The French data protection authority (CNIL) rendered three major decisions impacting worldwide online service providers following online controls and investigations performed on the companies’ websites. These decisions highlight the obligations of data controllers when using cookies and other trackers, notably regarding the way the user’s consent shall be collected, and the level of information that
France
A French approach to disclosing a pending IP dispute
Unlike other countries, such as the US, France has a conservative approach of when and how IP right holders are entitled to disclose a pending infringement dispute to their clients and investors, under the legal concept of “disparagement”. France takes this step in order to limit the negative impact on the competitor resulting from disclosure…
It’s time to reassess cookie compliance in France
Companies have been challenged with respect to their cookie policies and their implementation due to the entry into force of the GDPR earlier than the proposed ePrivacy Regulation
Given the delay in the adoption of an EU-wide regulation on e-privacy, national data protection authorities have taken the initiative in publishing guidelines on cookies requirements. The…
The USTR responds to French Digital Services Tax with large tariff proposal
In response to France’s Digital Services Tax (DST), the Office of the U.S. Trade Representative (USTR) proposed additional ad valorem duties of up to 100 percent on certain products from France. The USTR issued a Section 301 Investigation Report on the DST, concluding that the DST discriminates against U.S. companies, is inconsistent with prevailing principles…
By jointly tackling Facebook, French regulators set an example to large international digital media companies – First prominent enforcement measure after the Safe Harbor invalidation
On February 8 and 9, 2016, the French Directorate-General for Competition, Consumer Affairs and Prevention of Fraud (the ‘DGCCRF’) and the French Data Protection Authority (the ‘CNIL’), through an obviously concerted action, have publicised regulatory enforcement measures they are undertaking against Facebook.
The DGCCRF is requiring Facebook to re-write its Terms and Conditions on the grounds of consumer protection for France
The DGCCRF issued an injunction to Facebook requiring either revising or removing certain clauses of its Terms and Conditions which would be considered as unfair and “abusive” terms under French consumer law. This concerns in particular provisions granting Facebook the right, in its sole discretion, to remove any content or information posted by Facebook users, or to update its Payment Terms at any time without informing the users beforehand. The DGCCRF required Facebook to take appropriate action within 60 days. Otherwise, Facebook can be sued before the French courts.
Continue Reading By jointly tackling Facebook, French regulators set an example to large international digital media companies – First prominent enforcement measure after the Safe Harbor invalidation
French courts are competent to judge over a French Facebook user’s complaint
It is foreseeable that not many of Facebook’s millions of users every day have ever had a look at the social network’s Terms & Conditions.
Only the readers of the fine print may know that these Terms & Conditions provide that any claim related to Facebook must be resolved exclusively in the United States District…
Whistleblowing hotlines in France: a welcome lightening of regulation
This post was written by Daniel Kadar.
Implementing whistleblowing hotlines in France has caused significant concern for companies implementing such hotlines globally, as French regulation had considerably narrowed their scope with the major threat of considering non-compliant hotlines as null and void.
Times have changed: a couple of months ago, the French CNIL adopted…
Maximum administrative fine issued by the CNIL against Google: More to come?
After almost two years of back and forth with Google, the French CNIL has, similarly to the Spanish Data Protection authority (€900,000 fine), sanctioned Google with a €150,000 fine, as Google refused to review its integrated platform and to modify its privacy policy as requested by the Working Party 29.
In addition to this fine,…
The implementation of the French transparency regulation: first good news?
This post was written by Daniel Kadar.
French health care companies have faced hard times over the past months with their new transparency obligations. They have been required to declare the equivalent of 18 months (!) of agreements and benefits in a very short period of time.
They were scheduled to disclose this information…
French Data Protection Authority CNIL Announces New Online Notification Procedure for Reporting Data Breaches
France’s data protection authority, the Commission Nationale De L’informatique et Des Libertés (CNIL), released a new mandatory online notification procedure for French electronic communications service providers (Providers) to rapidly report data breaches to CNIL in compliance with new EC Regulation (No.611/2013) (the Regulation).
Any data breach must be reported to CNIL via a new standardized…