Tag Archives for " CNIL "

CNIL Publishes Initial Assessment on Blockchain and GDPR

Recently, the French Data Protection Authority (“CNIL”) published its initial assessment of the compatibility of blockchain technology with the EU General Data Protection Regulation (GDPR) and proposed concrete solutions for organizations wishing to use blockchain technology when implementing data processing activities.

Full article: CNIL Publishes Initial Assessment on Blockchain and GDPR

Data privacy complaints skyrocket in France in GDPR era

France’s CNIL data protection agency has revealed a marked increase in the numbers of data privacy complaints being made on the other side of the channel since the EU’s new data laws kicked in at the start of the summer. Organisations have long been preparing for the General Data Protection Regulation (GDPR), the arrival of which made headlines not least for the eye-boggling financial penalties with which the laws can hit businesses, should malpractice come to the attention of the regulator.

Source: Data privacy complaints skyrocket in France in GDPR era

French DPA Publishes Initial Assessment of GDPR Implementation

On September 25, 2018, the French Data Protection Authority (the “CNIL”) published the first results of its factual assessment of the implementation of the EU General Data Protection Regulation (GDPR) in France and in Europe. When making this assessment, the CNIL first recalled the current status of the French legal framework, and provided key figures on the implementation of the GDPR from the perspective of privacy experts, private individuals and EU supervisory authorities.

Source: CNIL Publishes Initial Assessment of GDPR Implementation

Two French location data companies receive GDPR consent warnings

The French privacy regulator CNIL recently issued official notices to two French data companies: Fidzup and Teemo. CNIL said that both companies were non-compliant with consumer consent rules under the General Data Protection Regulation (GDPR) and French privacy law.

Both are location intelligence vendors that work with retailers and brands on online-to-offline advertising and measurement. Both companies have SDKs that help them collect persistent location data from partner apps. App publishers are paid for their location data (and other data) by companies such as Fidzup and Teemo. This is a common model in the US market and outside the US, as in this case.

Source: Two French location data companies receive GDPR consent warnings – MarTech Today

CNIL goes after smaller firms on GDPR compliance

Google and Facebook may have bullseyes on their backs in Europe, but it’s two mid-sized French startups that received the first warning shots from the General Data Protection Regulation (GDPR) – and that shouldn’t be surprising.

Source: Forget The Duopoly (For Now). It’s The Little Guys Taking Heat On GDPR | AdExchanger

CNIL Serves Formal Notice to Marketing Companies to Obtain User’s Consent for Ad Targeting

On July 19, 2018, the French Data Protection Authority (“CNIL”) announced that it served a formal notice to two advertising startups headquartered in France, FIDZUP and TEEMO. Both companies collect personal data from mobile phones via software development kit (“SDK”) tools integrated into the code of their partners’ mobile apps — even when the apps are not in use — and process the data to conduct marketing campaigns on mobile phones.

Source: CNIL Serves Formal Notice to Marketing Companies to Obtain User’s Consent for Processing Geolocation Data for Ad Targeting

French website publisher fined for violation of the cookie requirements

The French Council of State affirmed the EUR 25,000 fine imposed by the CNIL on Editions Croque Futur (challenges.fr) for non-compliance with French data protection law, and in particular cookie requirements.

This decision is particularly interesting in that it clarifies that browser settings are not always a valid means of consent to cookies, while many cookies policies out there still refer to such browser settings as the only way to control cookies.

Source: FRANCE: Website publisher fined for violation of the cookie requirements

CNIL updates its PIA tool

French data protection authority CNIl has updated its PIA software to make the privacy impact assessment more practical and to foster collaboration between stakeholders.

The new features cover mainly the creation of the PIA report and on the tool’s workflow:

  • it is now possible to filter the information to be shown in the report;
  • the PIA’s visual elements (risk overview, risk mapping, action plan overview) are now visible on the report page and available for download;
  • the action plan can be downloaded in csv format in order to easily follow up on its implementation and/or to include it in existing internal project management processes;
  • several improvements were made to the workflow and contextual information was enhanced, in order to clarify the PIA steps.

Source: May 2018 updates for the PIA tool

CNIL issues guidelines to companies for GDPR compliance

The General Data Protection Regulation (GDPR) will come into effect on May 25th, and companies are expected to start implementing measures for compliance with the new data protection rules. In this context, the French data protection authority (CNIL) has recently published guidelines exposing its strategy on how it expects companies to comply with the GDPR.

Source: CNIL issues guidelines to companies for GDPR compliance

>