Discover our publications

4 years after the implementation of GDPR, information and transparency towards data subjects are still a focal part of the news. Although companies are more and more aware of this obligation to inform imposed by GDPR, questions still remain on the following points: the content and the degree of precision of the information to be […]En savoir plus

1. What is the current situation? On June 23rd, 2016, the British population voted in favor of Brexit (51.9%). On March 29th, 2017, the United Kingdom invoked the procedure provided for by Article 50 of the Treaty on the European Union. Negotiations then began to find an agreement that would satisfy the two now opposing […]En savoir plus

4 years after the entry into force of the GDPR, information, and transparency toward data subjects are still at the heart of the news. If companies are becoming increasingly aware of this obligation of information imposed by the GDPR, some uncertainty remains regarding the following points: the content and the degree of precision of the […]En savoir plus

Since the early 2010s, and even more so in the wake of the current COVID-19 pandemic, learning and learning environments are being digitalized. This growing development leads to a “boom” in the data collected from the various learning platforms. Thus, the current interest in learning analytics is only a reflection of what Big Data is […]En savoir plus

The concept of data valorization aims to give a financial value to the data that a company have and start considering these as real assets. The value of a data is calculated according to a multitude of factors which can go from the data as such to the way it can be used. For example, […]En savoir plus

Encouraged by globalization then technological developments, the ongoing process of extraterritorial normative expansion has been embraced by the European legislator for several years. The legislator has been willing to extend its territorial scope, safeguard fundamental rights beyond its borders, and hold accountable companies located abroad. This article aims to provide an overview of this process, […]En savoir plus

Due to their sensitive nature, health data must be processed in accordance with certain binding rules. In this sense, their access but also the way they should be hosted are strictly regulated. What is a health data host? What does the legislation provide for? Simply hosting health data does not make it possible to obtain […]En savoir plus

The advent of internet and social networks has given birth to e-reputation, a new digital component of reputation in its traditional sense. With it, has appeared the issue of the “right to be forgotten”, which is composed of the right to erasure (art. 17 of the GDPR) and of the right to be de-referenced (consecrated […]En savoir plus

The implementation of a national strategy for artificial intelligence in the health sector requires the collection of data, their organization and the regulation of their access and use. Article L1462-1 of the French Public Health Code, based on Act No. 2019-774 of 24 July 2019 on the organisation and transformation of the health system[1] , thus […]En savoir plus

 1. Facebook never ceases to be under the spotlight   This could be promising, but these remarks need to be moderated in a half-tone. Facebook, through its CEO Mark Zuckerberg continues to be in the limelight. With its announcements on new features, the social network wants to further expand its position on the market including the […]En savoir plus

When hearing “web tracking”, it is hard to not think of the image of hunting a prey across a field, the term is impressive or even frightening. While surfing the net, you may have already wondered what footprint remains behind you? Who is behind the web tracking? What does the law state to protect you? […]En savoir plus

One of the most complex questions raised by the General Data Protection Regulation (GDPR) is that of data controller vs. data processor. Despite the data controller[1]and data processor[2]definitions provided in article 4 of GDPR, these two concepts remain difficult to ascertain when dealing with daily operations and the complex relationships between companies. In its Opinion […]En savoir plus

The law of 4 March 2002 relating to patients’ rights and the quality of the health system established as a principle the right for patients to access to all health information relating to them. With the entry into force of the General Data Protection Regulation, patients’ rights have been strengthened.  Who can request access to […]En savoir plus

The European Data Protection Board (EDPB), successor to the G29, published early April its draft guidelines on the use of the legal basis “Contract performance or pre-contractual measures” in the context of online services. For reminder, article 6 of the General Data Protection Regulation (GDR) requires that any processing of personal data must be based […]En savoir plus

Since the implementation of the GDPR on 25 May 2018, the penalties imposed by the CNIL (French supervisory authority) for failure to comply accumulating one after the other, be it for insufficient security, lack of transparency, unsatisfactory information and even lack of valid consent. UBER, BOUYGUES TELECOM or GOOGLE LLC are but a few examples […]En savoir plus

The accountability logic promoted by the new personal data regulation leads professionals of all sizes to be concerned about the security of data processed in the context of their activities. Today, internationally renowned companies such as social networks, postal services, or large hotel companies are subject to security breaches with considerable impacts. In line with […]En savoir plus

IT support is the customer’s point of contact when he needs to be guided in the use of the software or when he encounters a difficulty in its handling. From this interaction comes a privileged relationship where the client embraces the position of user, the commercial relationship being temporarily set aside. The IT support therefore […]En savoir plus

On the international scene, the GDPR is a key element led by the EU and serves as a standard of protection welcomed by a significant number of States. But it is not just a European apparatus: the GDPR is intended to sanction non-compliance with the practical obligations it imposes, and this, outside the EU’s borders. […]En savoir plus

One of the recurring situations found within companies is the lack of a data retention period or retention periods that are not clearly established, despite what was already required by the law No. 78-17 of 6 January 1978 on data processing, files and freedoms and Directive 95/46/EC. From now on, practices will have to change […]En savoir plus

Established by the GDPR, the DPO is at the heart of the organizations’ compliance system. Its role, status and missions reflect the importance given to it by the legislator. In this respect, even when its appointment is not mandatory, it remains strongly recommended to appoint one (I) and to outsource it to an expert firm […]En savoir plus