Blog Post
CNIL issues 50 million euro fine against Google in the first major GDPR infringement case

On 25 and 28 May 2018, the French Data Protection Authority (the "CNIL") received group complaints from the associations None Of Your Business and La Quadrature du Net. La Quadrature du Net was mandated by 10 000 people to refer the matter to the CNIL. The associations claimed that Google did not have a valid legal basis to process the personal data of its users, particularly for ads personalization purposes. The complaints focused specifically on Android's set-up process where users need to create a Google account in order to use their device.
Blog Post
Can employers read their staff’s private internet messages at work without violating human rights?
The simple answer is ‘yes’, according to the recent European Court of Human Rights judgment in Barbulescu v Romania, though this needs some explanation; especially given Judge Pinto de Albuquerque’s
Blog Post
Subject access requests and data retention: two sides of the same coin?
Over the past year or so, there’s been a decided upswing in the number of subject access requests made by individuals to organizations that crunch their data. There are a number of reasons for this,
Blog Post
Getting to the Core of the Apple Judgment
A recent Regional Court of Berlin judgment caused consternation amongst Privacy Counsels as Apple´s Privacy Policy was judged non-compliant with German Data Protection law. The court banned eight