On September 25, 2018, the French Data Protection Authority (the “CNIL”) published the first results of its factual assessment of the implementation of the EU General Data Protection Regulation (GDPR) in France and in Europe. When making this assessment, the CNIL first recalled the current status of the French legal framework, and provided key figures on the implementation of the GDPR from the perspective of privacy experts, private individuals and EU supervisory authorities. The CNIL then announced that it will adopt new GDPR tools in the near future. Read the full factual assessment (in French). Continue Reading CNIL Publishes Initial Assessment of GDPR Implementation
On July 19, 2018, the French Data Protection Authority (“CNIL”) announced that it served a formal notice to two advertising startups headquartered in France, FIDZUP and TEEMO. Both companies collect personal data from mobile phones via software development kit (“SDK”) tools integrated into the code of their partners’ mobile apps—even when the apps are not in use—and process the data to conduct marketing campaigns on mobile phones. Continue Reading CNIL Serves Formal Notice to Marketing Companies to Obtain User’s Consent for Processing Geolocation Data for Ad Targeting
On October 17, 2017, the French Data Protection Authority (“CNIL”), after a consultation with multiple industry participants that was launched on March 23, 2016, published its compliance pack on connected vehicles (the “Pack”) in line with its report of October 3, 2016. The Pack applies to connected vehicles for private use only (not to Intelligent Transport Systems), and describes the main principles data controllers must adhere to under both the current French legislation and the EU General Data Protection Regulation (“GDPR”). Continue Reading French DPA Publishes a Compliance Pack Regarding Connected Vehicles
The Centre for Information Policy Leadership at Hunton & Williams LLP (“CIPL”) recently submitted responses to the Irish Data Protection Commissioner (IDPC Response) and the CNIL (CNIL Response) on their public consultations, seeking views on transparency and international data transfers under the EU General Data Protection Regulation (“GDPR”).
The responses address a variety of questions posed by both data protection authorities (“DPAs”) and aim to provide insight on and highlight issues surrounding transparency and international transfers. Continue Reading CIPL Responds to CNIL and Irish DPC on Transparency and Data Transfers under the GDPR
On September 29, 2017 the French Data Protection Authority (CNIL) published a guide for data processors to implement the new obligations set by the EU General Data Protection Regulation (“GDPR”). The guidance addresses the extended scope of the GDPR and the new and direct obligations data processors will have when the GDPR comes into force on May 25, 2018. The guidance elaborates a three-step checklist for data processors: Continue Reading CNIL Publishes GDPR Guidance for Data Processors
On September 20, 2017, the French Data Protection Authority (CNIL) announced that it has updated two standards on privacy seals in order to take into account the requirements of the EU General Data Protection Regulation (“GDPR”).
Recently, the fourth edition of the book, The International Comparative Legal Guide to: Data Protection 2017, was published by the Global Legal Group. Hunton & Williams’ Global Privacy and Cybersecurity lawyers prepared several chapters in the guide, including the opening chapter on “All Change for Data Protection: The European Data Protection Regulation,” co-authored by London partner Bridget Treacy and associate Anita Bapat. Several other global privacy and cybersecurity team members also prepared chapters in the guide, including David Dumont (Belgium), Claire François (France), Judy Li (China), Manuel E. Maisog (China), Wim Nauwelaerts (Belgium), Anna Pateraki (Germany), Aaron P. Simpson (United States), Adam Smith (United Kingdom) and Jenna Rode (United States). Continue Reading Hunton Privacy Team Publishes Several Chapters in International Comparative Legal Guide to Data Protection
On July 25, 2017, the French Data Protection Authority (“CNIL”) published their decision on the adoption of several amendments to its Single Authorization AU-004 regarding the processing of personal data in the context of whistleblowing schemes (the “Single Authorization”). The amendments reflect changes introduced by French law on December 9, 2016, regarding transparency, the fight against corruption and the modernization of the economy, also known as the “Sapin II Law.” Continue Reading CNIL Extends Scope of Authorization on Whistleblowing Schemes
On July 27, 2017, the French Data Protection Authority (“CNIL”) imposed a fine of €40,000 on a French affiliate of the rental car company, The Hertz Corporation, for failure to ensure the security of website users’ personal data. Continue Reading CNIL Fines Rental Car Company for Data Security Failure Attributable to Third-Party Service Provider