Free tools and resources for Data Protection Officers!

Tag Archives for " CNIL "

Year 1 of GDPR: Over 200,000 cases reported, firms fined €56 meeelli… Oh, that’s mostly Google

European data protection agencies have issued fines totalling €56m for GDPR breaches since it was enforced last May, from more than 200,000 reported cases – but watchdogs have said they’re just warming up. However, almost all of it comes from French data watchdog CNIL’s €50m fine for Google.

One thing that did change immediately under GDPR, if not the fines, was the number of incident reports. This was particularly so for companies turning themselves in over data breaches. In the first nine months, there were 206,326 cases reported under the new law from the supervisory authorities in the 31 countries in the European Economic Area.

Source: Year 1 of GDPR: Over 200,000 cases reported, firms fined €56 meeelli… Oh, that’s mostly Google • The Register

CNIL Publishes FAQs to Prepare for a No-Deal Brexit

On February 20, 2019, the French data protection authority published a set of questions and answers to specify the CNIL’s recommendations and steps that organizations should take to prepare for a no-deal Brexit.

Source: CNIL Publishes FAQs to Prepare for a No-Deal Brexit | Privacy & Information Security Law Blog

What happened to the one-stop shop?

At the time of the adoption of the EU General Data Protection Regulation, the European Commission touted as the benefit for companies that the GDPR would bring a one-stop-shop enforcement mechanism, whereby in respect of controllers or processors with more establishments in the EU, the supervisory authority of the “main establishment” of such controller or processor in the EU will serve as the “lead SA” in respect of its “cross-border processing” activities.

In the first landmark enforcement decision under the GDPR, the CNIL fined Google 50 million euros, despite the fact that the complaints concerned cross-border processing in the EU, which calls for one-stop shop enforcement.

Full article: What happened to the one-stop shop?

Data location vendor worked with GDPR regulator on data consent model, yielding 70% opt-in rates

Last August French privacy regulator CNIL cited two French location-intelligence companies (Fidzup and Teemo) as non-compliant with GDPR consent rules (as well as French privacy law).

Teemo then worked cooperatively with CNIL to develop specific consent language around third-party use of location data. Surprisingly, but the opt-in rates were 70%. Teemo says that transparency gives consumers a sense of control and they respond positively as a result.

Source: Data location vendor worked with GDPR regulator on data consent model, yielding 70% opt-in rates – MarTech Today

Learning from Google’s record-setting GDPR fine

With the French Data Protection Authority (CNIL) disclosing on January 21 st a 50 million euro fine against Google LLC, we now have a precedent against which to evaluate the impact and reach of GDPR enforcement.

This is significant as, with this precedent, we can determine some of the factors a Data Protection Authority (DPA) will use in assessing the extent of a given violation.

Full article: Learning from Google’s record-setting GDPR fine

Google fined €50 million in France for GDPR breach about consent

France’s Data Protection Authority, the CNIL, has today announced a 50 million euro fine on Google LLC for lack of transparency, inadequate information and lack of valid consent regarding the personalisation of advertisements.

The case was initiated by two associations, None Of Your Business (“NOYB”) and La Quadrature du Net (“LQDN”). LQDN was supported by 10 000 people to refer the matter to the CNIL. The CNIL says that the GDPR “one-stop-shop mechanism” was not applicable as the DPAs consider that Google did not have one main establishment in the European Union.

Source: Google fined €50 million in France for GDPR breach about consent – Privacy Laws & Business

CNIL Fines French Telecom Operator for Data Security Failure

On December 27, 2018, the French Data Protection Authority (the “CNIL”) announced that it imposed a fine of €250,000 on French telecom operator Bouygues Telecom for failing to protect the personal data of the customers of its mobile package B&YOU.

Full article: CNIL Fines French Telecom Operator for Data Security Failure

CNIL Publishes Guidance on Data Sharing with Business Partners or Data Brokers

On December 28, 2018, the French Data Protection Authority (the “CNIL”) published guidance regarding the conditions to be met by organizations in order to lawfully share personal data with business partners or other third parties, such as data brokers.

Full article: CNIL Publishes Guidance on Data Sharing with Business Partners or Data Brokers

Targeted advertising targeted by the French DPA

Since the General Data Protection Regulation (GDPR) came into force in May 2018, the CNIL has issued four public formal notices against Fidzup, Singlespot, Teemo and recently against Vectaury, all of whom are involved in the advertising business.

The CNIL’s formal notices come at a time when the advertising sector is still debating the alternative between “consent” and the controller’s ”legitimate interest” as a legal basis to process personal data for the purpose of targeting advertising. In the above-mentioned cases, the concerned intermediaries were extensively collecting location data from users’ smartphones and combining them with other sets of data, which requires consent under the GDPR.

Full article: Targeted advertising targeted by the French DPA

Uber fined €400,000 in France over data breach

Uber in France has been hit with a €400,000 fine by the country’s data protection watchdog in response to a major data breach the company experienced in 2016.

The Commission Nationale de l’information et des Liberties (CNIL) said 1.4 million customers of Uber France SAS were impacted by the breach and said it could have been prevented if the company had implemented “basic security measures”.

Full article: Uber fined €400,000 in France over data breach

1 2 3 6
>