Unpacking compliance, security and AI.
Our DPOs and CISOs regularly share their take on regulatory and technical news here: new CNPD guidelines, notable sanctions, incident lessons learned, evolutions on the AI Act, NIS 2 and DORA. To go beyond the press release.
6 articles found · #cnil · Veille Luxgap
CNIL: vehicle location data — new recommendation
On 30 June 2026, the CNIL issued a recommendation on the use of vehicle location data. It clarifies ePrivacy consent, multi-user rights, security, data minimisation and the need for DPIAs.
Cold calling: Constitutional Council ends the triple risk
On 25 June 2026, France’s Constitutional Council struck down parallel CNIL/ARCOM/DGCCRF proceedings for the same electronic marketing (Art. L.34‑5 CPCE). Repeal by 31 Oct 2027, but immediate effect: no more duplicate proceedings.
CNIL updates MR‑001/MR‑003: an operational playbook (26/05)
The CNIL updates MR‑001 and MR‑003 and releases compliance checklists. Immediate effect for health research conducted in France, impacting Luxembourg sponsors when French patients or sites are involved.
External DPO France: why choose a Luxembourg firm recognised across Europe
French company looking for an external DPO? Discover the advantage of a Luxembourg European-scale firm: multi-regulator knowledge (CNIL, CNPD, APD, BfDI, AEPD, Garante), pluridisciplinary team, lower cost than Parisian firms.
CNIL 2025 report: EUR 487M in fines, 1 breach in 2 = hacking, key takeaways
CNIL 2025 annual report: 20,150 complaints (record), EUR 487M in fines (including Google EUR 325M and Shein EUR 150M), 1 breach in 2 results from hacking. The real signal for 2026 and 4 concrete actions for DPO and CISO.
CNIL approves a GDPR code of conduct for retail
On 28 April 2026, the CNIL approved a GDPR code of conduct for apparel/footwear retailers in France. A strong signal for retailers, with auditable requirements and third-party oversight.