fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " France "

French court issues decision on legality of Privacy Rules and Terms of Use under data protection and consumer law

Five years after the commencement of legal proceedings against Google by leading French consumer association UFC Que Choisir, the Paris “Tribunal de Grande Instance” (TGI), in a decision dated 12 February 2019, issued its ruling on the legality of the Google+ Terms of Use and Privacy Rules, both with respect to consumer law and personal data protection regulations.

Full article: French court issues decision on legality of Privacy Rules and Terms of Use under data protection and consumer law

CNIL Publishes Binding Rules on Processing Biometric Data as Workplace Access Control

On March 28, 2019, the French data protection authority (“CNIL”) published a “Model Regulation” addressing the use of biometric systems to control access to premises, devices and apps at work.

The Model Regulation lays down binding rules for data controllers who are subject to French data protection law and process employee biometric data for such purposes.

Source: CNIL Publishes Binding Rules on Processing Biometric Data as Workplace Access Control

GDPR fines ‘likely to end up before Europe’s highest court’

Fines levied on multinationals and other organisations under the General Data Protection Regulation (GDPR) are likely to end up before Europe’s highest court as they seek to resolve “ambiguities” in the law, Google’s chief privacy officer has indicated.

“We fully expect that there will be ongoing engagement with regulators and, in some instances, there will be issues that are taken to court, probably all the way up to the highest court in Europe to resolve these latent ambiguities within the GDPR as the law evolves.”

Source: GDPR fines ‘likely to end up before Europe’s highest court’

CNIL Publishes FAQs to Prepare for a No-Deal Brexit

On February 20, 2019, the French data protection authority published a set of questions and answers to specify the CNIL’s recommendations and steps that organizations should take to prepare for a no-deal Brexit.

Source: CNIL Publishes FAQs to Prepare for a No-Deal Brexit | Privacy & Information Security Law Blog

Data location vendor worked with GDPR regulator on data consent model, yielding 70% opt-in rates

Last August French privacy regulator CNIL cited two French location-intelligence companies (Fidzup and Teemo) as non-compliant with GDPR consent rules (as well as French privacy law).

Teemo then worked cooperatively with CNIL to develop specific consent language around third-party use of location data. Surprisingly, but the opt-in rates were 70%. Teemo says that transparency gives consumers a sense of control and they respond positively as a result.

Source: Data location vendor worked with GDPR regulator on data consent model, yielding 70% opt-in rates – MarTech Today

The French doctrine of offensive cyber operations

Many countries are developing cyber capabilities, including for their military forces. Details are often secret. Public discussions are therefore always refreshing. There is a good opportunity. France just made public the elements of the offensive cyber operation doctrine.

Full article: The French doctrine of offensive cyber operations

CNIL Fines French Telecom Operator for Data Security Failure

On December 27, 2018, the French Data Protection Authority (the “CNIL”) announced that it imposed a fine of €250,000 on French telecom operator Bouygues Telecom for failing to protect the personal data of the customers of its mobile package B&YOU.

Full article: CNIL Fines French Telecom Operator for Data Security Failure

CNIL Publishes Guidance on Data Sharing with Business Partners or Data Brokers

On December 28, 2018, the French Data Protection Authority (the “CNIL”) published guidance regarding the conditions to be met by organizations in order to lawfully share personal data with business partners or other third parties, such as data brokers.

Full article: CNIL Publishes Guidance on Data Sharing with Business Partners or Data Brokers

Targeted advertising targeted by the French DPA

Since the General Data Protection Regulation (GDPR) came into force in May 2018, the CNIL has issued four public formal notices against Fidzup, Singlespot, Teemo and recently against Vectaury, all of whom are involved in the advertising business.

The CNIL’s formal notices come at a time when the advertising sector is still debating the alternative between “consent” and the controller’s ”legitimate interest” as a legal basis to process personal data for the purpose of targeting advertising. In the above-mentioned cases, the concerned intermediaries were extensively collecting location data from users’ smartphones and combining them with other sets of data, which requires consent under the GDPR.

Full article: Targeted advertising targeted by the French DPA

Uber fined €400,000 in France over data breach

Uber in France has been hit with a €400,000 fine by the country’s data protection watchdog in response to a major data breach the company experienced in 2016.

The Commission Nationale de l’information et des Liberties (CNIL) said 1.4 million customers of Uber France SAS were impacted by the breach and said it could have been prevented if the company had implemented “basic security measures”.

Full article: Uber fined €400,000 in France over data breach

>