Tag Archives for " CNIL "

French website publisher fined for violation of the cookie requirements

The French Council of State affirmed the EUR 25,000 fine imposed by the CNIL on Editions Croque Futur (challenges.fr) for non-compliance with French data protection law, and in particular cookie requirements.

This decision is particularly interesting in that it clarifies that browser settings are not always a valid means of consent to cookies, while many cookies policies out there still refer to such browser settings as the only way to control cookies.

Source: FRANCE: Website publisher fined for violation of the cookie requirements

CNIL updates its PIA tool

French data protection authority CNIl has updated its PIA software to make the privacy impact assessment more practical and to foster collaboration between stakeholders.

The new features cover mainly the creation of the PIA report and on the tool’s workflow:

  • it is now possible to filter the information to be shown in the report;
  • the PIA’s visual elements (risk overview, risk mapping, action plan overview) are now visible on the report page and available for download;
  • the action plan can be downloaded in csv format in order to easily follow up on its implementation and/or to include it in existing internal project management processes;
  • several improvements were made to the workflow and contextual information was enhanced, in order to clarify the PIA steps.

Source: May 2018 updates for the PIA tool

CNIL issues guidelines to companies for GDPR compliance

The General Data Protection Regulation (GDPR) will come into effect on May 25th, and companies are expected to start implementing measures for compliance with the new data protection rules. In this context, the French data protection authority (CNIL) has recently published guidelines exposing its strategy on how it expects companies to comply with the GDPR.

Source: CNIL issues guidelines to companies for GDPR compliance

New guide regarding security of personal data from French DPA

The GDPR provides in Article 32 that “the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk”.

But it is sometimes difficult, when one is not familiar with risk management methodologies, to implement this approach and to ensure that the minimum has been done. To help professionals in their compliance, the CNIL publishes a guide reminding the basic precautions to be implemented systematically.

Source: A new guide regarding security of personal data | CNIL

CNIL’s notice on collection of smart meters data shows likely approach of DPAs post-GDPR

The French data protection authority (‘CNIL’) announced, on 27 March 2018, that it had issued a formal notice to DIRECT ENERGIE, Société Anonyme, for failing to obtain consent for the collection of customer usage data from its Linky smart meters, and ordered it to collect valid consent for the processing, including from those whose data has already been processed, within three months of receiving of the notice.

Source: France: CNIL notice to DIRECT ENERGIE on collection of smart meters data “indication of likely approach of DPAs post-GDPR”

French businesses urged to have compliance plan for GDPR

Businesses operating in France will need to have a compliance plan in place if they want to avoid potential sanctions for breaches of the EU’s General Data Protection Regulation (GDPR).

Commission Nationale de l’information et des Liberties (CNIL), the French data protection authority, would be likely to consider the steps businesses were taking towards compliance in determining whether to take enforcement action once the GDPR begins to apply. This is because most businesses in France are unlikely to be fully compliant with the GDPR by 25 May this year, the date on which the new Regulation takes effect, she said. Richard said it was welcome that the CNIL had recognised this fact in a recent statement.

Source: French businesses urged to have compliance plan for GDPR

CNIL flexible on enforcement of new obligations for first months of GDPR regime

France’s Data Protection Authority, the CNIL, announced last month that in the first months of implementation of the GDPR, it may not sanction beaches of new obligations or rights resulting from the GDPR, such as the right to data portability and impact assessments.

This period of grace, however, requires that the organisations are engaged in the compliance process, are of ‘good faith’ and cooperate with the CNIL. However, if the CNIL detects breaches of well-established data protection principles, it will act immediately.

Source: CNIL flexible on enforcement of new obligations for first months of GDPR regime – Privacy Laws & Business

French DPA takes pragmatic approach to GDPR enforcement

The French data protection authority (‘CNIL’) published, on 19 February 2018, a press release outlining its approach in terms of enforcing compliance with the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) from 25 May 2018.

Source: France: CNIL takes ”very pragmatic approach” to GDPR enforcement

French DPA publishes guidelines on connected vehicles

The compliance package has been elaborated in consultation with stakeholders from the automobile sector, businesses in the insurance and telecoms sectors, as well as public authorities, in order to constitute a sectorial reference framework and to ensure that car users enjoy transparency and control in relation to their data.

Source: Connected vehicles: a compliance package for a responsible use of data

1 2 3