The French data protection authority (CNIL) rendered three major decisions impacting worldwide online service providers following online controls and investigations performed on the companies’ websites. These decisions highlight the obligations of data controllers when using cookies and other trackers, notably regarding the way the user’s consent shall be collected, and the level of information that … Continue Reading
Unlike other countries, such as the US, France has a conservative approach of when and how IP right holders are entitled to disclose a pending infringement dispute to their clients and investors, under the legal concept of “disparagement”. France takes this step in order to limit the negative impact on the competitor resulting from disclosure … Continue Reading
Companies have been challenged with respect to their cookie policies and their implementation due to the entry into force of the GDPR earlier than the proposed ePrivacy Regulation Given the delay in the adoption of an EU-wide regulation on e-privacy, national data protection authorities have taken the initiative in publishing guidelines on cookies requirements. The … Continue Reading
In response to France’s Digital Services Tax (DST), the Office of the U.S. Trade Representative (USTR) proposed additional ad valorem duties of up to 100 percent on certain products from France. The USTR issued a Section 301 Investigation Report on the DST, concluding that the DST discriminates against U.S. companies, is inconsistent with prevailing principles … Continue Reading
On February 8 and 9, 2016, the French Directorate-General for Competition, Consumer Affairs and Prevention of Fraud (the ‘DGCCRF’) and the French Data Protection Authority (the ‘CNIL’), through an obviously concerted action, have publicised regulatory enforcement measures they are undertaking against Facebook. The DGCCRF is requiring Facebook to re-write its Terms and Conditions on the … Continue Reading
It is foreseeable that not many of Facebook’s millions of users every day have ever had a look at the social network’s Terms & Conditions. Only the readers of the fine print may know that these Terms & Conditions provide that any claim related to Facebook must be resolved exclusively in the United States District … Continue Reading
This post was written by Daniel Kadar. Implementing whistleblowing hotlines in France has caused significant concern for companies implementing such hotlines globally, as French regulation had considerably narrowed their scope with the major threat of considering non-compliant hotlines as null and void. Times have changed: a couple of months ago, the French CNIL adopted an … Continue Reading
After almost two years of back and forth with Google, the French CNIL has, similarly to the Spanish Data Protection authority (€900,000 fine), sanctioned Google with a €150,000 fine, as Google refused to review its integrated platform and to modify its privacy policy as requested by the Working Party 29. In addition to this fine, … Continue Reading
This post was written by Daniel Kadar. French health care companies have faced hard times over the past months with their new transparency obligations. They have been required to declare the equivalent of 18 months (!) of agreements and benefits in a very short period of time. They were scheduled to disclose this information to … Continue Reading
France’s data protection authority, the Commission Nationale De L’informatique et Des Libertés (CNIL), released a new mandatory online notification procedure for French electronic communications service providers (Providers) to rapidly report data breaches to CNIL in compliance with new EC Regulation (No.611/2013) (the Regulation). Any data breach must be reported to CNIL via a new standardized … Continue Reading
This post was written by Daniel Kadar. France has established itself as a leader in the protection of personal data. Not only does its regulation define broadly the concepts of personal and medical data, France has also implemented a specific set of policies regarding the hosting of personal medical data, requiring all bodies hosting this … Continue Reading
This post was written by Daniel Kadar. The French Data Protection Authority (DPA), the CNIL, has expressed its satisfaction on the draft report (the “draft Report”) released by the European Parliament on the new European Data Protection Regulation (the “Regulation”). One of the major points of concern for the CNIL was that the draft Regulation … Continue Reading
This post was written by Daniel Kadar. The French CNIL has adopted and published a new set of guidelines that set forth “best practices” about privacy protection at work (the Guidelines). As is often the case in France – in particular if connected to labor law regulations – the lector should bear in mind that … Continue Reading
Pursuant to their common decision 26 February 2013 to engage action in order to penalize Google Inc. for refusing to revise its global privacy policy, six of the European Working Party 29 regulators, led by the French CNIL, have now jointly started to act in their respective jurisdictions and according to their national laws against … Continue Reading
This post was written by Daniel Kadar. France’s highest court (“Cour de cassation”) ruled 26 June 2012 in Monsieur X v. YBC Helpevia that a company’s internal rules may limit an employer’s access to employee emails. French case-law has traditionally held that employees have a right to privacy at their workplace and that an employer … Continue Reading
We have previously reported on the different requests and repeated questionnaires the Commission nationale de l’informatique et des libertés (CNIL) has sent to Google over the past few months regarding the evaluation of Google’s compliance with applicable European Data Protection Regulation concerning its new integrated privacy policy, as well as the new integrated platform launched … Continue Reading
This post was written by Daniel Kadar. A new regulation of the CNIL, dated 12 June 2012 and published on 13 July 2012, modifies the ways and means of collecting and processing client/prospect-related data. The regulation, issued as an amendment to the “Simplified Norm No. 48” [http://www.cnil.fr/en-savoir-plus/deliberations/deliberation/delib/184/], broadens the possibility for data controllers to make … Continue Reading
“The CNIL is ready for combat” – this is how Mrs. Falque-Pierrotin, President of the CNIL, described its mission after taking office last year. Introducing a 100-page-long yearly “Activity Report” dated 10 July 2012, fully translated into English, the President of the CNIL outlined what is to be seen as the main action principle of … Continue Reading
On 25 June 2012, the CNIL published on its website a summary article and a 10 page conclusion paper, along with a 21-page “recommendations” document, which constitute the French Data Protection Authority’s new guidance in that regard. Aimed to target small- to medium-sized companies considering using cloud computing services, and aimed at helping them make more … Continue Reading
This post was written by Daniel Kadar. On 28 May, the French CNIL released new practical guidance related to data violation. A new Article 34 bis has been added to the French Data Protection Act as part of implementing the Telecom Package obliging Electronic Communications Providers (ECPs) to notify “without delay” the French CNIL of … Continue Reading
We have previously reported that the French Data Protection Authority (DPA), the CNIL, had sent to Google 19 March 2012, a 12-page questionnaire divided in not less than 69 main questions on Google’s new privacy policy. The CNIL has been designated by the Working Party 29 to evaluate the compliance to applicable data protection regulation … Continue Reading
The French CNIL has released an amended version of its guidance regarding the implementation of the “Telecoms Package” concerning the use of cookies. As set forth by the 24 August 2011 Ordinance, user consent is in principle required prior to the placement of cookies on an individual’s computer. Until the revision of its guidance, the … Continue Reading
Google’s CEO, Larry Page, now belongs to the happy few who enjoy direct and regular contact with the CNIL’s president, Mrs. Falque-Pierrotin: he received on 19 March another letter from the French Data Protection Authority’s president pursuant to Google’s decision to launch its new integrated platform 1 March, despite the CNIL’s strong warning to postpone … Continue Reading
February 2012 will last as a milestone of an unprecedented fight between the Working Party 29, which comprises the European Data Protection Agencies, and Google. Google has highly publicised the forthcoming launch of an integrated platform that is deemed to allow a better tracking of the user’s personal data and in particular to advertise with … Continue Reading