On March 5, 2019, the Global Privacy Enforcement Network published the results of its 2018 intelligence gathering operation on organizations’ data privacy accountability practices. This blog entry provides highlights on the results.
Continue Reading
France
CNIL Publishes FAQs to Prepare for a No-Deal Brexit
Posted on
Posted in European Union, International
On February 20, 2019, the French data protection authority published a set of questions and answers to specify the CNIL’s recommendations and steps that organizations should take to prepare for a no-deal Brexit.…
Continue Reading
European Commission Issues GDPR Infographic
Posted on
Posted in European Union, International
On January 25, 2019, the European Commission issued an infographic on compliance with and enforcement and awareness of the GDPR since it took force on May 25, 2018.…
Continue Reading
CNIL Fines Google €50 Million for Alleged GDPR Violations
Posted on
On January 21, 2019, the CNIL imposed a fine of €50 million on Google LLC under the GDPR, its first fine under the GDPR and the highest fine imposed by a supervisory authority within the EU under the GDPR to date.…
Continue Reading
Advocate General Finds Search Engine Operators May Limit the Scope of Right to Be Forgotten to the EU
Posted on
Posted in European Union, International
On January 10, 2018, Advocate General Szpunar of the Court of Justice of the European Union issued an Opinion in the case of Google v. CNIL, which is currently pending before the CJEU. In its Opinion, the Advocate General provided his views concerning the territorial scope of the right to be forgotten under the EU Data Protection Directive.…
Continue Reading
CNIL Fines French Telecom Operator for Data Security Failure
Posted on
On December 27, 2018, the CNIL announced that it imposed a fine of €250,000 on the French telecom operator Bouygues Telecom for failure to protect the personal data of the customers of its mobile package. This blog entry provides details on the decision.…
Continue Reading
CNIL Publishes Guidance on Data Sharing with Business Partners or Data Brokers
Posted on
On December 28, 2018, the French Data Protection Authority (the “CNIL”) published guidance regarding the conditions to be met by organizations in order to lawfully share personal data with business partners or other third parties, such as data brokers. The guidance focused, in particular, on such a scenario in the context of the EU General Data Protection Regulation (“GDPR”). The CNIL guidance sets forth the 5 following conditions:…
Continue Reading
CNIL Fines Uber for Data Security Failure Related to 2016 Data Breach
Posted on
On December 20, 2018, the CNIL announced that it imposed a fine of €400,000 on Uber France SAS for failure to implement some basic security measures which resulted in the 2016 Uber data breach.…
Continue Reading
CNIL Launches Public Consultation on Draft Standards on Data Processing for Managing Business Activities and Unpaid Invoices
Posted on
Posted in European Union, International
On November 29, 2018, the French Data Protection Authority launched an online public consultation on two new CNIL draft standards concerning the processing of personal data for the purposes of managing business activities and unpaid invoices.…
Continue Reading
CNIL Publishes DPIA Guidelines and List of Processing Operations Subject to DPIA
Posted on
Posted in European Union, Information Security
On November 6, 2018, the French Data Protection Authority published its own guidelines on data protection impact assessments and a list of processing operations that require a data protection impact assessment.…
Continue Reading