fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " France "

CNIL Fines French Telecom Operator for Data Security Failure

On December 27, 2018, the French Data Protection Authority (the “CNIL”) announced that it imposed a fine of €250,000 on French telecom operator Bouygues Telecom for failing to protect the personal data of the customers of its mobile package B&YOU.

Full article: CNIL Fines French Telecom Operator for Data Security Failure

CNIL Publishes Guidance on Data Sharing with Business Partners or Data Brokers

On December 28, 2018, the French Data Protection Authority (the “CNIL”) published guidance regarding the conditions to be met by organizations in order to lawfully share personal data with business partners or other third parties, such as data brokers.

Full article: CNIL Publishes Guidance on Data Sharing with Business Partners or Data Brokers

Targeted advertising targeted by the French DPA

Since the General Data Protection Regulation (GDPR) came into force in May 2018, the CNIL has issued four public formal notices against Fidzup, Singlespot, Teemo and recently against Vectaury, all of whom are involved in the advertising business.

The CNIL’s formal notices come at a time when the advertising sector is still debating the alternative between “consent” and the controller’s ”legitimate interest” as a legal basis to process personal data for the purpose of targeting advertising. In the above-mentioned cases, the concerned intermediaries were extensively collecting location data from users’ smartphones and combining them with other sets of data, which requires consent under the GDPR.

Full article: Targeted advertising targeted by the French DPA

Uber fined €400,000 in France over data breach

Uber in France has been hit with a €400,000 fine by the country’s data protection watchdog in response to a major data breach the company experienced in 2016.

The Commission Nationale de l’information et des Liberties (CNIL) said 1.4 million customers of Uber France SAS were impacted by the breach and said it could have been prevented if the company had implemented “basic security measures”.

Full article: Uber fined €400,000 in France over data breach

How a small French privacy ruling could remake adtech for good

A ruling in late October against a little-known French adtech firm that popped up on the national data watchdog’s website earlier this month is causing ripples of excitement to run through privacy watchers in Europe who believe it signals the beginning of the end for creepy online ads.

CNIL’s decision suggests that bundling consent to partner processing in a contract is not, in and of itself, valid consent under the European Union’s General Data Protection Regulation (GDPR) framework.

Full article: How a small French privacy ruling could remake adtech for good | TechCrunch

Facebook May Face 100M Euro Lawsuit Over Privacy Breach

A French nongovernmental organization wants Facebook Inc. to pay 100 million euros ($113 million) and fix any problems stemming from recent data security incidents and privacy breaches.

The Internet Society of France says Facebook collected data on nonusers without getting their consent, and illegally limited its responsibilities with respects to personal information. The NGO also claimed that Facebook unduly collected the political opinions, religious beliefs, and sexual orientation of its users in violation of EU privacy laws.

The Internet Society is seeking 100 million in euros from Facebook if they can get 100,000 EU data subject to join the complaint. The organization said Facebook has four months to respond before it files its action in the Court of First Instance of Paris.

Source: Facebook May Face 100M Euro Lawsuit Over Privacy Breach

More than 50 nations, but not U.S., sign onto cybersecurity pact

French President Emmanuel Macron released an international agreement on cybersecurity principles Monday as part of the Paris Peace Forum. The original signatories included more than 50 nations, 130 private sector groups and 90 charitable groups and universities, but not the United States, Russia or China.

The Paris Call for Trust and Security in Cyberspace is another step in the disjointed effort to create international norms and laws for cybersecurity and warfare. In most international matters of regulating the internet, there tends to be a wide split between the liberal Western order and authoritarian nations like Russia and China.

Full article: More than 50 nations, but not U.S., sign onto cybersecurity pact – Axios

Facebook to let French regulators investigate on moderation processes

Facebook and the French government are going to cooperate to look at Facebook’s efforts when it comes to moderation. At the start of 2019, French regulators will launch an informal investigation on algorithm-powered and human moderation. Facebook is willing to cooperate and give unprecedented access to its internal processes.

Full article: Facebook to let French regulators investigate on moderation processes

Macron and tech giants launch Paris call to fix web woes

Microsoft was among the US tech giants joining with France to call for more nations and corporates to adhere to new internet regulations and do more in the global fight against cyber crime, online censorship and hateful dialogue online.

At an international convening on cyber security principles in Paris, Emmanuel Macron launched a document called “Paris call for trust and security in cyber-space”. The French President hopes the initiative will reenergise momentum for much-needed internet regulation after negotiations broke down last year.

Full article: Macron and tech giants launch Paris call to fix web woes

CNIL Publishes DPIA Guidelines and List of Processing Operations Subject To DPIA

On November 6, 2018, the French Data Protection Authority (the “CNIL”) published its own guidelines on data protection impact assessments (the “Guidelines”) and a list of processing operations that require a data protection impact assessment (“DPIA”).

Source: CNIL Publishes DPIA Guidelines and List of Processing Operations Subject To DPIA

>