The French Data Protection Authority recently published its Annual Activity Report for 2018 and released its annual inspection program for 2019.
Continue Reading
France
CNIL Launches Public Consultation on Draft Standards on HR Data Processing and Whistleblowing Hotlines
Posted on
On April 11, 2019, the French Data Protection Authority launched an online public consultation regarding two new CNIL draft standards concerning the processing of personal data for (1) core HR management purposes and (2) the operation of a whistleblowing hotline.…
Continue Reading
CNIL Publishes Binding Rules on Processing Biometric Data as Workplace Access Control
Posted on
On March 28, 2019, the French data protection authority published a “Model Regulation” addressing the use of biometric systems to control access to premises, devices and apps at work.…
Continue Reading
GPEN and National DPAs Publish Sweep Results on Privacy Accountability
Posted on
On March 5, 2019, the Global Privacy Enforcement Network published the results of its 2018 intelligence gathering operation on organizations’ data privacy accountability practices. This blog entry provides highlights on the results.…
Continue Reading
CNIL Publishes FAQs to Prepare for a No-Deal Brexit
Posted on
Posted in European Union, International
On February 20, 2019, the French data protection authority published a set of questions and answers to specify the CNIL’s recommendations and steps that organizations should take to prepare for a no-deal Brexit.…
Continue Reading
European Commission Issues GDPR Infographic
Posted on
Posted in European Union, International
On January 25, 2019, the European Commission issued an infographic on compliance with and enforcement and awareness of the GDPR since it took force on May 25, 2018.…
Continue Reading
CNIL Fines Google €50 Million for Alleged GDPR Violations
Posted on
On January 21, 2019, the CNIL imposed a fine of €50 million on Google LLC under the GDPR, its first fine under the GDPR and the highest fine imposed by a supervisory authority within the EU under the GDPR to date.…
Continue Reading
Advocate General Finds Search Engine Operators May Limit the Scope of Right to Be Forgotten to the EU
Posted on
Posted in European Union, International
On January 10, 2018, Advocate General Szpunar of the Court of Justice of the European Union issued an Opinion in the case of Google v. CNIL, which is currently pending before the CJEU. In its Opinion, the Advocate General provided his views concerning the territorial scope of the right to be forgotten under the EU Data Protection Directive.…
Continue Reading
CNIL Fines French Telecom Operator for Data Security Failure
Posted on
On December 27, 2018, the CNIL announced that it imposed a fine of €250,000 on the French telecom operator Bouygues Telecom for failure to protect the personal data of the customers of its mobile package. This blog entry provides details on the decision.…
Continue Reading
CNIL Publishes Guidance on Data Sharing with Business Partners or Data Brokers
Posted on
On December 28, 2018, the French Data Protection Authority (the “CNIL”) published guidance regarding the conditions to be met by organizations in order to lawfully share personal data with business partners or other third parties, such as data brokers. The guidance focused, in particular, on such a scenario in the context of the EU General Data Protection Regulation (“GDPR”). The CNIL guidance sets forth the 5 following conditions:…
Continue Reading