On September 24, 2019, the Court of Justice of the European Union released its judgments in cases C-507/17, Google v. CNIL and C-136/17, G.C. and Others v. CNIL regarding (1) the territorial scope of the right to be forgotten, and (2) the conditions in which individuals may exercise the right to be forgotten in relation to links to web pages containing sensitive data.
Continue Reading
France
CNIL Updates FAQs to Prepare for a No-deal Brexit
Posted on
On September 10, 2019, the French data protection authority updated its existing set of questions and answers (“FAQs”) on the impact of a no-deal Brexit on data transfers from the EU to the UK and discussed how controllers should prepare.…
Continue Reading
CNIL Publishes New Template Records of Processing Activities
Posted on
Posted in European Union, International
On July 25, 2019, the French Data Protection Authority (the “CNIL”) published new template records of data processing activities pursuant to Article 30 of the EU General Data Protection Regulation (“GDPR”). This provision requires organizations subject to the GDPR to maintain internal records of data processing activities. The CNIL recalled that such records are a key accountability tool under the GDPR for identifying, understanding and controlling data processing activities. Setting up and maintaining these records provide businesses with the opportunity to ask the right questions and limit privacy risks under the GDPR. According to the CNIL, this is also a useful moment to set up a data protection compliance action plan.
…
Continue Reading
CNIL Publishes New Guidelines on Cookies and Similar Technologies
Posted on
Posted in European Union, International
On July 18, 2019, the French Data Protection Authority published new guidelines on cookies and similar technologies. This blog entry provides highlights on the guidelines.…
Continue Reading
EDPB Publishes Opinion on the Competence of a Supervisory Authority in Change in Circumstances Relating to the Main or Single Establishment
Posted on
Posted in European Union, International
On July 9, 2019, the European Data Protection Board adopted Opinion 8/2019 on the Competence of a Supervisory Authority in Case of a Change in Circumstances Relating to the Main or Single Establishment at the request of the French and the Swedish data protection authorities.…
Continue Reading
CNIL Publishes Action Plan Regarding Online Targeted Advertising
Posted on
On June 28, 2019, the French data protection authority published its action plan for 2019-2020 to specify the rules applicable to online targeted advertising and to support businesses in their compliance efforts.…
Continue Reading
New French Data Protection Act and Implementing Decree Take Force
Posted on
Posted in European Union, International
On June 1, 2019, New Decree No. 2019-536 took force, enabling the French Data Protection Act, as amended by an Ordinance of December 12, 2018, likewise to enter into force. This blog entry provides an overview of the developments. …
Continue Reading
CNIL Fines French Real Estate Service Provider for Data Security and Retention Failures
Posted on
On June 6, 2019, the CNIL announced that it levied a fine of 400,000 Euros on SERGIC, a French real estate service provider. This blog entry provides an overview of the case. …
Continue Reading
CNIL Unveils 2019 Inspection Program and 2018 Annual Activity Report
Posted on
Posted in European Union, International
The French Data Protection Authority recently published its Annual Activity Report for 2018 and released its annual inspection program for 2019. …
Continue Reading
CNIL Launches Public Consultation on Draft Standards on HR Data Processing and Whistleblowing Hotlines
Posted on
On April 11, 2019, the French Data Protection Authority launched an online public consultation regarding two new CNIL draft standards concerning the processing of personal data for (1) core HR management purposes and (2) the operation of a whistleblowing hotline.…
Continue Reading