This post was written by Cynthia O’Donoghue.
The French Data Protection Authority (the “CNIL”) issued a press release 19 April 2012 detailing its planned enforcement agenda for the coming year. The CNIL announced that it intends to conduct around 450 on-site inspections during 2012, with particular focus on six specific themes. The CNIL will also continue work started in 2011, including at least 150 inspections related to video surveillance.
The focus will be on the following areas:
Smartphones: The CNIL will investigate both the purchasing and use of smartphones, in particular data collection by mobile operators and app providers. In relation to mobile operators, the CNIL will focus on the database of mobile customers and the extent of monitoring their customers’ usage.
Health data security: The CNIL intends to continue its work from 2011 in this area and to focus on the development and use of health-related data, in particular by carrying out inspections on medial research facilities, online health-related applications, health care providers, and companies that host health-related data, especially the use of cloud computing.
Data breaches: Given the August 2011 regulations on data breaches, the CNIL will focus on compliance by ISPs to notify the CNIL of data breaches, as well as to notify individuals when the data breach “affects their personal data or private life.”
Sports and hobbies: Despite the CNIL having conducted checks in this sector, the CNIL intends to examine further anti-doping controls, the hosting of sports competitions, and the processing of member and spectator personal data by the main French sports federations, including disclosures to third parties and blacklisting.
Police records: Following a parliamentary report on police records, the CNIL will organize a series of inspections and implement controls on data processing at the national and local levels, relating to the use of personal data and the internal operating services of the police.
Utility and motorway companies: The CNIL intends to focus on transparency of data processing by conducting a broad survey of major companies that provide services to millions of French citizens through the supply of water, gas and electricity, and the collection of road tolls.