In 2019, the French Data Protection Authority (CNIL) fined Google €50 million for violating GDPR. The ruling, known as Google v. CNIL (2019), proved that GDPR is not simply an abstract text – all companies, including corporations and market monopolists, must obey its provisions.

Decisions of high courts, such as this one, also prove useful in enforcing data privacy. Even if the decisions are made in a particular case between two entities or individuals, these rulings often explain legal provisions and are used as an additional set of legal principles. Historically, court decisions have had more impact in the US, which follows the case law system.

You may also like:

Data privacy laws in the United States and how they affect your business

11 new privacy laws around the world and how they’ll affect your analytics

Facebook Inc. v. Duguid

EU-US data privacy framework


  • Life after GA4: Why EU organizations are going local

    When Universal Analytics was phased out in 2023, and GA4 rolled out with complexity, many European organisations were forced to rethink how they measure success. For more and more, the solution is clear: use analytics built for Europe, by Europe. Why sovereignty matters Data sovereignty isn’t just a buzzphrase. Under GDPR and the Schrems II…

  • Telehealth analytics: Optimizing virtual care experiences in a HIPAA-compliant way

    As patients increasingly turn to digital platforms for medical care, healthcare organizations must understand user behavior and tailor their responses to meet these expectations. Patients want flexible, digital-first options, while providers seek to optimize efficiency, reduce costs, and expand care to more people.