from the associations None Of Your Business and La Quadrature du Net. La Quadrature du Net was mandated by 10 000 people to refer the matter to the CNIL. The associations claimed that Google did not have a valid legal basis to process the personal data of its users, particularly for ads personalization purposes. The complaints focused specifically on Android's set-up process where users need to create a Google account in order to use their device.
Blog Post
CNIL publishes guidance on the disclosure of data to business partners for direct marketing purposes
On December 28th 2018, the French Data Protection Authority (the "CNIL") released guidance on the disclosure of data to business partners for direct marketing purposes. In essence, the CNIL enumerates five principles that companies collecting data directly from data subjects must comply with when disclosing such information to business partners and other organizations. The essential provisions of the said guidelines are summarized below.
Blog Post
European data protection authorities finally flex their GDPR muscles
Ever since the 25th May last year, the privacy community has been on tenterhooks, waiting to see whether European DPAs would take advantage of the significant fining powers afforded to them under the GDPR. That question has been answered today, with news that the CNIL, the French data protection authority, has imposed a whopping fine of EUR50M on Google.
Blog Post
French legislator amends French Data Protection Act
On 12 December 2018, the French government adopted a new version of the French Data Protection Act by way of ordinance. As a reminder, the French legislator had authorized the French government to legislate by way of ordinance in order to achieve uniformity between French Data Protection law and the GDPR. The essential changes of the amended Act are summarized below.
Blog Post
A look at the UK's data protection law in a no-deal Brexit situation
Amidst the Christmas festivities, the draft Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 were laid before Parliament. The Exit Regulations show what the UK's data protection legal landscape will look like if the UK leaves the EU without a deal. This blog outlines the potential changes and considers what impact the Exit Regulations will have.