Free tools and resources for Data Protection Officers!

Tag Archives for " France "

French DPA adopts new single authorisation on fraud prevention systems

The French data protection authority (CNIL) has just adopted Single Authorization No. AU-054 (the “AU-054”) on July 13, 2017 in order to cover the processing of personal data implemented in relation to these fraud prevention/detection systems. The new AU-054 provides a blanket authorization for entities processing personal data for purposes related to the prevention/detection of external fraud in the banking and financial sector assuming they adhere to a strict set of conditions set forth by the CNIL, the most significant of which are summarized below.

Source: FRANCE: CNIL ADOPTS NEW SINGLE AUTHORIZATION ON FRAUD PREVENTION SYSTEMS | Privacy Matters

CNIL Updates Privacy Seals on Governance Procedures and Training Programs to Comply with GDPR

On September 20, 2017, the French Data Protection Authority (CNIL) announced that it has updated two standards on privacy seals in order to take into account the requirements of the EU General Data Protection Regulation (“GDPR”).

Source: CNIL Updates Privacy Seals on Governance Procedures and Training Programs to Comply with GDPR

CNIL Launches Public Consultation on Transparency and International Data Transfers under the GDPR

On September 19, 2017, the French Data Protection Authority (“CNIL”) launched an online public consultation on two topics identified by the Article 29 Working Party  in its 2017 action plan for the implementation of the EU General Data Protection Regulation (“GDPR”).

Source: CNIL Launches Public Consultation on Transparency and International Data Transfers under the GDPR

European Court to France: DNA Database Violates Fundamental Rights

The European Court of Human Rights decided on June 22, 2017 that France’s DNA database for convicted criminals disproportionately interferes with individuals’ privacy rights because of its one-size-fits-all retention period and the failure to include a procedure to request erasure.

Source: European Court to France: DNA Database Violates Fundamental Rights | HL Chronicle of Data Protection

Changes to the CNIL’s blanket authorization for whistleblowing in France

By a decision of June 2017, the CNIL has modified its blanket authorization for whistleblowing with a view to adapting it to recent changes introduced by the so-called “Sapin 2” law (the law relating to “transparency, the fight against corruption and modernization of business life”).

Source: Changes to the CNIL’s blanket authorization for whistleblowing in France | The National Law Review

Hunton Privacy Team Publishes Several Chapters in International Comparative Legal Guide to Data Protection

Recently, the fourth edition of the book, The International Comparative Legal Guide to: Data Protection 2017, was published by the Global Legal Group. Hunton & Williams’ Global Privacy and Cybersecurity lawyers prepared several chapters in the guide, including the opening chapter on “All Change for Data Protection: The European Data Protection Regulation,” co-authored by London partner Bridget Treacy and associate Anita Bapat.

Source: Hunton Privacy Team Publishes Several Chapters in International Comparative Legal Guide to Data Protection

CNIL issues first fine for data protection violations

French regulator CNIL has issued its first fine for violations of data protection laws, since it was given the power in the Digital Republic law passed last November. Previously it could only issue verbal warnings. Car rental firm Hertz was fined EUR 40,000 for exposing personal data of members of its discount programme on its website.

Source: Cnil issues first fine for data protection violations – Telecompaper

CNIL closes the formal notice procedure on Microsoft

Following the launch of Windows 10 in July 2015, the CNIL was alerted through the press and by letters from political parties on potential violations of the French Data Protection Act. Seven online observations have been carried out between April and June 2016. On this occasion, several violations have been found and in particular: excessive collection of personal data, track of users’ web-browsing without their consent and a lack of security and confidentiality of users’ data.

Source: Windows 10: official closure of the formal notice procedure served on MICROSOFT CORPORATION | CNIL

Facebook Gets Fined By 2 European Privacy Regulators

On Tuesday Dutch and French data protection authorities issued fines to Facebook saying that its data handling practices broke their countries’ privacy rules. Authorities said Facebook had not provided users with sufficient control over how their details are used.

Sanctions are part of a growing pushback across the European Union about how Facebook collects data on EU’s residents.

Source: Facebook Gets Slap on the Wrist From 2 European Privacy Regulators – The New York Times

>