fbpx

Download free GDPR compliance checklist!

Tag Archives for " France "

France’s Health Data Hub to move to European cloud infrastructure to avoid EU-US data transfers

France’s data regulator CNIL has issued some recommendations for French services that handle health data, as Mediapart first reported.

Those recommendations follow a landmark ruling by Europe’s top court in July. The ruling, dubbed Schrems II, struck down the EU-U.S. Data Privacy Shield. Under the Privacy Shield, companies could outsource data processing from the EU to the U.S. in bulk. Due to concerns over U.S. surveillance laws, that mechanism is no longer allowed.

The CNIL is going one step further by saying that services and companies that handle health data should also avoid doing business with American companies — it’s not just about processing European data in Europe. Once again, this is all about avoiding falling under U.S. regulation and rulings.

Source: France’s Health Data Hub to move to European cloud infrastructure to avoid EU-US data transfers | TechCrunch

CJEU ruling puts in danger EU-UK adequacy talks

This week, the CJEU issued a ruling that could spring a leak and potentially sink adequacy negotiations between the U.K. and EU.

CJEU ruled to restrict surveillance activities on phone and internet data by EU member states but specifically to regimes in Belgium, France and the U.K. The decision means governments have limited grounds for mass data retention unless they face a “serious threat to national security.” Additionally, access to phone and internet data, as well as the duration of that access, should be determined based on necessity.

The U.K. is chief among those affected by the court’s ruling as the clock winds down on its Brexit transition period, which is set to expire with or without an adequacy decision from the EU December 31. Doubts about an adequacy agreement already loomed, but the latest CJEU ruling further clouds a potential deal.

Source: CJEU throws wrinkle into EU-UK adequacy talks

French Supervisory Authority Publishes Final Version of Cookie Guidelines

On October 1, 2020, the French Supervisory Authority (CNIL) published the final version of its Guidelines on cookies and other tracking technologies, as well as an adjoining set of best practice recommendations with examples on how to implement the guidelines.

The new version of the guidelines takes into account contributions submitted by various stakeholders during the public consultation period for both documents, as well as a recent decision of the French Council of State regarding a prior version of the guidelines.

Source: French Supervisory Authority Publishes Final Version of Cookie Guidelines, Says It Will Start Enforcing Them in April 2021

European Police Malware Could Harvest GPS, Messages, Passwords, More

The malware that French law enforcement deployed en masse onto Encrochat devices, a large encrypted phone network using Android phones, had the capability to harvest “all data stored within the device,” and was expected to include chat messages, geolocation data, usernames, passwords, and more.

As well as the geolocation, chat messages, and passwords, the law enforcement malware also told infected Encrochat devices to provide a list of WiFi access points near the device.

Organized crime groups across Europe and the rest of the world heavily used the network before its seizure, in many cases to facilitate large scale drug trafficking.

Source: European Police Malware Could Harvest GPS, Messages, Passwords, More

CNIL issues new guidance on data retention

The French Supervisory Authority CNIL in July has issued new updated guidelines on data retention.

These Guidelines aim at providing practical tools to help defining the relevant rules to organize data retention and accordingly the retention period applicable for each step of the personal data processing life cycle so that the personal data are not kept indefinitely.

Source: FRANCE: NEW GUIDANCE FOR DATA RETENTION

TikTok is being investigated by France’s data watchdog

A French data protection authority (CNIL) now has an open investigation into the TikTok. CNIL investigates how the app handles user data in May 2020, following a complaint related to a request to delete a video.

Complaint-triggered investigation into TikTok has since widened to include issues related to transparency requirements about how it processes user data; users’ data access rights; transfers of user data outside the EU; and steps the platform takes to ensure the data of minors is adequately protected — a key issue, given the app’s popularity with teens.

Source: TikTok is being investigated by France’s data watchdog | TechCrunch

Google Loses Its Appeal On 50 Million Euro GDPR Fine

Google lost on appeal of 50 million euro fine levied against Google in January 2019 for GDPR breaches.

On Friday, the Conseil d’État, a division of the French government that serves as the supreme court of administrative justice, sided with France’s data protection authority, the CNIL, which levied the fine against Google.

Source: Google Loses Its Appeal On 50 Million Euro GDPR Fine | AdExchanger

French Court Bans the Use of Drone Surveillance to Enforce Covid-19 Lockdown

The Conseil d’État, France’s highest administrative court, issued a decision banning French authorities from using drone surveillance to track individuals violating social distancing rules.

The Court cited privacy issues with drone surveillance and stated that drone surveillance by police would be banned until technology is added to prevent the filming and identification of individuals or approval was given by France’s privacy regulator, the Commission nationale de l’informatique et des libertés (CNIL).

Source: French Court Bans the Use of Drone Surveillance to Enforce Covid-19 Lockdown

CNIL Updates Data Protection Guidance for Employers in the Context of Lifting COVID-19 Containment Measures

On May 7, 2020, the French Data Protection Authority updated its previous guidance for employers relating to the processing of employee and visitor personal data in the context of the COVID-19 outbreak, in particular, in the context of lifting containment measures.

Some employers may consider implementing systematic body temperature checks at the entrance to their premises. Similarly, employers may wish to assess employees’ exposure to the virus or their health statuses when they return to work. The Updated Guidance analyzes some of these practices and outlines the principles applicable to data processing activities.

Source: CNIL Updates Data Protection Guidance for Employers in the Context of Lifting COVID-19 Containment Measures | Privacy & Information Security Law Blog

Privacy watchdog approves French Covid-19 contact tracing app

France’s privacy watchdog CNIL on April 26 gave a conditional green light to a government-backed scheme to monitor people infected with coronavirus.

The issue of how to keep tabs on sufferers has sparked privacy concerns in several countries but the CNIL gave the nod to the StopCovid scheme subject to civil liberty guarantees and regular oversight.

The French device will, if the country is to begin a gradual emergence from lockdown on May 11, enable creation of an index of sufferers via a smartphone app along the lines of a model touted notably by Singapore.

The idea is to send an alert to those who have downloaded the app if they come into close proximity, for example, on public transport, with those who have tested positive for the new coronavirus and who are on the app register.

Source: Covid-19: Privacy watchdog approves French contact tracing app | The Star Online

1 2 3 11
>