The French data protection authority (CNIL) rendered three major decisions impacting worldwide online service providers following online controls and investigations performed on the companies’ websites. These decisions highlight the obligations of data controllers when using cookies and other trackers, notably regarding the way the user’s consent shall be collected, and the level of information that

Companies have been challenged with respect to their cookie policies and their implementation due to the entry into force of the GDPR earlier than the proposed ePrivacy Regulation

 Given the delay in the adoption of an EU-wide regulation on e-privacy, national data protection authorities have taken the initiative in publishing guidelines on cookies requirements. The

In response to France’s Digital Services Tax (DST), the Office of the U.S. Trade Representative (USTR) proposed additional ad valorem duties of up to 100 percent on certain products from France. The USTR issued a Section 301 Investigation Report on the DST, concluding that the DST discriminates against U.S. companies, is inconsistent with prevailing principles

On February 8 and 9, 2016, the French Directorate-General for Competition, Consumer Affairs and Prevention of Fraud (the ‘DGCCRF’) and the French Data Protection Authority (the ‘CNIL’), through an obviously concerted action, have publicised regulatory enforcement measures they are undertaking against Facebook.

The DGCCRF is requiring Facebook to re-write its Terms and Conditions on the grounds of consumer protection for France

The DGCCRF issued an injunction to Facebook requiring either revising or removing certain clauses of its Terms and Conditions which would be considered as unfair and “abusive” terms under French consumer law. This concerns in particular provisions granting Facebook the right, in its sole discretion, to remove any content or information posted by Facebook users, or to update its Payment Terms at any time without informing the users beforehand. The DGCCRF required Facebook to take appropriate action within 60 days. Otherwise, Facebook can be sued before the French courts.
Continue Reading By jointly tackling Facebook, French regulators set an example to large international digital media companies – First prominent enforcement measure after the Safe Harbor invalidation

This post was written by Daniel Kadar.

Implementing whistleblowing hotlines in France has caused significant concern for companies implementing such hotlines globally, as French regulation had considerably narrowed their scope with the major threat of considering non-compliant hotlines as null and void.

Times have changed: a couple of months ago, the French CNIL adopted

France’s data protection authority, the Commission Nationale De L’informatique et Des Libertés (CNIL), released a new mandatory online notification procedure for French electronic communications service providers (Providers) to rapidly report data breaches to CNIL in compliance with new EC Regulation (No.611/2013) (the Regulation).

Any data breach must be reported to CNIL via a new standardized