fbpx

Download free GDPR compliance checklist!

Tag Archives for " CNIL "

CNIL Unveils 2020 Inspection Strategy and Announces Cookie Investigations

On March 12, 2020, the French Data Protection Authority (the “CNIL”) released its annual inspection strategy for 2020.

The CNIL carries out approximately 300 inspections every year. These inspections are initiated (1) following complaints lodged with the CNIL; (2) in light of current topics in the news; (3) after the CNIL has adopted corrective measures ( e.g. , formal notices, sanctions) in order to verify whether the organization in question adopted the measures or remedied the situation; and (4) as part of the CNIL’s annual inspection strategy.

Source: CNIL Unveils 2020 Inspection Strategy and Announces Cookie Investigations

Adtech giant Criteo is being investigated by France’s data watchdog

Adtech giant Criteo is under investigation by the French data protection watchdog, the CNIL, following a complaint filed by privacy rights campaign group Privacy International.

Privacy International has been campaigning for more than a year for European data protection agencies to investigate several adtech players and data brokers involved in programmatic advertising.

Source: Adtech giant Criteo is being investigated by France’s data watchdog | TechCrunch

CNIL launches a public consultation on its draft recommendation on “cookies and other trackers”

On 4 July 2019, the CNIL published guidelines on the application of Article 82 of the French Data Protection Act. This article governs actions aiming at storing or gaining access to information already stored in the terminal of a user, i.e. in particular the use of cookies or other trackers when a user visits a website.

The CNIL conducted a consultation during the fall of 2019, in order to prepare a draft recommendation proposing operational procedures for obtaining consent. This draft is now subject to public consultation until 25 February, with a view to preparing the final version of the recommendation.

Source: CNIL launches a public consultation on its draft recommendation on “cookies and other trackers”

Max Schrems Files GDPR Complaints with French DPA on Cookie Use

European privacy advocacy group None of your business (NOYB)—led by Max Schrems—announced it had filed three formal complaints with the French data protection authority (CNIL) against three French websites for  sending digital signals to tracking companies claiming that users had agreed to be tracked online, despite the same users rejecting such cookies.

Despite users going through the trouble of “rejecting” countless cookies on the French eCommerce page CDiscount, the movie guide Allocine.fr and the fashion magazine Vanity Fair, these webpages have sent digital signals to tracking companies claiming that users have agreed to being tracked online.

Source: Say “NO” to cookies – yet see your privacy crumble? | noyb.eu

French Supervisory Authority publishes guidance on facial recognition

On November 15, 2019, the French Supervisory Authority (CNIL) published guidance on the use of facial recognition. The guidance is primarily directed at public authorities in France that want to experiment with facial recognition.

The guidance warns that this technology risks leading to biased results and sets out three general requirements for deploying facial recognition on an experimental basis.

First, facial recognition can only be used if there is an established need to implement an authentication mechanism that ensures a high level of reliability, and there are no other less intrusive means that would be appropriate. Second, the experimental use of facial recognition must respect the rights of individuals. Third, the use of facial recognition on an experimental basis must have a precise timeline and be based on a rigorous methodology setting out the objectives pursued and the criteria for success.

Source: French Supervisory Authority publishes guidance on facial recognition

Cookies and other tracking devices: the CNIL publishes new guidelines

Without waiting for the future ePrivacy regulation, which is currently under discussion at the European level and which is not likely to come into force in the short term, the CNIL has decided to update its reference framework. In particular, it was necessary to repeal the 2013 recommendation, which was not compatible with the new provisions of the GDPR.

Full article: Cookies and other tracking devices: the CNIL publishes new guidelines

Données & Design: a platform to bring designers together on the topic of GDPR

Données & Design is a platform, created by French data protection authority CNIL, seeking to create spaces for collaboration and discussion for designers to build together user journeys respectful of privacy.

The platform aims at efficiently integrating those considerations in the daily work of designers in order to help them argue their choices and collaborate more effectively on data protection issues with privacy professionals and other members of a project team (DPO, product owner, projects manager…). The platform provides contents explaining and illustrating points of regulation on which designers can intervene.

Source: Données & Design: a platform to bring designers together on the topic of GDPR

CNIL issues fine of 20,000 euros against a small company in France regardin videosurveillance

The French data protection authority, the CNIL, announced on 18th June 2019 that it has issued a 20,000 euros fine against Uniontrad Company, a small company (9 employees) based in France and specialized in translations, for “excessive videosurveillance”.

According to the CNIL, employees of the company had filed complaints with the CNIL between 2013 and 2017 over the filming. In February 2018, the CNIL conducted an investigation at the company’s offices and found that a camera was continuously recording the staff’s activities at their work station, without sufficient information being provided to the staff.

Source: Videosurveillance: CNIL issues fine of 20,000 euros against a small company in France

CNIL Fines French Real Estate Service Provider for Data Security and Retention Failures

On June 6, 2019, the French Data Protection Authority (the “CNIL”) announced that it levied a fine of €400,000 on SERGIC, a French real estate service provider, for failure to (1) implement appropriate security measures and (2) define data retention periods for the personal data of unsuccessful rental candidates.

Source: CNIL Fines French Real Estate Service Provider for Data Security and Retention Failures

CNIL releases its 2018 annual report and announces its next challenges for 2019

On April 15 2019, the French Data Protection Authority (the “CNIL”) released its 2018 Annual Report.

In 2018 the CNIL:

  • received more than 11,000 data subjects’ complaints, which represents an increase of 32% as compared to 2017.
  • sought to provide professionals with guidelines and documentation and took into account the need for legal certainty in a context of increased sanctions and the demand for greater simplification for smaller businesses.
  • conducted 204 on-site inspections (including 20 on-site inspections of CCTV devices); 51 online inspections; 51 controls on a document production basis, and 4 hearings.
  • of the 310 controls carried out, only 11 sanctions were adopted by the Restricted Committee.

Source: CNIL releases its 2018 annual report and announces its next challenges for 2019 – Privacy, Security and Information Law Fieldfisher

1 2 3 7
>