Articles Posted in CNIL

Posted March 17, 2026

Email-Tracking Technology: Emerging Compliance Expectations in the U.S., EU and Beyond

by Scott Morton, Shruti Bhutani Arora, Steven Farmer, Christine Mastromonaco and Samson Verebes

Scott Morton

Shruti Bhutani Arora

Steven Farmer

Christine Mastromonaco

Samson Verebes

GettyImages-610849650-e1773765918128-300x245 The use of email-tracking technology is drawing heightened regulatory scrutiny and has become a growing target of litigation. For many organizations, these technologies, which could be in the form of a “pixel,” “beacon” or URL tracking parameters embedded in links, sit quietly in the background of marketing and operational messages. Yet from a legal and compliance perspective, they raise the same kinds of questions as online tracking tools such as cookies. This article explains what is happening and why it matters, and offers some pragmatic options for organizations to consider when relying on email engagement data.

Posted October 11, 2024

GDPR Enforcement: Lessons from Recent Data Privacy Penalties

by Steven Farmer, Scott Morton and Mark Booth

Steven Farmer

Scott Morton

Mark Booth

Recent decisions by the French data protection authority (CNIL) have highlighted the importance of GDPR compliance, particularly in the areas of data retention, consent for processing sensitive personal data, and marketing practices. On October, 10, 2024, CNIL fined two companies offering remote clairvoyance services a total of €400,000—€250,000 for Cosmospace and €150,000 for Telemaque—for breaches including excessive data retention, failure to obtain explicit consent for sensitive data processing, and non-compliance with marketing consent rules. These decisions serve as a reminder for businesses to evaluate their data protection policies to avoid costly penalties and maintain consumer trust.