On April 1, 2020, the French Data Protection Authority released guidance for employers on how to implement teleworking as well as best practices for their employees in this context.
Continue Reading
France
CNIL Recalls Data Protection Rules in the Context of the COVID-19 Outbreak
Posted on
The French Data Protection Authority recently issued guidance for employers relating to the processing of employee and visitor personal data in the context of the COVID-19 outbreak.…
Continue Reading
The Global Privacy Assembly Approves Data Sharing to Fight Coronavirus Pandemic
Posted on
On March 17, 2020, the Executive Committee of the Global Privacy Assembly issued a statement giving their support to the sharing of personal data by organizations and governments for the purposes of fighting the spread of the COVID-19 pandemic.…
Continue Reading
CNIL Unveils 2020 Inspection Strategy and Announces Cookie Investigations
Posted on
Posted in European Union, International
On March 12, 2020, the French Data Protection Authority released its annual inspection strategy for 2020.…
Continue Reading
CNIL Publishes Draft Recommendations on How to Get Users’ Consent for Cookies
Posted on
Posted in European Union, Online Privacy
On January 14, 2020, the French Data Protection Authority published its draft recommendations on the practical modalities to get users’ consent to store or read non-essential cookies and similar technologies on their devices. …
Continue Reading
CNIL Publishes Standard on Whistleblowing Hotlines
Posted on
Posted in European Union, International
On December 10, 2019, the French Data Protection Authority published the final version of its standard concerning the processing of personal data in the context of whistleblowing hotlines.…
Continue Reading
CNIL Fines French Construction Company for Infringements When Placing Marketing Voice-to-Voice Calls
Posted on
On November 26, 2019, the French Data Protection Authority announced that it had levied a fine of €500,000 on Futura Internationale for various infringements of the EU General Data Protection Regulation.…
Continue Reading
CNIL Publishes List of Processing Operations Not Subject to DPIA
Posted on
Posted in European Union, International
On October 22, 2019, the French Data Protection Authority (the “CNIL”) published a list of processing operations (in French) that it considers not requiring a data protection impact assessment (“DPIA”). The CNIL had previously adopted and published a final list of processing operations requiring a DPIA on November 6, 2018. The final list includes 12 types of processing operations for which a DPIA is not considered mandatory. The CNIL provided concrete examples for each type of processing operation, including:…
Continue Reading
CJEU Rules “Right to be Forgotten” on Google Limited to the EU in Landmark Case
Posted on
On September 24, 2019, the Court of Justice of the European Union released its judgments in cases C-507/17, Google v. CNIL and C-136/17, G.C. and Others v. CNIL regarding (1) the territorial scope of the right to be forgotten, and (2) the conditions in which individuals may exercise the right to be forgotten in relation to links to web pages containing sensitive data.…
Continue Reading
CNIL Updates FAQs to Prepare for a No-deal Brexit
Posted on
On September 10, 2019, the French data protection authority updated its existing set of questions and answers (“FAQs”) on the impact of a no-deal Brexit on data transfers from the EU to the UK and discussed how controllers should prepare.…
Continue Reading