Category: Newsletter

Key takeaways:

 

1. Pay transparency from the job offer stage: The proposed salary (or its range), as well as key elements of the applicable collective agreement, must be communicated before or during the job interview. In addition, employers will no longer be allowed to ask candidates about their past salaries.

2. Pay transparency for existing employees:

a) Right of access to pay information: Any employee will be able to obtain, in writing, information about their own pay as well as average pay levels, broken down by gender, for equivalent positions. Employers will be required to inform employees of this right on an annual basis. In principle, only companies with more than 10 employees will be concerned.

b) Revision of the Gender Equality Index: The index would be expanded to seven indicators to better measure pay gaps between women and men. Employers will be required to justify or correct any unjustified disparities, with information and consultation of employee representatives depending on the size of the company.

c) Redefinition of work of equal value: Employers will be required to classify jobs of equal value within the same category, based on new criteria. This classification must be established through a company- or sector-level agreement by the end of 2026, or, failing that, by a unilateral decision following consultation with employee representatives.

d) Adjustment of the burden of proof in pay matters: In the event of a dispute, the employee or candidate may present evidence suggesting pay discrimination, and the employer will then have to prove that any differences are based on objective criteria.

e) Prohibition of clauses restricting transparency: Clauses preventing employees from disclosing or discussing their pay will be null and void.

f) Sanctions for non-compliance with new pay obligations: In case of violations, two levels of administrative sanctions are envisaged:

 

• • • Up to 1% of the payroll for failures related to the indicators and corrective measures (2% in case of repeat offenses).
    • Up to €450 for failures to inform employees or candidates (doubled in case of repeat offenses).

*

 

Despite some progress, the average wage of women remains 22.2% lower than that of men in the private sector, including part-time work. On a full-time equivalent basis, women’s average pay is still 14.2% lower than men’s.

 

To fight against these inequalities and the culture of pay secrecy that tends to reinforce them, the European Union adopted Directive 2023/970 (the “Directive”) on 10 May 2023, “aimed at strengthening the application of the principle of equal pay for women and men for the same work or work of equal value through pay transparency and enforcement mechanisms.”

 

In practice, the provisions of this Directive aim to enhance pay transparency through the introduction of new binding mechanisms. The goal is to facilitate access to pay information, ensure non-discriminatory pay criteria, and improve remedies in cases of discrimination.

 

The Directive must be transposed into French law by 7 June 2026, although it is already clear that France will not meet this deadline. The government plans to submit the draft bill to Parliament at the end of May for review in June–July, with final adoption expected by the end of the year—but the busy parliamentary schedule could further delay this timeline. Implementing decrees will then be required before any provisions can take effect.

 

A first version of the draft law aimed at transposing the European Directive on pay transparency was sent to social partners and parliamentarians on 6 March. The text was again the subject of a consultation meeting with employers’ and employees’ organizations on 19 March.

 

1. Pay transparency before hiring

 

Regardless of the size of the company, job postings must now comply with the requirements of the new European Directive. The draft law provides for the obligation to communicate the following information in writing to candidates—or, if no job offer is provided, before or during the recruitment interview:

 

• the amount of the salary or a salary range for the position;
• relevant provisions of the collective agreement, such as benefits, bonuses, or minimum pay levels.

 

In practice, phrases such as “salary will be determined based on the candidate’s profile” will no longer be allowed.

 

Furthermore, it will be prohibited to ask candidates for information about their salary history, whether from their current or previous jobs.

 

The objective of these measures is to prevent past salaries, which may be discriminatory, from influencing future pay, while promoting transparency and equal treatment among candidates during salary discussions and negotiations.

 

2. Pay transparency for current employees

It is within this framework that the Directive introduces the largest number of new obligations.

 

a) A new right to information granted to employees

 

According to the document sent by the Ministry of Labour to social partners, employees will now be able to request from their employer information about their own pay as well as the average pay levels, broken down by gender, of employees in the same category—that is, performing the same or equivalent work.

 

This information should be provided in writing, either directly to the employee or through trade union representatives or the Works Council (CSE). Employers should also inform all employees annually of the existence of this right and respond to requests within a timeframe specified by decree.

 

If providing this data could indirectly identify an employee due to an insufficient number of people in the relevant category, the employer may refuse to disclose the requested information but must inform the employee of this decision.

 

During the meeting with social partners on 19 March, the Ministry of Labour clarified that this threshold will be set at 10 employees. A decree will be required to formalize this decision.

 

In any case, structured, transparent, and accessible pay systems must be implemented, along with a clear internal procedure for handling employee requests related to remuneration.

 

b) A new Gender Equality Index

 

The Ministry is considering a revamp of the professional equality index. Recall that every year, no later than 1 March, companies with at least 50 employees must publish a measure of pay gaps between women and men, calculated using four or five indicators depending on the workforce size. This information is included in the economic, social, and environmental database and made available to the Works Council (CSE).

 

As part of the transposition of the Directive, the government intends to completely revamp the Gender Equality Index, which would include seven new indicators. These will be specified by decree, but it is likely that they will largely reflect the provisions set out in the Directive itself:

 

• • • The pay gap between women and men;
    • The pay gap between women and men in terms of variable and additional components;
    • The median pay gap between women and men;
    • The median pay gap between women and men in terms of variable and additional components;
    • The proportion of women and men receiving variable and additional pay components;
    • The proportion of women and men in each pay quartile, i.e., divided into four equal groups based on their pay levels;
    • The pay gap between women and men within categories grouping employees performing the same or equivalent work.

 

The first six indicators will be annualized and systematically reported through the DSN, while the seventh, which will still need to be prepared by employers, must be submitted:

• • • Annually in companies with at least 250 employees;
    • Every three years in companies with 50 to 249 employees.

 

The planned framework also includes several obligations scaled according to the size of the company:

 

• • • In companies with 50 to 99 employees, the CSE would be informed about the data used to calculate the indicators and their results. If the seventh indicator reveals a gap exceeding a threshold set by decree, the employer would be required to enter mandatory negotiations on gender equality to define corrective measures. If no agreement is reached, these measures must be included in the employer’s unilateral action plan. A collective agreement could also exempt the company from reporting this indicator.
    • In companies with at least 100 employees, the CSE must not only be informed but also consulted on the data used to calculate the indicators and their results. Its opinion would be submitted by the employer to the administrative authority. Additionally, employees, the CSE, or trade union representatives could request clarifications and justifications from the employer regarding the seventh indicator, to which the employer would be obliged to respond with reasoned explanations.

 

If the seventh indicator reveals a gap exceeding the threshold set by decree, the employer would have two options:

 

• • • Justify the gap with objective and non-gender-biased criteria, after consultation with the CSE. If the employer chooses this option and the justification is absent or insufficient, they must correct the gap within six months of the first declaration and then submit a new declaration. At the end of this period and after the new declaration, if the gaps persist and remain unjustified, the employer would be required to enter negotiations on corrective measures through a collective agreement or, failing that, via an action plan.
    • Directly initiate negotiations aimed at adopting corrective measures without waiting for the six-month period.

 

c) New criteria for assessing “work of equal value”

 

The criteria used to assess whether jobs are of equal value would be expanded. Article L. 3221‑4 of the Labour Code, which sets these criteria, would thus be amended to also include non-technical skills and the concept of working conditions.

 

An obligation would also be introduced for the employer to establish a categorization of employees performing work of equal value. This categorization should be defined through a company-level agreement or, failing that, a sector-level agreement. In this context, representative employers’ and employees’ trade unions at the sector level would be invited to enter negotiations to potentially conclude such an agreement by 31 December 2026. In the absence of an agreement at these levels, the employer could unilaterally set this categorization after consulting the CSE, for a period of three years.

 

d) An adjusted burden of proof in pay matters

 

Article L. 3221‑8 of the Labour Code would be rewritten to clarify the adjustment of the burden of proof in disputes related to pay equality. As with other cases of discrimination, it would be the responsibility of the job candidate or employee to present factual evidence suggesting the existence of direct or indirect discrimination.

 

The text specifies the nature of this evidence, which could notably include:

 

• • • Statistical data;
    • The salary of a previously hired employee by the same employer;
    • The salary of an employee from another employer when the relevant pay conditions are set by a common collective agreement or contract (intercompany, group-level, or within an economic and social unit agreement).

 

Once this evidence is presented, it would be up to the employer to demonstrate that any differences in treatment are based on objective criteria, independent of any discrimination.

 

The same rules would apply if the employer fails to comply with the new pay transparency obligations, unless they can demonstrate that the breach was clearly unintentional and of minor significance.

 

e) Prohibition of clauses restricting the disclosure of pay-related information

 

Any contractual clause prohibiting an employee from disclosing their salary or sharing pay-related information with colleagues will be deemed null and void. It is clear that transparency takes precedence over individual secrecy: the employer will under no circumstances be able to sanction an employee for discussing their pay conditions.

 

f) Implementation of sanctions in case of non-compliance

 

A specific regime of administrative sanctions would be established in the event of violations of the new obligations imposed on companies.

 

Two categories of violations would thus be targeted:

• Violations related to the obligations to report the new indicators on pay gaps and the measures taken to reduce them. After, in certain cases, a formal notice procedure, the administrative authority could impose a penalty of up to 1% of the total wages paid to the company’s employees. The amount of this penalty would be set by the administration and could only be applied once per year for each type of violation provided by the law. In case of recidivism within five years following a previous sanction, this ceiling could be increased to 2% of the payroll;
• Several violations of transparency and information obligations, notably those related to informing employees, communicating indicator results, or providing information to candidates. These could give rise to an administrative penalty of up to €450, which could also be doubled in case of repeat offenses within five years following a previous sanction.

 

On the civil side, an employee who believes they have been subjected to pay inequality can still take legal action to obtain full compensation for their loss. The Directive provides that the at-fault employer must compensate for all losses resulting from the discrimination, including arrears of unpaid wages, associated bonuses, and redress for missed opportunities related to this difference in treatment.

 

In summary, transposing this Directive requires a solid understanding of the new obligations and proactive preparation for the upcoming changes.

 

The draft law sets out the implementation timeline for its Article 1. These provisions would come into effect on a date set by decree and at the latest within one year of the law’s enactment, except for the provisions relating to:

 

• The obligation to report the seventh indicator, which would come into effect on a date set by decree and at the latest by 1 June 2030 for companies with fewer than 150 employees;
• The right of employees to information, which would come into effect from the date of entry into force of the agreements or the employer’s unilateral decision establishing a categorization of employees performing work of equal value, and at the latest within one year of the law’s enactment.

 

It should also be noted that, in addition to these future measures, (i) negotiations on professional equality remain mandatory in companies with trade union representatives and (ii) companies with more than 1,000 employees must ensure that 30% of their senior management are women by 2027, rising to 40% by 2030 (the Rixain Act).

1. The CNIL fines France Travail 5 million euros for failure to secure personal data

 

On January 22, 2026, the CNIL imposed a fine of 5 million euros on France Travail (formerly Pôle Emploi) for failing to ensure the security of personal data, in accordance with Article 32 of the GDPR.

 

In 2024, cyber attackers targeted France Travail’s information system and compromised the accounts of advisors from the “CAP EMPLOI” service.

 

This intrusion allowed access to personal data of all individuals registered or who had been registered over the past twenty years, as well as users with a candidate space on francetravail.fr, including social security numbers, email and postal addresses, and phone numbers. Sensitive health information was not compromised, however.

 

While the CNIL recalls that the obligation to ensure the security of personal data is an obligation of means and that it is not possible for a data controller to protect against all so-called “social engineering” attacks, it noted that France Travail violated this obligation by not implementing security measures adapted to the risks identified during its impact assessments.

 

The CNIL noted insufficient robustness of password authentication methods (i.e., criteria for length and complexity/threshold for blocking unsuccessful attempts/complementary restriction mechanisms), a lack of logging measures to detect abnormal behavior, and overly broad access authorizations allowing advisors to access data of individuals they were not assisting.

 

This decision highlights the importance for public and private organizations to secure their information systems, limit access to authorized personnel only, and translate impact assessments into concrete actions to reduce the risk of data breaches.

 

• To read the decision, click here

 

2. Apple loses to UFC-Que Choisir over abusive clauses and data protection failures

 

By a ruling on February 27, 2026, the Paris Court of Appeal largely upheld the liability of Apple Distribution International Limited (Apple) following the action brought by UFC-Que Choisir concerning the terms of use of the iTunes service (now Apple Music) and data protection documents.

 

The action, initiated in 2016, aimed to challenge the abusive and unlawful nature of several contractual clauses and provisions relating to the processing of personal data. In the first instance, the Paris judicial court had found breaches of consumer law and the GDPR. Apple had appealed, contesting in particular the admissibility of the action and the merits of the convictions.

 

Regarding admissibility, the Court confirms that an association can act without a mandate under Article 80 of the GDPR, while specifying that the examination must focus solely on clauses still in effect.

 

On the merits, the Court finds several clauses relating to the processing of personal data to be unlawful, particularly concerning data retention periods, purposes and recipients of data, international transfers, profiling, and the exercise of user rights. It notes a lack of clarity and precision, as the information provided did not meet the transparency requirements of the GDPR.

 

In terms of consumer law, certain clauses are also deemed abusive. The Court highlights their standardized nature, lack of readability, and the existence of a significant imbalance to the detriment of users, due to general wording that leaves room for interpretation by the operator.

 

The “Apple Music and Privacy” and “Privacy Commitment” documents were sanctioned for similar reasons.

 

Regarding sanctions, the Court took into account the duration of the breaches, the number of users concerned, and the nature of the disputed clauses, and increased the damages to 50,000 euros for the collective interest of consumers.

 

This decision underscores the importance of clear, precise, and transparent drafting of contractual terms, both under the GDPR and consumer law, to protect consumers.

 

• To read the decision, click here

 

3. The French Council of State upholds the 40 million euro fine imposed on Criteo for GDPR violations

 

Criteo provides services that enable targeted advertisements to be displayed on websites managed and hosted by third parties. To this end, it collects and processes, using cookies, the browsing data of individuals visiting websites whose managers or hosts have entered into paid partnership agreements with it.

 

On March 4, 2026, the French Council of State confirmed the CNIL’s reasoning in all respects, holding the following:

 

• Criteo acts as a joint controller when it places cookies on the terminals of visitors to websites managed by its commercial partners and as a controller when it subsequently processes the data collected (particularly for configuring and improving the algorithmic targeting processes implemented by Criteo).
• The data processed by Criteo are personal data insofar as they are pseudonymized and the identification of certain individuals would not be technically impossible.

 

Consequently, Criteo failed to meet the following obligations:

 

• Criteo did not enter into agreements compliant with Article 26 of the GDPR with its partners as a joint controller;
• Criteo was unable to provide proof that the consent of the data subjects was properly obtained for processing based on consent;
• Criteo failed to inform data subjects in accordance with Articles 12 and 13 of the GDPR;
• Criteo failed in its obligations regarding the right to withdraw consent and data erasure: while individuals were no longer exposed to targeted advertisements, their data were retained and processed for algorithm improvement.

 

The French Council of State finally validated the amount of the fine imposed, noting the particular seriousness of the breaches committed, due to the nature of the requirements violated, the number of users concerned (370 million user identifiers in the European Union, including 50 million identifiers in France), the fact that Criteo is a major player in the online advertising services sector, and the circumstance that it derived direct gain from the breaches found.

 

• To read the decision, click here

 

4. European Commission and Irish authority investigate X and its AI Grok

 

X (formerly Twitter) is the subject of two separate but complementary investigations concerning its artificial intelligence tool Grok, integrated into the platform since 2024: the 1^st investigation is conducted by the European Commission, while the 2^nd was initiated by the Irish data protection authority.

 

The European Commission opened a formal review procedure under the Digital Services Act (DSA) at the end of January. This new investigation follows up on the one launched in December 2023, which initially concerned the platform’s general compliance. It now extends to the specific evaluation of the platform’s recommendation systems and Grok’s functionalities. These functionalities allow users to produce text and visual content and to integrate contextual elements into their posts.

 

The Commission is examining potential violations of Articles 34(1) and (2) of the DSA, relating to the assessment and mitigation of systemic risks, Article 35(1) on specific mitigation measures, and Article 42(2), which requires the completion and submission of a risk assessment report before deploying new features.

 

As for the Irish data protection authority (DPC), it announced on February 17, 2026, the opening of an investigation into the processing of personal data by Grok. This procedure follows the dissemination of deepfake sexual content generated from photos or videos of real people, including minors. The DPC is verifying, in particular, whether X has complied with the principles of the GDPR: lawfulness, fairness, and transparency of processing, data minimization, accuracy, conducting a data protection impact assessment, and privacy by design and by default.

 

These investigations illustrate the complementarity of the DSA and the GDPR: while the DSA governs the security and responsibility of online services, the GDPR governs the processing of personal data, including that used by AI tools.

 

• For more information on the subject, click here

 

5. The bill to ban social media access for minors under 15 years old has been adopted by the National Assembly

 

Amid growing concerns about cyberbullying, exposure to inappropriate content, and effects on sleep and mental health, the National Assembly adopted on January 26, 2026, a bill to ban social media access for minors under 15 years old.

 

This proposal distinguishes access conditions as follows:

 

• For services listed on an official list of platforms deemed likely to harm the development of minors under 15 years old, access remains prohibited, even with the consent of legal guardians;
• For other platforms, access may be authorized only with the explicit consent of at least one parent or guardian, specifying the accessible content, the maximum daily duration, and usage times.

 

Contracts concluded in violation of these provisions would be null and void, and the measure would take effect on September 1, 2026.

 

The effectiveness of this law would thus rely primarily on the platforms, which must verify users’ ages. In this regard, the European Commission recommended adopting age verification methods “precise, reliable, robust, non-intrusive, and non-discriminatory” in its guidelines published on July 14, 2025 (link). An age verification solution has also been developed and is in the testing phase (link).

 

The bill is now submitted to the Senate and will be debated in public session on March 31, 2026.

 

The European framework already imposes requirements on platforms regarding the protection of minors. Article 28 of the DSA establishes obligations adapted to the nature of the service, its functionalities, and the identified risks, without providing for a general age-based prohibition.

 

It is worth noting that WhatsApp has just announced the launch of a “pre-teen” messaging service, dedicated to those under 13 years old (enhanced parental controls, no advertising, and no artificial intelligence features). In our view, this new version is linked to WhatsApp being designated by the European Commission as a very large platform for its channels service in January, and thus needing to comply with stricter obligations under the DSA by the end of May, particularly concerning minors. No age verification or estimation measures are in place for this “pre-teen” version. Meta relies on parental action and age declaration to limit access to WhatsApp channel content by minors. It is not specified whether Meta has also assessed the systemic risks associated with these channels and whether other measures have been implemented to mitigate their consequences. Meta still has 2 months to work on this.

 

• For more information on the subject, the bill voted by the National Assembly is here and the interview with Emilie de Vaucresson in Les Echos on the pre-teen version of WhatsApp is here.

 

The 13th edition of the Nice Classification, which entered into force on 1 January 2026, has modified the classification of several goods and services, notably in the fields of optics, wellness, and transport.

 

Among the main developments:

• essential oils are now classified according to their use: cosmetic in class 3, medical in class 5, or food-related in class 30;
• glasses, lenses and optical accessories move from class 9 to class 10, as they are considered medical devices; only glasses intended for scientific purposes remain in class 9;
• heated clothing is now treated as clothing in its own right and falls under class 25, and emergency vehicles are moved to class 12.

French trademarks in force on 1 January 2026 remain valid as they stand, and reclassification will only take place at the time of renewal.

 

However, a difficulty may arise before that date in the event of an international extension of a French trademark. In such a case, the applicant may receive a notification of irregularity inviting them to amend the wording of the goods and services in order to comply with the classification in force. Proposals for regularization would then be issued by the INPI.

 

In addition, if the reclassification results in the addition of a new class not initially covered by the trademark, the applicant will have to pay an additional fee of €40. If, following the reclassification, the class initially designated is no longer of interest (for example, if it no longer contains any goods/services or if the remaining goods/services are no longer relevant), the applicant should be able to renounce it. In that case, no additional payment should be due, as the total number of classes would remain unchanged.

 

For European Union trademarks and international registrations, no reclassification mechanism will be implemented for registrations in force on 1 January 2026: only new filings will have to comply with the new classification.

 

In practice, this new edition does not fundamentally alter trademark filing strategies. However, certain adjustments may prove necessary, both at the time of renewal and when filing new trademarks, if the relevant titles are affected by these developments.

Data Breach: CNIL imposes a €42 million fine on Free Mobile and Free (13 January 2026)

 

In October 2024, an attack compromised the information systems of Free Mobile and Free, exposing the personal data of 24 million subscribers, including IBANs for shared customers. Following more than 2,500 complaints, the CNIL found breaches of the GDPR attributable to each of the companies for the processing of their subscribers’ personal data.

 

Firstly, the CNIL noted that Free Mobile and Free had not implemented sufficient security measures in accordance with Article 32 of the GDPR, in particular for VPN authentication and the detection of abnormal activity, exposing subscribers’ data. The companies were ordered to finalise their security enhancements within three months.

 

The CNIL also noted that Free Mobile and Free had informed subscribers of the breach by email and via a toll-free number/internal system, but that the email did not contain all the information required by Article 34 of the GDPR, preventing those affected from fully understanding the consequences of the breach and the protective measures to be taken.

 

Finally, the CNIL found that Free Mobile was storing millions of pieces of personal data belonging to former subscribers without justification, beyond the period necessary for accounting purposes. The company has begun sorting and deleting the excess data and has been ordered to complete this operation within six months.

 

• For more information on this subject, click here.

 

The report on “Influence and social networks” was submitted to the government (13 January 2026)

 

Two and a half years after the enactment of Law No. 2023-451 of 9 June 2023 regulating commercial influence, a parliamentary report presented on 13 January 2026 gives an overall positive assessment of the existing system. The law has had a real educational effect, increasing the transparency of commercial communications and confidence in the digital economy, while combating misleading practices more effectively.

 

However, the report highlights the persistence of new abuses linked to the rapid evolution of uses and technologies. Monetised live streams, particularly on certain platforms such as TikTok, are identified as a major area of concern, notably due to the integrated financial mechanisms, the risks of aggressive commercial practices and the increased exposure of minors.

 

In response, French parliamentarians have formulated 78 recommendations, including several key measures:

 

• the creation of a mandatory registration system for influencer agents in order to professionalise the sector, which will involve criminal background checks;
• the strengthening of the supervision of online training courses promoted by influencers, with the introduction of a prior authorisation system;
• strengthening the obligations imposed on platforms, particularly with regard to user protection, transparency of financial flows and limiting minors’ access to certain content;
• increased supervision of sensitive promotions (alcohol, health, gaming, adult content), including when these are based on tools using generative AI.

 

The report highlights the insufficient operational resources of the supervisory authorities, in particular the DGCCRF (French authority for competition, consumer affairs and fraud control), ARCOM (French authority for audiovisual and digital communication) and AMF (French financial markets authority), which are faced with the considerable volume of content disseminated daily on platforms. It recommends strengthening automated monitoring and detection capabilities, improving coordination and information sharing between public actors, and creating a one-stop portal for reporting “digital disorder” attached to the Prime Minister’s office in order to structure and centralise the public response.

 

This work should feed into the forthcoming submission of a draft “influencers 2” bill, aimed at adapting the legal framework to technological developments and new economic models of influence.

 

• For more information on this subject, click here.

 

Airbnb does not have the status of a hosting provider and can be held liable for illegal subletting.  (7 January 2026)

 

In two rulings handed down on 7 January 2026, the French Court of Cassation ruled on the liability of the Airbnb platform in cases of subletting without the landlord’s authorisation.

 

In the first case, a social housing tenant had sublet her flat, located in a tourist area, without her landlord’s consent. In the second case, a tenant of a Parisian property had also sublet the property on a short-term basis without the written authorisation of the owner, in violation of Article 8 of the Law of 6 July 1989. In both cases, the landlords sought the return of the rent received and held Airbnb liable.

 

The lower courts adopted differing analyses. In the first case, the Court of Appeal recognised Airbnb as a host within the meaning of the Law on Confidence in the Digital Economy (LCEN), thereby excluding any liability on the part of the platform. In the second case, however, the Court of Appeal considered that Airbnb played a role that went beyond that of a mere technical intermediary and could, as such, be held liable.

 

The Court of Cassation points out that the benefit of the liability exemption regime provided for by the LCEN is strictly reserved for operators who adopt a neutral, purely technical and passive role in the storage and provision of content supplied by users. Such status presupposes a lack of knowledge and control over the offers disseminated.

 

However, the Court of Cassation noted that Airbnb actively organises and supervises the operation of its platform. It imposes rules on users, intervenes in the publication and transaction process, and promotes certain offers or hosts. These elements reflect interference in the relationship between hosts and travellers and give the platform a capacity for influence that is incompatible with the neutrality required of a host.

 

Consequently, the Court of Cassation ruled that Airbnb could not be classified as a hosting provider and therefore could not benefit from the exemption from liability provided for in this capacity. Airbnb may therefore be held liable in the event of illegal subletting.

 

• • For more information on this subject, click here and here.

 

The European Commission is preparing the Digital Fairness Act

 

The European Commission is preparing the Digital Fairness Act (DFA), a future legislative initiative intended to complement the Digital Services Act (DSA) and the Digital Markets Act (DMA) by strengthening consumer protection in the digital environment.

 

The DFA is a follow-up to the “Fitness Check” launched in 2022 and published in October 2024, which assessed the effectiveness of three key directives (UCPD, CRD and UCTD). This analysis concludes that, although these texts remain relevant, they only partially achieve their objectives in the face of contemporary digital practices. Consumers today are exposed to misleading or addictive interfaces, forms of personalisation that exploit their vulnerabilities, difficulties in cancelling digital subscriptions, and unfair contract terms. The annual financial loss is estimated at least £7.9 billion for consumers in the European Union, without taking into account psychological damage (link).

 

In this context, the DFA will aim to combat dark patterns, the addictive design of digital products, misleading influencer marketing, abusive online profiling and certain subscription practices. Particular attention will be paid to the protection of minors and vulnerable consumers. The text will also seek to strengthen legal certainty and limit the risks of regulatory fragmentation, as several Member States are considering national initiatives.

 

The text will be formally proposed to the Parliament and the Council in the third quarter of 2026, after which its legal form (stand-alone regulation or targeted directive) will be specified.

 

• For more information on this subject: click here.

• Equal treatment: meal vouchers also apply to teleworkers

 

Until now, the question of granting meal vouchers to teleworking employees has been contentious. While some judges favored the principle of equal treatment, others considered that an employer could refuse them in the absence of additional meal-related expenses.

 

In two rulings handed down on October 8, 2025, the Court of Cassation settled the matter: teleworking employees are entitled to meal vouchers under the same conditions as those working on-site.

 

Relying on Article L. 1222-9 of the French Labour Code, which provides that teleworkers enjoy the same rights as employees working within company premises, the Court clarified that the only criterion for granting meal vouchers is that the meal must fall within the employee’s working hours, regardless of the place or organization of work.

 

In a second ruling, the Court added that the practice of granting meal vouchers to employees located far from the company cafeteria cannot be suspended simply because they switch to telework.

 

💡 Key takeaway: The allocation of meal vouchers must now be identical for on-site and teleworking employees, provided their schedule includes a lunch break. Beyond this landmark decision, meal vouchers remain a useful tool for strengthening employees’ purchasing power, benefiting from favorable social and tax treatment (exemption from social contributions up to €7.26 per voucher issued since January 1, 2025).

 

• Dismissal and late delivery of end-of-contract documents

 

Under Articles L.1234-19, L.1234-20, and R.1234-9 of the French Labour Code, the employer must provide the employee’s end-of-contract documents upon termination.

 

In cases of dismissal for gross misconduct, the employment relationship ends immediately upon notification. The termination date is therefore the date the employer expresses the intent to end the employment — that is, the date the dismissal letter is sent by registered mail.

 

Relying on these provisions, the Court of Cassation overturned a Montpellier Court of Appeal decision, ruling that when a dismissal for gross misconduct is pronounced, the employer must provide the end-of-contract documents on the same date, given the absence of notice period.

 

In this case, the employee was dismissed on April 9, 2018, but received his end-of-contract documents on June 6, 2018. The Court of Appeal had rejected his claim for damages, reasoning that no harm could be proven given the hypothetical notice period.

 

The Court of Cassation logically quashed this decision, reaffirming that these documents must be delivered as of the dismissal date. Otherwise, the employee may claim damages, provided that harm can be demonstrated — for instance, delayed access to unemployment benefits. A short gap of a few days is, however, unlikely to cause prejudice, since unemployment benefits are deferred by a mandatory seven-day waiting period, in addition to any delay due to unused paid leave.

 

In light of this decision, companies must ensure that end-of-contract documents are sent promptly after dismissal for gross misconduct. This simultaneous issuance may raise logistical issues for employers who usually prepare such documents at month-end. To ensure legal security, practices may need adjusting.

 

• Adoption and medically assisted reproduction: strengthened protection and authorized absences

Adopted on June 19, 2025, and published in the Official Journal on July 1, 2025, Law No. 2025-595 strengthens the protection of individuals involved in a “parental project” through assisted reproduction (PMA/IVF) or adoption.

 

Henceforth, protection against discrimination linked to parental projects applies to all employees — men and women — engaged in a PMA or adoption process. Employers can no longer refuse hiring, terminate a contract, or transfer an employee on the basis of such participation. They are also prohibited from seeking or using related information.

 

Employees undertaking PMA treatments may now take paid leave to attend necessary medical appointments, procedures, or treatments. They may also accompany their spouse, civil partner, or cohabitant to up to three mandatory medical appointments per protocol.

 

Likewise, employees involved in an adoption project are entitled to leave to attend compulsory adoption interviews. A forthcoming decree will set the maximum number of absences allowed.

 

This law represents a major advance in equality and anti-discrimination policy: parental projects, whether through PMA or adoption, are now fully recognized within the professional sphere. Employers must adjust internal leave and HR management procedures accordingly.

 

• Automatic compensation in cases of proven trade union discrimination — a new reversal

In 2016, the Court of Cassation established that in the event of an employer’s breach of a legal or contractual obligation, trial judges have sovereign discretion to assess the existence and quantum of damages.

 

Since then, the Court has recognized various exceptions.

 

In a ruling dated September 10, 2025, it introduced a new one, holding that “the mere finding of trade union discrimination entitles the employee to compensation.”

 

In this case, a former staff representative dismissed for incapacity claimed damages for trade union discrimination. The Dijon Court of Appeal rejected his claim, holding that he had neither proven the damage nor needed further reparation since the court’s recognition of discrimination was itself compensatory.

 

The Court of Cassation overturned that decision, ruling that the mere finding of trade union discrimination automatically opens the right to compensation.

 

This surprising decision appears to rest on an unwritten, third criterion suggested by the Advocate General, based on both:

• the importance of the legal rule at stake, and
• the victim’s inability to prove the harm suffered.

 

Although not explicitly stated, it seems the Court relied on this reasoning.

 

If confirmed, this new standard could significantly broaden automatic compensation cases. However, recent rulings from the Court of Justice of the European Union reaffirm that judges’ discretion to assess damages does not undermine the effectiveness of EU law, suggesting the French courts may maintain a case-by-case approach.

 

• Hidden cameras in the workplace: CNIL recalls legality requirements

 

In a decision dated September 18, 2025, the CNIL fined a company €100,000 for installing hidden cameras disguised as smoke detectors and recording employees’ conversations in storage areas. This ruling reiterates the strict conditions governing workplace video surveillance.

 

Hidden cameras may only be used exceptionally, where reasonable suspicion of serious misconduct exists, and with strict safeguards balancing corporate security and employee privacy.

 

To be lawful, such monitoring must be:

• temporary and strictly time-limited;
• documented and objectively justified;
• compliant with GDPR, following consultation with the Data Protection Officer.

 

In this case, the company failed to prove the temporary and proportionate nature of the system, nor its compliance with transparency or fairness obligations. The CNIL also noted excessive audio recording, lack of DPO involvement, and failure to report a personal data breach.

 

This decision reaffirms that hidden video surveillance is a highly exceptional measure that must observe robust proportionality and GDPR compliance safeguards.

La société Fred Paris a obtenu, le 18 juin 2025 (TJ Paris, 18 juin 2025, RG n° 23/10855), la condamnation d’une créatrice de bijoux qui commercialisait une gamme de bijoux reproduisant les caractéristiques essentielles du bracelet Force 10 GM et de son modèle communautaire. Nous n’avons pas connaissance d’un éventuel appel interjeté.

 

Le litige oppose un célèbre joailler et une créatrice de bijoux

 

La célèbre maison française de joaillerie et d’horlogerie compte, parmi ses créations, deux gammes de bijoux dénommées « Force 10 » et « Chance Infinie ». La maison est titulaire du modèle de l’UE n° 000772819-0001, déposé en 2007, représentant la fameuse boucle en forme de manille stylisée des créations de la gamme Force 10.

 

La défenderesse est une créatrice de bijoux qui commercialisait, sur son site Internet et sur des marchés locaux, des modèles qui reproduisaient, selon Fred Paris, les caractéristiques essentielles de ses produits.

 

Fred Paris a ainsi, après mise en demeure, assigné la créatrice de bijoux en contrefaçon de droit d’auteur, en contrefaçon de modèle et en concurrence déloyale.

 

Des actes de contrefaçon et de concurrence déloyale étaient invoqués

 

Fred Paris alléguait que la créatrice avait enfreint ses droits d’auteur en reproduisant les caractéristiques essentielles composant l’originalité des produits litigieux. Concernant le modèle de l’UE, la société estimait que les bijoux litigieux reprenaient les caractéristiques essentielles des produits de la marque, de sorte qu’ils créaient une même impression visuelle globale, caractérisant ainsi des actes de contrefaçon.

 

La créatrice reconnaissait la similitude entre les bijoux mais invoquait la banalisation de la gamme, de nombreux bijoux similaires étant commercialisés par des tiers. Elle arguait, pour sa défense, que l’acheteur moyen n’est pas conscient de la similitude entre les produits litigieux et ceux de Fred Paris.

 

Le tribunal a reconnu l’ensemble des faits reprochés

 

Sur la contrefaçon de droits d’auteur

Après avoir reconnu la titularité des droits revendiqués par Fred Paris, qui exploite publiquement sa gamme depuis au moins 2008, les juges caractérisent l’originalité des bijoux la composant.

 

Ils constatent que les bijoux litigieux reprennent, comme l’alléguait la demanderesse, les caractéristiques essentielles des siens.

 

Les actes de contrefaçon sont ainsi caractérisés selon les juges, « peu important l’existence d’autres sites proposant des bijoux similaires […], la bonne foi étant indifférente », en particulier dans un contexte où la créatrice avait été mise en demeure par Fred Paris.

 

Sur la contrefaçon de modèle communautaire

De même, le tribunal reconnait la reproduction des caractéristiques essentielles du modèle dans les bijoux de la créatrice qui produisent, sur l’utilisateur averti, la même impression globale.

 

Sur la concurrence déloyale et le parasitisme

Le risque de confusion ou d’association dans l’esprit du public créé par l’effet de gamme des bijoux de la défenderesse est reconnu. Il vaut en particulier pour la gamme « Chance infinie » qui n’avait pas fait l’objet d’un dépôt de modèle.

 

Le parasitisme résulte de la volonté de la défenderesse de se placer dans le sillage de la société Fred Paris pour profiter de ses investissements et de la notoriété de ses bijoux.

 

La réparation octroyée reste modeste

 

La créatrice de bijoux est condamnée à réparer le préjudice subi par Fred Paris au titre de la contrefaçon, estimée à hauteur de 3 000 euros, et du parasitisme et concurrence déloyale, à hauteur de 1 000 euros. Le caractère modeste de ces montants résulte notamment du fait que Fred Paris n’avait pas prouvé, selon le tribunal, des conséquences économiquement négatives ; que les bénéfices réalisés étaient limités ; qu’il n’était pas prouvé que les actes reprochés s’étaient étalés dans le temps. Le préjudice réparé est donc circonscrit aux économies d’investissement réalisées et au préjudice moral résultant de la banalisation des bijoux de la demanderesse.

 

La défenderesse est également condamnée à verser 3 000 euros à Fred Paris en application de l’article 700 du code de procédure civile.

 

Cette décision illustre la double protection des créations joaillières (et de toutes les œuvres d’art appliqué) par le droit d’auteur et le droit des dessins et modèles, mais aussi par le droit commun de la responsabilité civile entre concurrents.

 

Elle incitera peut-être les titulaires de droits qui envisagent d’assigner à opérer une balance entre les coûts de la procédure, les perspectives de réparation potentiellement très modestes et le souhait éventuel de faire de ces condamnations une affaire de principe.

A dynamic semester for the Joffe & Associés Team!

 

The past six months have been marked by a steady pace of milestones and achievements: the appointment of a new partner, the arrival of fresh talent, recognitions in leading rankings, media features, expert analyses, industry conferences, sporting challenges, social commitments, and interactions with students. It has been a period of sustained activity on all fronts.

 

Behind every initiative stands a committed and dynamic team, attentive to the needs of its clients as well as the broader issues shaping society.

 

This newsletter looks back at the highlights of the semester and reflects what truly sets us apart: the strength of our collective.

 

We hope you enjoy reading it!

 

Read the full newsletter here: Joffe & Associés : Newsletter – First Half of 2025.