fbpx

Download free GDPR compliance checklist!

Tag Archives for " CNIL "

CNIL issues new guidance on data retention

The French Supervisory Authority CNIL in July has issued new updated guidelines on data retention.

These Guidelines aim at providing practical tools to help defining the relevant rules to organize data retention and accordingly the retention period applicable for each step of the personal data processing life cycle so that the personal data are not kept indefinitely.

Source: FRANCE: NEW GUIDANCE FOR DATA RETENTION

CNIL Adopts Its First Sanction as Lead Supervisory Authority

French Data Protection Authority (CNIL) has levied a fine of €250,000 on French online shoe retailer, Spartoo, for various infringements of the EU General Data Protection Regulation (GDPR). This is the first penalty under the GDPR enforced by the CNIL as the lead supervisory authority (Lead SA) in cooperation with other EU supervisory authorities.

The CNIL’s investigation focused on the processing of personal data of Spartoo’s existing and prospective customers, and on the recording of telephone conversations between customers and Spartoo’s customer service. The investigation revealed several infringements of the GDPR, including (1) absence of a defined data retention period(s), (2) no regular erasure of existing and prospective customer personal data, and (3) improper acceptance of weak passwords for online customer accounts.

Source: CNIL Adopts Its First Sanction as Lead Supervisory Authority, Fining French Online Shoe Retailer

The CNIL Can’t Legally Forbid Cookie Walls Under GDPR

France’s highest administrative court has ruled that the country’s data protection authority, the CNIL, does not have the right to ban cookie walls.

The Conseil d’État, a division of the French government that serves as its supreme court of administrative justice, issued a ruling on Friday in response to litigation initiated last year by French trade organizations.

Source: The CNIL Can’t Legally Forbid Cookie Walls Under GDPR | AdExchanger

Google Loses Its Appeal On 50 Million Euro GDPR Fine

Google lost on appeal of 50 million euro fine levied against Google in January 2019 for GDPR breaches.

On Friday, the Conseil d’État, a division of the French government that serves as the supreme court of administrative justice, sided with France’s data protection authority, the CNIL, which levied the fine against Google.

Source: Google Loses Its Appeal On 50 Million Euro GDPR Fine | AdExchanger

French Court Bans the Use of Drone Surveillance to Enforce Covid-19 Lockdown

The Conseil d’État, France’s highest administrative court, issued a decision banning French authorities from using drone surveillance to track individuals violating social distancing rules.

The Court cited privacy issues with drone surveillance and stated that drone surveillance by police would be banned until technology is added to prevent the filming and identification of individuals or approval was given by France’s privacy regulator, the Commission nationale de l’informatique et des libertés (CNIL).

Source: French Court Bans the Use of Drone Surveillance to Enforce Covid-19 Lockdown

CNIL Updates Data Protection Guidance for Employers in the Context of Lifting COVID-19 Containment Measures

On May 7, 2020, the French Data Protection Authority updated its previous guidance for employers relating to the processing of employee and visitor personal data in the context of the COVID-19 outbreak, in particular, in the context of lifting containment measures.

Some employers may consider implementing systematic body temperature checks at the entrance to their premises. Similarly, employers may wish to assess employees’ exposure to the virus or their health statuses when they return to work. The Updated Guidance analyzes some of these practices and outlines the principles applicable to data processing activities.

Source: CNIL Updates Data Protection Guidance for Employers in the Context of Lifting COVID-19 Containment Measures | Privacy & Information Security Law Blog

Privacy watchdog approves French Covid-19 contact tracing app

France’s privacy watchdog CNIL on April 26 gave a conditional green light to a government-backed scheme to monitor people infected with coronavirus.

The issue of how to keep tabs on sufferers has sparked privacy concerns in several countries but the CNIL gave the nod to the StopCovid scheme subject to civil liberty guarantees and regular oversight.

The French device will, if the country is to begin a gradual emergence from lockdown on May 11, enable creation of an index of sufferers via a smartphone app along the lines of a model touted notably by Singapore.

The idea is to send an alert to those who have downloaded the app if they come into close proximity, for example, on public transport, with those who have tested positive for the new coronavirus and who are on the app register.

Source: Covid-19: Privacy watchdog approves French contact tracing app | The Star Online

CNIL’s New Guidelines on HR Processing

The French Data Protection Authority (CNIL) has recently released new guidelines regarding human resources processing operations.

When the GDPR became effective, the CNIL’s previous set of HR Data guidelines became out of date as they did not incorporate the new law’s requirements ( e.g. obligations relating to records of processing activities and Data Protection Impact Assessments).

The new guidelines include a comprehensive grid of applicable legal bases for processing related to each standard HR purpose, including: compliance with a legal obligation, performance of a contract or steps taken prior to entering into a contract, legitimate interests, or tasks performed in the public interest or in the exercise of official authority vested in the controller.

Source: CNIL’s New Guidelines on HR Processing

CNIL Unveils 2020 Inspection Strategy and Announces Cookie Investigations

On March 12, 2020, the French Data Protection Authority (the “CNIL”) released its annual inspection strategy for 2020.

The CNIL carries out approximately 300 inspections every year. These inspections are initiated (1) following complaints lodged with the CNIL; (2) in light of current topics in the news; (3) after the CNIL has adopted corrective measures ( e.g. , formal notices, sanctions) in order to verify whether the organization in question adopted the measures or remedied the situation; and (4) as part of the CNIL’s annual inspection strategy.

Source: CNIL Unveils 2020 Inspection Strategy and Announces Cookie Investigations

Adtech giant Criteo is being investigated by France’s data watchdog

Adtech giant Criteo is under investigation by the French data protection watchdog, the CNIL, following a complaint filed by privacy rights campaign group Privacy International.

Privacy International has been campaigning for more than a year for European data protection agencies to investigate several adtech players and data brokers involved in programmatic advertising.

Source: Adtech giant Criteo is being investigated by France’s data watchdog | TechCrunch

1 2 3 8
>