Proskauer - Privacy & Cybersecurity (JD Supra France)
-
French DPA Issues Guidance Surrounding Practice of Web Scraping
On April 30, 2020, the French data protection authority, the CNIL, published a guidance surrounding considerations behind what it calls “commercial prospecting,” meaning scraping publicly available website data to obtain individuals’ contact info for purposes of selling such data to third parties for direct marketing purposes. The guidance is significant in two respects. First, it speaks to the...
-
French DPA Issues Robust Model Regulation for Biometric Access Controls in the Workplace
In late March, the French Data Protection Authority, Commission Nationale de l’Informatique et des Libertés (“CNIL”) released a model regulation (the “Model Regulation”) governing the use of biometric access controls in the workplace. Unlike many items of personal information, biometric data (such as a person’s face or fingerprints) is unique and, if stolen or otherwise compromised, cannot be...
-
New Privacy Developments in France
DataGuidance spoke with Cécile Martin, Special International Counsel at Proskauer Rose LLP, at the International Association of Privacy Professionals’ Conference in Brussels in November 2016. Ce´cile discussed the passing of the Digital Republic Bill and its implications for organizations, as well as the latest developments regarding employee monitoring in France and the upcoming changes with the
-
French Data Protection Wants to Force Google to Extend the Right To Be Delisted to All the Search Engine’s Extensions
On March 10, 2016, the French data protection agency (« CNIL ») pronounced a €100.000 ($111,715) fine against Google Inc. for failure to comply with its formal injunction of May, 2015 ordering the company to extend delisting to all the search engine’s extensions.
-
Google Declares “Non!” to French Privacy Regulator’s Demands that Google Apply the “Right to be Forgotten” Worldwide
In an expected but controversial move, Google has rejected a demand by the French Data Privacy authority CNIL to apply the European “Right to be Forgotten” worldwide. We have covered the E.U.’s Right to be Forgotten before, but here is a quick recap: under the E.U. rule, individuals have the right to require organizations that control personal data about them (“data controllers”) to delete...
-
From the Right to be Forgotten to the Right to an “e-Reputation’’: First Enforceability Ordered by French Court under Penalty
A few months after the European Court of Justice ruled on May 13, 2014 that search engines are considered personal data controllers under the EU Data Protection Directive of 1995 and, as such, should provide data subjects with a right to be forgotten, a French Tribunal enforced this principle in X & Y v. Google France.
-
One year of Data Protection Enforcement in France: what the CNIL’s Activity Report 2013 Reveals and what to expect in 2014
According to the French Data Protection Authority’s (“CNIL”) recently issued activity report for 2013, the CNIL was especially busy in 2013. The main topics addressed by the CNIL in 2013 were the creation of a national consumer credit database, the right to be forgotten, the right to refuse cookies, the proposed EU Regulation, and, of course, the revelations concerning the U.S. Prism program and...
-
France Facilitates Implementation of Whistleblowing Systems
In France, before implementing a whistleblowing process, a company must inform and consult with its employees’ representatives, inform its employees and notify the French Data Protection Agency (CNIL). There are two possible ways to notify the CNIL of a whistleblowing system...
-
The French Data Protection Authority Fines Google for Breach of French Privacy Laws
After two years of investigation and proceedings regarding Google’s privacy policy, European Data Protection Authorities (DPAs) are now reaching their final decisions against Google. The French DPA (“CNIL”) issued, on January 3rd 2014, a decision ruling that Google’s privacy policy did not comply with the French Data Protection laws and imposed a fine of € 150,000. Google has brought an appeal...
-
CNIL Cracks Down on Employee Video Monitoring and Password Strength
In a recent decision (deliberation CNIL May 30, 2013 n°2013-139), the French Data Protection Agency (CNIL) sanctioned a company for implementing a CCTV system without informing employees and because the CCTV enabled the constant monitoring of one employee making the recording disproportionate to the goal pursued.
-
In France, Are Employers Entitled To Access Their Employees’ Personals Emails?
In France, the guiding principle is that emails received or sent by an employee through the employer’s company email account are considered “professional”, which means that the employer can access and read them.
-
French Clouds: Where Does Cloud Computing Stand In France?
Concurrent with the European Commission’s recent release of a new strategy to “unleash the potential of cloud computing in Europe,” the French Data Protection Agency (CNIL) issued 7 recommendations to assist companies to comply with French law when using cloud computing services.
-
One year of Data Protection Enforcement in France: what the CNIL's Activity Report Reveals
The French Data Protection Authority (“CNIL”) has recently issued its activity report for 2011. It provides us with some interesting data and allows us to reflect on the ever-growing importance of privacy and data protection in France. Video-surveillance, the right to be forgotten on the Internet, data breaches and abusive data collection by companies were the key highlights of 2011 and have...
-
Is data breach notification compulsory under French law?
On May 28th, the Commission nationale de l’informatique et des libertés (“CNIL”), the French authority responsible for data privacy, published guidance on breach notification law affecting electronic communications service providers. The guidance was issued with reference to European Directive 2002/58/EC, the e-Privacy Directive, which imposes specific breach notification requirements on...
-
French employees should check their privacy settings before posting on social media platforms
It may seem obvious to a lay person that employees should refrain from insulting their companies on social media due to the threat of termination for cause; however, there are contradictory legal principles that apply to the use of social media by employees which can be used both for and against employees (i.e. freedom of speech, right to privacy, data protection laws, an employer’s right to take
-
Filers Beware! Court of Appeal Rejects CNIL-approved Whistleblowing System
In a decision dated September 23, 2011, the Court of Appeal of Caen suspended the implementation of a whistleblowing system that had been previously authorized by the French Data Protection Agency (CNIL) because, in the court’s view, the system infringed on the individual and collective rights and liberties of the company’s employees.