Free tools and resources for Data Protection Officers!

Tag Archives for " France "

GDPR fines ‘likely to end up before Europe’s highest court’

Fines levied on multinationals and other organisations under the General Data Protection Regulation (GDPR) are likely to end up before Europe’s highest court as they seek to resolve “ambiguities” in the law, Google’s chief privacy officer has indicated.

“We fully expect that there will be ongoing engagement with regulators and, in some instances, there will be issues that are taken to court, probably all the way up to the highest court in Europe to resolve these latent ambiguities within the GDPR as the law evolves.”

Source: GDPR fines ‘likely to end up before Europe’s highest court’

CNIL Publishes FAQs to Prepare for a No-Deal Brexit

On February 20, 2019, the French data protection authority published a set of questions and answers to specify the CNIL’s recommendations and steps that organizations should take to prepare for a no-deal Brexit.

Source: CNIL Publishes FAQs to Prepare for a No-Deal Brexit | Privacy & Information Security Law Blog

Data location vendor worked with GDPR regulator on data consent model, yielding 70% opt-in rates

Last August French privacy regulator CNIL cited two French location-intelligence companies (Fidzup and Teemo) as non-compliant with GDPR consent rules (as well as French privacy law).

Teemo then worked cooperatively with CNIL to develop specific consent language around third-party use of location data. Surprisingly, but the opt-in rates were 70%. Teemo says that transparency gives consumers a sense of control and they respond positively as a result.

Source: Data location vendor worked with GDPR regulator on data consent model, yielding 70% opt-in rates – MarTech Today

The French doctrine of offensive cyber operations

Many countries are developing cyber capabilities, including for their military forces. Details are often secret. Public discussions are therefore always refreshing. There is a good opportunity. France just made public the elements of the offensive cyber operation doctrine.

Full article: The French doctrine of offensive cyber operations

CNIL Fines French Telecom Operator for Data Security Failure

On December 27, 2018, the French Data Protection Authority (the “CNIL”) announced that it imposed a fine of €250,000 on French telecom operator Bouygues Telecom for failing to protect the personal data of the customers of its mobile package B&YOU.

Full article: CNIL Fines French Telecom Operator for Data Security Failure

CNIL Publishes Guidance on Data Sharing with Business Partners or Data Brokers

On December 28, 2018, the French Data Protection Authority (the “CNIL”) published guidance regarding the conditions to be met by organizations in order to lawfully share personal data with business partners or other third parties, such as data brokers.

Full article: CNIL Publishes Guidance on Data Sharing with Business Partners or Data Brokers

Targeted advertising targeted by the French DPA

Since the General Data Protection Regulation (GDPR) came into force in May 2018, the CNIL has issued four public formal notices against Fidzup, Singlespot, Teemo and recently against Vectaury, all of whom are involved in the advertising business.

The CNIL’s formal notices come at a time when the advertising sector is still debating the alternative between “consent” and the controller’s ”legitimate interest” as a legal basis to process personal data for the purpose of targeting advertising. In the above-mentioned cases, the concerned intermediaries were extensively collecting location data from users’ smartphones and combining them with other sets of data, which requires consent under the GDPR.

Full article: Targeted advertising targeted by the French DPA

Uber fined €400,000 in France over data breach

Uber in France has been hit with a €400,000 fine by the country’s data protection watchdog in response to a major data breach the company experienced in 2016.

The Commission Nationale de l’information et des Liberties (CNIL) said 1.4 million customers of Uber France SAS were impacted by the breach and said it could have been prevented if the company had implemented “basic security measures”.

Full article: Uber fined €400,000 in France over data breach

How a small French privacy ruling could remake adtech for good

A ruling in late October against a little-known French adtech firm that popped up on the national data watchdog’s website earlier this month is causing ripples of excitement to run through privacy watchers in Europe who believe it signals the beginning of the end for creepy online ads.

CNIL’s decision suggests that bundling consent to partner processing in a contract is not, in and of itself, valid consent under the European Union’s General Data Protection Regulation (GDPR) framework.

Full article: How a small French privacy ruling could remake adtech for good | TechCrunch

Facebook May Face 100M Euro Lawsuit Over Privacy Breach

A French nongovernmental organization wants Facebook Inc. to pay 100 million euros ($113 million) and fix any problems stemming from recent data security incidents and privacy breaches.

The Internet Society of France says Facebook collected data on nonusers without getting their consent, and illegally limited its responsibilities with respects to personal information. The NGO also claimed that Facebook unduly collected the political opinions, religious beliefs, and sexual orientation of its users in violation of EU privacy laws.

The Internet Society is seeking 100 million in euros from Facebook if they can get 100,000 EU data subject to join the complaint. The organization said Facebook has four months to respond before it files its action in the Court of First Instance of Paris.

Source: Facebook May Face 100M Euro Lawsuit Over Privacy Breach

1 2 3 8
>