On 9 February 2026, the Commission Nationale de l’Informatique et des Libertés (CNIL) published its 2025 report on its enforcement action. Beyond the €487 million – in cumulative fines – largely driven (unsurprisingly) by two sanctions related to cookies, another
CNIL publishes a draft TIA guide
The Court of Justice of the European Union (CJEU)’s Schrems II decision[1] clarified strict rules for personal data transfers outside of the European Union. The European Data Protection Board (EDPB) followed up with recommendations[2]
Cyber-insurance – 72 hours for the insured party to file a criminal complaint: GDPR’s false friend
Cyberattacks have become more frequent, problematic and complex over the years – so much so that they now represent a real threat to economic activities. The French Information and Digital Security Experts Club (CESIN) has estimated that 54%
The French data protection authority (CNIL) adopts a new standard on whistleblowing systems
At the end of 2019, following a public consultation, the CNIL adopted its much-anticipated “standard” on whistleblowing systems. The “standard” is essentially a reference document which serves as guidance for those implementing whistleblowing systems.
French National Assembly adopts “Digital Republic” bill
On January 26, 2016, the French National Assembly adopted the “Digital Republic” bill — a comprehensive bill introducing various provisions to regulate the digital sphere within the French society. Access to public data, neutrality of the Internet, access to the