Nadège Martin (FR)

Photo of Nadège Martin (FR)

Nadège Martin is a IP/IT lawyer based in Paris. She specializes in information technology law, which includes computer, data protection, internet, telecommunications and media law.

Subscribe to all posts by Nadège Martin (FR)

Schrems II – Irish DPC finally issues its decision – suspension order, deletion/ repatriation of data and fine

Introduction: On 22 May, the Irish Data Protection Commissioner (the DPC) published its decision against Meta Platform Ireland Ltd (Meta Ireland) in relation to Facebook’s transfer of user’s personal data to the US (the Decision). In it, the DPC ordered Meta Ireland to suspend Facebook’s future transfers of personal data to the U.S. within five … Continue reading

Cyber-insurance – 72 hours for the insured party to file a criminal complaint: GDPR’s false friend

Cyberattacks have become more frequent, problematic and complex over the years – so much so that they now represent a real threat to economic activities. The French Information and Digital Security Experts Club (CESIN) has estimated that 54% of French companies were subject to cyberattacks in 2021,[1] while France Assureurs has put cyberattack risks on … Continue reading

European rulings on the use of Google Analytics and how it may affect your business

Recent decisions out of the EU will impact the use of Google Analytics and similar non-European analytics services when targeting EU individuals, with the potential to put many organizations at risk of receiving GDPR fines. At issue was the transfer of personal data from the EU to the US through the use of Google Analytics. … Continue reading

How to process employees’ health data in France after lockdown: dos and don’ts for employers

A few weeks ago, we provided you with a summary of the rights and obligations of employers with regard to the personal data of their employees during lockdown. On 11 May, many employees will return to their workplaces. Below you will find answers to the main questions you may have ahead as the end of … Continue reading

StopCovid: the French contact-tracing app

Following the example of many European countries, the French government plans to introduce a contact tracing app, known as “StopCovid”.  The app is designed to be used by people once they leave the confinement of their homes with the aim of preventing the spread of COVID-19. StopCovid is being developed within the INRIA, the French … Continue reading

Irish data protection authority launches new cookie guidance and indicates cookie investigations are on the horizon

Last week, the Irish Data Protection Commission (“DPC”) published its much anticipated guidance note on cookies and similar tracking technologies (the “Guidance”).  It also published a report following a “cookie sweep” that took place between August 2019 and December 2019 of 38 data controllers (the “Report”).  The cookie sweep requested information from the data controllers … Continue reading

The CNIL releases draft practical guidance on cookies consent

The CNIL has published draft recommendations on how to obtain consent when placing cookies. This is following the publication of its revised “Guidelines on the implementation of cookies or similar tracking technologies” which was published in July 2019 (see our article here). The objective of the recommendations is to provide stakeholders with practical guidance and … Continue reading

The right to be forgotten: the CJEU sides with Google in two landmark cases

On 24 September 2019 the Court of Justice of the European Union (CJEU) gave two judgments (Cases C-507/17 and C-136/17) ruling that: (i) de-referencing by Google should be limited to EU Member States’ versions of its search engine with some important qualifications; and (ii) when Google receives a request for de-referencing relating to a link … Continue reading

The CNIL publishes new guidelines on cookies and other similar technologies

On 4 July 2019, the CNIL published new guidelines on cookies and other similar technologies, repealing its 2013 cookie guidance in order to align its position with the GDPR’s new requirements on consent. These guidelines will be supplemented during the first quarter of 2020 by sectoral recommendations aimed at providing practical guidance to stakeholders on … Continue reading

New CNIL €400,000 fine for data security breaches and non-compliance with data retention period under the GDPR

Following the now famous €50m fine imposed on Google LLC in January 2019,[1] the French Data Protection Authority (the CNIL) published a decision taken on 28 May 2019[2] imposing a fine of €400,000 on SERGIC, a company specialised in real estate development, purchase, sale, rental and property management.… Continue reading

French court issues decision on legality of Privacy Rules and Terms of Use under data protection and consumer law

Five years after the commencement of legal proceedings against Google by leading French consumer association UFC Que Choisir, the Paris “Tribunal de Grande Instance” (TGI), in a decision dated 12 February 2019, issued its ruling on the legality of the Google+ Terms of Use and Privacy Rules, both with respect to consumer law and personal … Continue reading

EU GDPR will apply beginning May 25, 2018: Norton Rose Fulbright publishes GDPR Checklist, announces events and master classes

Over four years in the making, the EU General Data Protection Regulation (GDPR) was finally published in the EU Official Journal on May 4, 2016, giving a concrete application date. It will apply directly in all EU Member States beginning May 25, 2018. The GDPR will repeal and replace Directive 95/46/EC and its Member State implementing … Continue reading

French National Assembly adopts “Digital Republic” bill

On January 26, 2016, the French National Assembly adopted the “Digital Republic” bill  — a comprehensive bill introducing various provisions to regulate the digital sphere within the French society. Access to public data, neutrality of the Internet, access to the digital sphere and communication networks are some of the main subjects covered by this bill. … Continue reading

Google challenges applicability of CNIL’s “right to be forgotten” order to domain extensions outside the EU

In a recent blog post, reflecting on Google’s ongoing dispute with France’s CNIL about the scope of the “right to be forgotten,” Peter Fleisher, Google’s Global Privacy Counsel, announced that Google will maintain its position that that company would not comply with the CNIL’s formal notice dated May 21, 2015 to implement individuals’ requests to … Continue reading
LexBlog