Tag Archives: Whistleblowing

French Appeals Court Suspends U.S. Company’s Whistleblower Program

Posted on October 13, 2011 by Hunton & Williams LLP

On September 23, 2011, the Labor Chamber of the Court of Appeals of Caen (the “Court”) upheld a decision to suspend a whistleblower program implemented by a U.S. company’s French affiliate, despite the fact that the French Data Protection Authority (the “CNIL”) had inspected and approved the program prior to implementation. This decision follows recent amendments to the legal framework for whistleblower programs in France.

Continue reading…

Tags: , , , , , ,

Announcing the Launch of a New Journal on International Data Protection and Privacy Law

Posted on March 30, 2011 by Hunton & Williams LLP

Oxford University Press recently published the debut issue of the new quarterly journal International Data Privacy Law (“IDPL”), the first and only journal on data protection and privacy law which both focuses on international issues and subjects articles to double-blind peer review.  Hunton & Williams Brussels-based partner Christopher Kuner is the journal’s editor-in-chief, and Professor Fred Cate, Senior Policy Advisor of the Centre for Information Policy Leadership at Hunton & Williams, also serves as an editor.  According to Mr. Kuner, “IDPL has three main missions, namely to be global, to span the gulf between scholarship and practice and to help solidify the position of data protection and privacy law as a central area of importance for the individual, the economy and the development of new technologies.”

Continue reading…

Tags: , , , , , , , , , ,

French Data Protection Authority Revises Authorization on Whistleblowing Schemes

Posted on December 8, 2010 by Hunton & Williams LLP

On October 14, 2010, the French Data Protection Authority (the “CNIL”) adopted several amendments to its single authorization AU-004 regarding the use of whistleblowing schemes (the “Single Authorization”).

Since 2005, companies in France must register their whistleblowing schemes with the CNIL either by self-certifying to the CNIL’s Single Authorization or by filing a formal request for approval with the CNIL.  Companies that self-certify to the Single Authorization make a formal undertaking that their whistleblowing scheme complies with the pre-established conditions set out in this authorization.  In particular, the scope of the Single Authorization is limited to the following specific areas: finance, accounting, banking, fight against corruption and compliance with Section 301(4) of the Sarbanes-Oxley Act.  Under the revised framework, the CNIL has extended the scope of the Single Authorization to include the prevention of anti-competitive practices and compliance with the Japanese Financial Instrument and Exchange Act.

Continue reading…

Tags: , , ,

French Data Protection Authority Unveils 2009 Annual Activity Report

Posted on June 22, 2010 by Hunton & Williams LLP

On June 17, 2010, the French data protection authority (the “CNIL”) published its Annual Activity Report for 2009 (the “Report”) in which it outlines some of its priorities for the upcoming year.

In February 2009, the CNIL published a report on online targeted advertising. Among other things, the CNIL voiced its concern regarding online behavioral and advertising activities and analyzed the risks of increasing user profiling.  In 2010, the CNIL is expected to issue a joint opinion with the Article 29 Working Party on targeted advertising and behavioral analysis.  The CNIL also will open a dialogue with several stakeholders from the marketing sector to work on adopting a code of best practices.

Continue reading…

Tags: , , , , , , ,

ECHR Rules on Disclosure of Web Users’ Identity

Posted on February 10, 2009 by Hunton & Williams LLP

On December 2, 2008, the European Court of Human Rights (ECHR) ruled in K.U. v. Finland that Article 8 of the European Convention on Human Rights requires national laws to protect individuals from serious online privacy infringements, but also that the national legal framework must allow for the identification and prosecution of offenders. This case involved an advertisement of a sexual nature, which was placed on an Internet dating site on behalf of the applicant, who was twelve years old at the time, without his knowledge.  To read more on this and for additional EU data protection updates, please click here.

Tags: ,

Austrian DPA Approves SOX Whistleblowing Hotline but with Limitations

Posted on January 20, 2009 by Hunton & Williams LLP

On December 5, 2008, the Austrian data protection authority ("DPA") issued its first decision on the implementation of a whistleblowing hotline as required by the Sarbanes-Oxley Act ("SOX"), to be administered by the Austrian subsidiary of a U.S.-based company. The DPA partly approved the data transfers from the Austrian entity to the U.S. entity for the purpose of enabling it to prosecute "serious incidents" caused by the behavior of executive managers. The DPA ordered the Austrian subsidiary to implement a contract guarantying data subjects the ability to exercise their rights through the service provider managing the hotline. The DPA did not consider SOX to provide a legal basis for the transfer, but rather found that the legal basis was provided by the legitimate interests of the Austrian subsidiary, as conveyed by instructions of the employer, admissible in the context of an employment relationship, including a Code of Conduct. The conditions placed on the hotline are based on the recommendations issued by the Article 29 Working Party in its Working Paper 117. Full text of the decision is available in German here.

Tags: , ,