Tag Archives for " France "

New guide regarding security of personal data from French DPA

The GDPR provides in Article 32 that “the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk”.

But it is sometimes difficult, when one is not familiar with risk management methodologies, to implement this approach and to ensure that the minimum has been done. To help professionals in their compliance, the CNIL publishes a guide reminding the basic precautions to be implemented systematically.

Source: A new guide regarding security of personal data | CNIL

Is France misusing secretive database in hunt for security threats?

France has flagged more than 78,000 people as security threats in a database intended to let European police share information on the continent’s most dangerous residents — more than all other European countries put together — according to an analysis by The Associated Press.

A German parliamentarian, Andrej Hunko, was the first to raise the alarm about potential misuse of the Schengen Information System database in a question to his country’s Interior Ministry about “discreet checks” — secret international checks on people considered a threat to national security or public safety. He questioned whether and why different countries seemed to apply very different criteria.

Source: ‘Discreet checks’: Is France misusing secretive database in hunt for security threats? | CTV News

CNIL’s notice on collection of smart meters data shows likely approach of DPAs post-GDPR

The French data protection authority (‘CNIL’) announced, on 27 March 2018, that it had issued a formal notice to DIRECT ENERGIE, Société Anonyme, for failing to obtain consent for the collection of customer usage data from its Linky smart meters, and ordered it to collect valid consent for the processing, including from those whose data has already been processed, within three months of receiving of the notice.

Source: France: CNIL notice to DIRECT ENERGIE on collection of smart meters data “indication of likely approach of DPAs post-GDPR”

French businesses urged to have compliance plan for GDPR

Businesses operating in France will need to have a compliance plan in place if they want to avoid potential sanctions for breaches of the EU’s General Data Protection Regulation (GDPR).

Commission Nationale de l’information et des Liberties (CNIL), the French data protection authority, would be likely to consider the steps businesses were taking towards compliance in determining whether to take enforcement action once the GDPR begins to apply. This is because most businesses in France are unlikely to be fully compliant with the GDPR by 25 May this year, the date on which the new Regulation takes effect, she said. Richard said it was welcome that the CNIL had recognised this fact in a recent statement.

Source: French businesses urged to have compliance plan for GDPR

CNIL flexible on enforcement of new obligations for first months of GDPR regime

France’s Data Protection Authority, the CNIL, announced last month that in the first months of implementation of the GDPR, it may not sanction beaches of new obligations or rights resulting from the GDPR, such as the right to data portability and impact assessments.

This period of grace, however, requires that the organisations are engaged in the compliance process, are of ‘good faith’ and cooperate with the CNIL. However, if the CNIL detects breaches of well-established data protection principles, it will act immediately.

Source: CNIL flexible on enforcement of new obligations for first months of GDPR regime – Privacy Laws & Business

ePrivacy slowed down? Analysis of French advisory document.

ePrivacy is a regulation aiming to further protect privacy in electronic communication. Think of it as a specialized GDPR. Indeed, ePrivacy is to have a precedence over GDPR in some respects. Read more on the topic in my previous posts here: ePrivacy official proposal my input during Roundtables in EU Parliament description of a final report (adopted).

Draft ePrivacy proposal of European Commission has been published over a year ago. In October, European Parliament has passed their version, which notably contained some ground-breaking recommendations: end-to-end encryption, banning of backdoors, signals such as Do Not Track as being binding, and more. Now EU Council is struggling to reach its own. Some countries already have specific positions. Here keep in mind that in European Parliament, ePrivacy was a question of rights and freedoms (to simplify: privacy). But the EU Council, ePrivacy is at the hands of a group devoted to telecommunication (so not quite privacy or data protection). So the focus is different, so are the people working on it.

Source: ePrivacy slowed down? Analysis of French advisory document

French DPA takes pragmatic approach to GDPR enforcement

The French data protection authority (‘CNIL’) published, on 19 February 2018, a press release outlining its approach in terms of enforcing compliance with the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) from 25 May 2018.

Source: France: CNIL takes ”very pragmatic approach” to GDPR enforcement

Highlights of the French cybersecurity strategy

Many countries currently discuss cybersecurity on multiple levels. France is not an exception. The new REVUE STRATÉGIQUE DE CYBERDÉFENSE ( Strategic Review of Cyberdefence ) is a complex, coherent and strategic document listing the many actions that France has already taken, as well as those ahead.

Source: Highlights of the French cybersecurity strategy

French DPA publishes guidelines on connected vehicles

The compliance package has been elaborated in consultation with stakeholders from the automobile sector, businesses in the insurance and telecoms sectors, as well as public authorities, in order to constitute a sectorial reference framework and to ensure that car users enjoy transparency and control in relation to their data.

Source: Connected vehicles: a compliance package for a responsible use of data

1 2 3 4