On April 11, 2019, the French Data Protection Authority launched an online public consultation regarding two new CNIL draft standards concerning the processing of personal data for (1) core HR management purposes and (2) the operation of a whistleblowing hotline.
Continue Reading CNIL Launches Public Consultation on Draft Standards on HR Data Processing and Whistleblowing Hotlines

On July 25, 2017, the French Data Protection Authority published their decision on the adoption of several amendments to its Single Authorization AU-004 regarding the processing of personal data in the context of whistleblowing schemes. The amendments reflect changes introduced by French law on December 9, 2016, regarding transparency, the fight against corruption and the modernization of the economy.
Continue Reading CNIL Extends Scope of Authorization on Whistleblowing Schemes

On June 28, 2013, the Swiss Federal Data Protection and Information Commissioner issued its annual report highlighting activities during the period from April 2012 to March 2013. This blog post provides an overview of information from the report that is relevant for international businesses with operations in Switzerland.
Continue Reading Swiss DPA Issues Its 20th Annual Report

On September 23, 2011, a French Labor Court in Caen suspended a whistleblower program implemented by a U.S. company’s French affiliate despite the fact that the French Data Protection Authority had inspected and approved the program prior to implementation.
Continue Reading French Appeals Court Suspends U.S. Company’s Whistleblower Program

On October 14, 2010, the CNIL adopted several amendments to its authorization regarding the use of whistleblowing schemes, extending it to cover the prevention of anti-competitive practices and compliance with Japanese Financial Instrument and Exchange Act.

Continue Reading French Data Protection Authority Revises Authorization on Whistleblowing Schemes

On December 2, 2008, the European Court of Human Rights (ECHR) ruled in K.U. v. Finland that Article 8 of the European Convention on Human Rights requires national laws to protect individuals from serious online privacy infringements, but also that the national legal framework must allow for the identification and prosecution of offenders. This case

On December 5, 2008, the Austrian data protection authority ("DPA") issued its first decision on the implementation of a whistleblowing hotline as required by the Sarbanes-Oxley Act ("SOX"), to be administered by the Austrian subsidiary of a U.S.-based company. The DPA partly approved the data transfers from the Austrian entity to the U.S. entity for