In 2019, the French Data Protection Authority (CNIL) fined Google €50 million for violating GDPR. The ruling, known as Google v. CNIL (2019), proved that GDPR is not simply an abstract text – all companies, including corporations and market monopolists, must obey its provisions.

Decisions of high courts, such as this one, also prove useful in enforcing data privacy. Even if the decisions are made in a particular case between two entities or individuals, these rulings often explain legal provisions and are used as an additional set of legal principles. Historically, court decisions have had more impact in the US, which follows the case law system.

You may also like:

Data privacy laws in the United States and how they affect your business

11 new privacy laws around the world and how they’ll affect your analytics

Facebook Inc. v. Duguid

EU-US data privacy framework


  • What is protected health information (PHI)? A guide for healthcare marketers

    Quick summary What PHI is: Any individually identifiable health information created, received, maintained, or transmitted by a covered entity or its business associates Who it applies to: Healthcare providers, health plans, healthcare clearinghouses, and their business associates Why it matters for marketing: Marketing tools that collect or transmit PHI without a BAA create HIPAA compliance…

  • We checked 59 hospital websites. 73% kept tracking visitors after opt-out.

    A new study by Piwik PRO and Verified Data scanned 59 major US hospital and clinic websites for tracking and data compliance. The findings show just how common it is for major US healthcare websites to run marketing tools that weren’t built for a regulated environment. What we actually found Across the 59 scanned sites,…