fbpx

Download free GDPR compliance checklist!

Tag Archives for " CNIL "

France fines Google $120M and Amazon $42M for dropping tracking cookies without consent

France’s data protection agency, the CNIL, has slapped Google and Amazon with fines for dropping tracking cookies without consent.

Google has been hit with a total of €100 million ($120 million) for dropping cookies on Google.fr and Amazon €35 million (~$42 million) for doing so on the Amazon .fr domain under the penalty notices issued on December 10.

The regulator carried out investigations of the websites over the past year and found tracking cookies were automatically dropped when a user visited the domains in breach of the country’s Data Protection Act.

Source: France fines Google $120M and Amazon $42M for dropping tracking cookies without consent

French food retail giant Carrefour fined €3m for GDPR breaches

The French multinational retailer Carrefour has been fined €3m for multiple data protection failings.

Data protection agency CNIL has fined two companies of the Carrefour Group for breaches of GDPR in several areas, including the obligation to inform individuals, use of cookies, limiting the retention of data, the obligation to facilitate the exercise of rights and failure to respect rights.

Source: French food retail giant Carrefour fined €3m for GDPR breaches

French Supervisory Authority Releases Strict Guidance on the Use of Facial Recognition Technology at Airports

On October 9, 2020, the French Supervisory Authority (CNIL) issued guidance on the use of facial recognition technology for identity checks at airports.

The CNIL indicates that it has issued this guidance in response to a request from several operators and service providers of airports in France who are planning to deploy this technology on an experimental basis. In this blog post, we summarize the main principles that the CNIL says airports should observe when deploying biometric technology.

Source: French Supervisory Authority Releases Strict Guidance on the Use of Facial Recognition Technology at Airports | Inside Privacy

France’s Health Data Hub to move to European cloud infrastructure to avoid EU-US data transfers

France’s data regulator CNIL has issued some recommendations for French services that handle health data, as Mediapart first reported.

Those recommendations follow a landmark ruling by Europe’s top court in July. The ruling, dubbed Schrems II, struck down the EU-U.S. Data Privacy Shield. Under the Privacy Shield, companies could outsource data processing from the EU to the U.S. in bulk. Due to concerns over U.S. surveillance laws, that mechanism is no longer allowed.

The CNIL is going one step further by saying that services and companies that handle health data should also avoid doing business with American companies — it’s not just about processing European data in Europe. Once again, this is all about avoiding falling under U.S. regulation and rulings.

Source: France’s Health Data Hub to move to European cloud infrastructure to avoid EU-US data transfers | TechCrunch

French Supervisory Authority Publishes Final Version of Cookie Guidelines

On October 1, 2020, the French Supervisory Authority (CNIL) published the final version of its Guidelines on cookies and other tracking technologies, as well as an adjoining set of best practice recommendations with examples on how to implement the guidelines.

The new version of the guidelines takes into account contributions submitted by various stakeholders during the public consultation period for both documents, as well as a recent decision of the French Council of State regarding a prior version of the guidelines.

Source: French Supervisory Authority Publishes Final Version of Cookie Guidelines, Says It Will Start Enforcing Them in April 2021

CNIL issues new guidance on data retention

The French Supervisory Authority CNIL in July has issued new updated guidelines on data retention.

These Guidelines aim at providing practical tools to help defining the relevant rules to organize data retention and accordingly the retention period applicable for each step of the personal data processing life cycle so that the personal data are not kept indefinitely.

Source: FRANCE: NEW GUIDANCE FOR DATA RETENTION

CNIL Adopts Its First Sanction as Lead Supervisory Authority

French Data Protection Authority (CNIL) has levied a fine of €250,000 on French online shoe retailer, Spartoo, for various infringements of the EU General Data Protection Regulation (GDPR). This is the first penalty under the GDPR enforced by the CNIL as the lead supervisory authority (Lead SA) in cooperation with other EU supervisory authorities.

The CNIL’s investigation focused on the processing of personal data of Spartoo’s existing and prospective customers, and on the recording of telephone conversations between customers and Spartoo’s customer service. The investigation revealed several infringements of the GDPR, including (1) absence of a defined data retention period(s), (2) no regular erasure of existing and prospective customer personal data, and (3) improper acceptance of weak passwords for online customer accounts.

Source: CNIL Adopts Its First Sanction as Lead Supervisory Authority, Fining French Online Shoe Retailer

The CNIL Can’t Legally Forbid Cookie Walls Under GDPR

France’s highest administrative court has ruled that the country’s data protection authority, the CNIL, does not have the right to ban cookie walls.

The Conseil d’État, a division of the French government that serves as its supreme court of administrative justice, issued a ruling on Friday in response to litigation initiated last year by French trade organizations.

Source: The CNIL Can’t Legally Forbid Cookie Walls Under GDPR | AdExchanger

Google Loses Its Appeal On 50 Million Euro GDPR Fine

Google lost on appeal of 50 million euro fine levied against Google in January 2019 for GDPR breaches.

On Friday, the Conseil d’État, a division of the French government that serves as the supreme court of administrative justice, sided with France’s data protection authority, the CNIL, which levied the fine against Google.

Source: Google Loses Its Appeal On 50 Million Euro GDPR Fine | AdExchanger

French Court Bans the Use of Drone Surveillance to Enforce Covid-19 Lockdown

The Conseil d’État, France’s highest administrative court, issued a decision banning French authorities from using drone surveillance to track individuals violating social distancing rules.

The Court cited privacy issues with drone surveillance and stated that drone surveillance by police would be banned until technology is added to prevent the filming and identification of individuals or approval was given by France’s privacy regulator, the Commission nationale de l’informatique et des libertés (CNIL).

Source: French Court Bans the Use of Drone Surveillance to Enforce Covid-19 Lockdown

1 2 3 8
>