French privacy authority fines Google and Shein for displaying advertisements without user consent
16 September 25
Elisar Bashir
The French data protection authority (CNIL) imposed a record fine of €325m on Google for inserting advertisements between e-mails and for placing cookies when creating an account without the prior consent of users. The e-commerce platform Shein was also fined with €150m for placing cookies on users’ devices without obtaining their valid consent.
EU Timeline
15 September 25
Marianna Mattera
This edition of Cullen International’s EU Timeline highlights key policy and regulatory developments foreseen at EU level until the end of 2025.
EU AI Act: Commission is consulting on guidelines and a code of practice for transparency of AI-generated content
14 September 25
Elisar Bashir
The public consultation aims to gather practical examples of AI systems that directly interact with natural persons, which are subject to transparency requirements under the AI Act. The EU executive body further seeks feedback on existing state-of-the-art technical solutions for marking and detecting AI-generated or manipulated content as well as the concept of deep fake generating AI systems.
EU Digital & Media Weekly Report
14 September 25
Javier Huerta Bravo
This report gathers policy and regulatory developments at EU level covered by Cullen International’s Digital Economy and Media services during last week. This edition of the report also takes stock of reports published over the summer. Further, the report lists events taking place this week.
EU’s top court rules on when pseudonymous data is to be considered personal data
11 September 25
Alessandra Vaes
The EU Court of Justice clarified that the classification of pseudonymous data as personal data depends on whether the recipient has the means to re-identify the concerned individuals. It thereby endorsed the relative nature of personal data in accordance with its previous rulings. The court also clarified that transparency and information requirements towards data subjects are incumbent upon the data controller irrespective of whether the pseudonymous data in the hands of the recipient is identifiable or not.
US: Judge orders behavioural remedies in Google Search antitrust case
09 September 25
Jose Jehuda Garcia
The judge presiding over the antitrust infringement case against Google Search rejected all manner of structural remedies (such as the forced divestiture of Google companies). However, the court ordered behavioural restrictions for Google to observe going forward. Both Google and the US Department of Justice signalled intent to appeal the court´s decision.