On October 17, 2018, the French data protection authority published a press release, detailing the rules applicable to devices that collect personal data from users’ mobile phones (media access control address) for the purposes of measuring the advertising audience and traffic in shopping malls and other public areas.
Continue Reading

On October 11, 2018, the French data protection authority announced that it adopted two referentials regarding the certification of data protection officers in France. The French Data Protection Act, as amended by on June 20, 2018 to supplement the GDPR, allows the CNIL to draft certification criteria and approve certification bodies for the purpose of certifying individuals as DPOs.
Continue Reading

On September 25, 2018, the French Data Protection Authority published the first results of its factual assessment of the implementation of the EU General Data Protection Regulation in France and in Europe. When making this assessment, the CNIL first recalled the current status of the French legal framework, and provided key figures on the implementation of the GDPR from the perspective of privacy experts, private individuals and EU supervisory authorities.
Continue Reading

On July 19, 2018, the French Data Protection Authority announced that it served a formal notice to two advertising startups headquartered in France, FIDZUP and TEEMO. Both companies collect personal data from mobile phones via software development kit tools integrated into the code of their partners’ mobile apps—even when the apps are not in use—and process the data to conduct marketing campaigns on mobile phones.
Continue Reading

On December 18, 2017, the French data protection authority publicly announced that it served a formal notice to WhatsApp regarding the sharing of WhatsApp users’ data with Facebook Inc. This decision, dated November 27, 2017, follows the investigations led by the CNIL regarding Facebook’s 2014 acquisition of WhatsApp.
Continue Reading