Nadège Martin (FR)

Photo of Nadège Martin (FR)

Nadège Martin is a IP/IT lawyer based in Paris. She specializes in information technology law, which includes computer, data protection, internet, telecommunications and media law.

Subscribe to all posts by Nadège Martin (FR)

Schrems II – Irish DPC finally issues its decision – suspension order, deletion/ repatriation of data and fine

Photo of Lara White (UK)Photo of Marcus Evans (UK)Photo of Christoph Ritzer (DE)Photo of Jurriaan JansenPhoto of Nadège Martin (FR)By Lara White (UK), Marcus Evans (UK), Christoph Ritzer (DE), Jurriaan Jansen and Nadège Martin (FR) on Posted in General
Introduction: On 22 May, the Irish Data Protection Commissioner (the DPC) published its decision against Meta Platform Ireland Ltd (Meta Ireland) in relation to Facebook’s transfer of user’s personal data to the US (the Decision). In it, the DPC ordered Meta Ireland to suspend Facebook’s future transfers of personal data to the U.S. within five … Continue reading

Cyber-insurance – 72 hours for the insured party to file a criminal complaint: GDPR’s false friend

Photo of Nadège Martin (FR)Photo of Geoffroy Coulouvrat (FR)By Nadège Martin (FR) and Geoffroy Coulouvrat (FR) on Posted in General
Cyberattacks have become more frequent, problematic and complex over the years – so much so that they now represent a real threat to economic activities. The French Information and Digital Security Experts Club (CESIN) has estimated that 54% of French companies were subject to cyberattacks in 2021,[1] while France Assureurs has put cyberattack risks on … Continue reading

European rulings on the use of Google Analytics and how it may affect your business

Photo of Steve Roosa (US)Photo of Christoph Ritzer (DE)Photo of Nadège Martin (FR)Photo of Jurriaan JansenPhoto of Daniel Rosenzweig (US)Photo of Naomi SchuitemaPhoto of Natalia Filkina (DE)Photo of Barbara Ghebali (FR)By Steve Roosa (US), Christoph Ritzer (DE), Nadège Martin (FR), Jurriaan Jansen, Daniel Rosenzweig (US), Naomi Schuitema, Natalia Filkina (DE) and Barbara Ghebali (FR) on Posted in Cybersecurity, NT Analyzer Blog Series, Privacy law
Recent decisions out of the EU will impact the use of Google Analytics and similar non-European analytics services when targeting EU individuals, with the potential to put many organizations at risk of receiving GDPR fines. At issue was the transfer of personal data from the EU to the US through the use of Google Analytics. … Continue reading

How to process employees’ health data in France after lockdown: dos and don’ts for employers

Photo of Cécile Auvieux (FR)Photo of Nadège Martin (FR)By Cécile Auvieux (FR) and Nadège Martin (FR) on Posted in Compliance and risk management
A few weeks ago, we provided you with a summary of the rights and obligations of employers with regard to the personal data of their employees during lockdown. On 11 May, many employees will return to their workplaces. Below you will find answers to the main questions you may have ahead as the end of … Continue reading

StopCovid: the French contact-tracing app

Photo of Cécile Auvieux (FR)Photo of Nadège Martin (FR)By Cécile Auvieux (FR) and Nadège Martin (FR) on Posted in Compliance and risk management
Following the example of many European countries, the French government plans to introduce a contact tracing app, known as “StopCovid”.  The app is designed to be used by people once they leave the confinement of their homes with the aim of preventing the spread of COVID-19. StopCovid is being developed within the INRIA, the French … Continue reading

Irish data protection authority launches new cookie guidance and indicates cookie investigations are on the horizon

Photo of Christoph Ritzer (DE)Photo of Nadège Martin (FR)Photo of Marcus Evans (UK)By Janine Regan (UK), Christoph Ritzer (DE), Nadège Martin (FR) and Marcus Evans (UK) on Posted in Compliance and risk management
Last week, the Irish Data Protection Commission (“DPC”) published its much anticipated guidance note on cookies and similar tracking technologies (the “Guidance”).  It also published a report following a “cookie sweep” that took place between August 2019 and December 2019 of 38 data controllers (the “Report”).  The cookie sweep requested information from the data controllers … Continue reading

The CNIL releases draft practical guidance on cookies consent

Photo of Nadège Martin (FR)Photo of Cécile Auvieux (FR)By Nadège Martin (FR) and Cécile Auvieux (FR) on Posted in Compliance and risk management
The CNIL has published draft recommendations on how to obtain consent when placing cookies. This is following the publication of its revised “Guidelines on the implementation of cookies or similar tracking technologies” which was published in July 2019 (see our article here). The objective of the recommendations is to provide stakeholders with practical guidance and … Continue reading

The right to be forgotten: the CJEU sides with Google in two landmark cases

Photo of Nadège Martin (FR)Photo of Nilofar Moini Shabestari (FR)By Nadège Martin (FR) and Nilofar Moini Shabestari (FR) on Posted in Dispute resolution and litigation
On 24 September 2019 the Court of Justice of the European Union (CJEU) gave two judgments (Cases C-507/17 and C-136/17) ruling that: (i) de-referencing by Google should be limited to EU Member States’ versions of its search engine with some important qualifications; and (ii) when Google receives a request for de-referencing relating to a link … Continue reading

The CNIL publishes new guidelines on cookies and other similar technologies

Photo of Nilofar Moini Shabestari (FR)Photo of Nadège Martin (FR)By Nilofar Moini Shabestari (FR) and Nadège Martin (FR) on Posted in Compliance and risk management
On 4 July 2019, the CNIL published new guidelines on cookies and other similar technologies, repealing its 2013 cookie guidance in order to align its position with the GDPR’s new requirements on consent. These guidelines will be supplemented during the first quarter of 2020 by sectoral recommendations aimed at providing practical guidance to stakeholders on … Continue reading

New CNIL €400,000 fine for data security breaches and non-compliance with data retention period under the GDPR

Photo of Nadège Martin (FR)Photo of Nilofar Moini Shabestari (FR)By Nadège Martin (FR) and Nilofar Moini Shabestari (FR) on Posted in Data breach, Enforcement
Following the now famous €50m fine imposed on Google LLC in January 2019,[1] the French Data Protection Authority (the CNIL) published a decision taken on 28 May 2019[2] imposing a fine of €400,000 on SERGIC, a company specialised in real estate development, purchase, sale, rental and property management.… Continue reading

French court issues decision on legality of Privacy Rules and Terms of Use under data protection and consumer law

Photo of Cécile Auvieux (FR)Photo of Nadège Martin (FR)By Cécile Auvieux (FR) and Nadège Martin (FR) on Posted in Dispute resolution and litigation, Enforcement
Five years after the commencement of legal proceedings against Google by leading French consumer association UFC Que Choisir, the Paris “Tribunal de Grande Instance” (TGI), in a decision dated 12 February 2019, issued its ruling on the legality of the Google+ Terms of Use and Privacy Rules, both with respect to consumer law and personal … Continue reading

EU GDPR will apply beginning May 25, 2018: Norton Rose Fulbright publishes GDPR Checklist, announces events and master classes

Photo of Marcus Evans (UK)Photo of Nadège Martin (FR)Photo of Christoph Ritzer (DE)Photo of Floortje Nagelkerke (NL)By Marcus Evans (UK), Nadège Martin (FR), Christoph Ritzer (DE) and Floortje Nagelkerke (NL) on Posted in Compliance and risk management, Regulatory response
Over four years in the making, the EU General Data Protection Regulation (GDPR) was finally published in the EU Official Journal on May 4, 2016, giving a concrete application date. It will apply directly in all EU Member States beginning May 25, 2018. The GDPR will repeal and replace Directive 95/46/EC and its Member State implementing … Continue reading

French National Assembly adopts “Digital Republic” bill

Photo of Nadège Martin (FR)Photo of Geoffroy Coulouvrat (FR)By Nadège Martin (FR) and Geoffroy Coulouvrat (FR) on Posted in Compliance and risk management
On January 26, 2016, the French National Assembly adopted the “Digital Republic” bill  — a comprehensive bill introducing various provisions to regulate the digital sphere within the French society. Access to public data, neutrality of the Internet, access to the digital sphere and communication networks are some of the main subjects covered by this bill. … Continue reading

Google challenges applicability of CNIL’s “right to be forgotten” order to domain extensions outside the EU

Photo of Nadège Martin (FR)By Nadège Martin (FR) on Posted in Compliance and risk management
In a recent blog post, reflecting on Google’s ongoing dispute with France’s CNIL about the scope of the “right to be forgotten,” Peter Fleisher, Google’s Global Privacy Counsel, announced that Google will maintain its position that that company would not comply with the CNIL’s formal notice dated May 21, 2015 to implement individuals’ requests to … Continue reading
LexBlog