Hunton Andrews Kurth LLP (LexBlog France)
-
CNIL Publishes 2024 Investigation Focus Plan
On February 8, 2024, the French Data Protection Authority announced the priority topics for its inspections in 2024. This blog entry provides a summary of the key topics.
-
French Highest Court Rejects Suspension of Partnership with EU Service Provider Using AWS; Extends Application of the Schrems II Requirements
France’s highest administrative court recently issued a summary judgment that rejected a request for the suspension of the partnership between the French Ministry of Health and Doctolib, a leading provider of online medical consultations in Europe, for the management of COVID-19 vaccination appointments.
-
CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations
On November 26, 2020, the French Data Protection Authority announced that it imposed a fine of €2.25 million on Carrefour France and a fine of €800,000 on Carrefour Banque for various violations of the EU General Data Protection Regulation and Article 82 of the French Data Protection Act governing the use of cookies.
-
CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations
On November 26, 2020, the French Data Protection Authority announced that it imposed a fine of €2.25 million on Carrefour France and a fine of €800,000 on Carrefour Banque for various violations of the EU General Data Protection Regulation and Article 82 of the French Data Protection Act governing the use of cookies.
-
French Highest Court Rejects Temporary Suspension of France’s Health Data Hub; Calls for Additional Guarantees Following Schrems II
On October 13, 2020, France's highest administrative court issued a summary judgment that rejected a request for the suspension of France's centralized health data platform, Health Data Hub.
-
Will European Insurers’ Positive Response to COVID-19 Claims Influence US Insurers?
Last month we wrote a piece concerning AXA’s agreement to pay COVID-19 related business interruption claims by a group of restaurants in France after a court ruled that the restaurants’ revenue losses resulting from COVID-19 and related government orders were covered under its insurance policies. AXA reportedly has already agreed to pay over 200 COVID-19...
-
French Highest Administrative Court Partially Annuls CNIL Cookie Guidelines
On June 19, 2020, France’s Highest Administrative Court issued a decision partially annulling the guidelines of the French Data Protection Authority on cookies and similar technologies.
-
French Highest Administrative Court Upholds 50 Million Euro Fine against Google for Alleged GDPR Violations
On June 19, 2020, France’s Highest Administrative Court upheld the French Data Protection Authority’s decision, whereby the CNIL imposed a fine of 50 million euros on Google under the EU General Data Protection Regulation.
-
DOS Shortens L-1/L-2 and E-1/E-2 Visa Validity for Citizens of France
The Department of State (DOS) has updated its reciprocity schedule with shortened visa validity periods for French citizens. Specifically L-1/L-2 visas are now valid for 17 months and E-1/E-2 visas are now valid for 25 months. Prior to this recent change, both visa categories were eligible for validity periods of 60 months. Who is eligible...
-
The Growing Trend of Digital Services Taxes in Europe, and Why They Matter to US Companies
As reported in the July 26, 2019 Hunton Andrews Kurth LLP client alert, first France and now the United Kingdom have joined the growing number of European countries that have, in recent months, announced they are considering a new form of tax specifically directed at “digital” businesses. The new form of digital services tax is based on the premise that traditional methods of profit allocation...
-
CNIL Fines Uber for Data Security Failure Related to 2016 Data Breach
On December 20, 2018, the CNIL announced that it imposed a fine of €400,000 on Uber France SAS for failure to implement some basic security measures which resulted in the 2016 Uber data breach.
-
CNIL Publishes Statistical Review of Data Breaches Since Entry into Application of GDPR
Recently, the French Data Protection Authority published a statistical review regarding personal data breaches during the first four months of the entry into application of the EU General Data Protection Regulation.
-
CNIL Adopts Referentials on DPO Certification
On October 11, 2018, the French data protection authority announced that it adopted two referentials regarding the certification of data protection officers in France. The French Data Protection Act, as amended by on June 20, 2018 to supplement the GDPR, allows the CNIL to draft certification criteria and approve certification bodies for the purpose of certifying individuals as DPOs.
-
CIPL Hosts Workshop on Accountability Under the GDPR in Paris
On October 5, 2018, the Centre for Information Policy Leadership at Hunton Andrews Kurth LLP hosted a workshop on how to implement, demonstrate and incentivize accountability under the EU General Data Protection Regulation, in collaboration with AXA in Paris, France. In addition to the workshop, on October 4, 2018, CIPL hosted a Roundtable on the Role of the Data Protection Office under the GDPR...
-
CNIL Publishes Initial Assessment of GDPR Implementation
On September 25, 2018, the French Data Protection Authority published the first results of its factual assessment of the implementation of the EU General Data Protection Regulation in France and in Europe. When making this assessment, the CNIL first recalled the current status of the French legal framework, and provided key figures on the implementation of the GDPR from the perspective of privacy
-
CNIL Serves Formal Notice to Marketing Companies to Obtain User’s Consent for Processing Geolocation Data for Ad Targeting
On July 19, 2018, the French Data Protection Authority announced that it served a formal notice to two advertising startups headquartered in France, FIDZUP and TEEMO. Both companies collect personal data from mobile phones via software development kit tools integrated into the code of their partners’ mobile apps—even when the apps are not in use—and process the data to conduct marketing campaigns
-
CIPL Welcomes Nathalie Laneret as New Director of Privacy Policy
The Centre for Information Policy Leadership at Hunton & Williams LLP is pleased to announce that Nathalie Laneret will be joining CIPL as Director of Privacy Policy in May.
-
CNIL Fines Rental Car Company for Data Security Failure Attributable to Third-Party Service Provider
On July 27, 2017, the French Data Protection Authority imposed a fine of 40,000 euros on a French affiliate of the rental car company, The Hertz Corporation, for failure to ensure the security of website users’ personal data.
-
France Adopts Class Action Regime for Data Protection Violations
On November 19, 2016, the French government enacted a bill creating a legal basis for class actions against data controllers and processors resulting from data protection violations. The bill establishes a general class action regime and includes specific provisions regarding data protection violations.
-
New Do-Not-Call List Launched in France
On June 1, 2016, a new do-not-call list was implemented in France. French residents who do not wish to receive marketing phone calls may register their landline or mobile phone number online at www.bloctel.gouv.fr.
-
French Data Protection Authority Imposes Fine for Inadequate Security Measures
On November 13, 2015, the French Data Protection Authority announced its decision in a case against Optical Center, imposing a fine of 50,000 Euros on the company for violations related to the security and confidentiality of its customers’ personal data.
-
French Data Protection Authority Issues New Referential Regarding Seals on Data Privacy Governance Procedures
On January 13, 2015, the French Data Protection Authority published a Referential that specifies the requirements for organizations with a data protection officer in France to obtain a seal for their data privacy governance procedures.
-
French Data Protection Authority Reviews 100 Mobile Apps During Internet Sweep
On May 13, 2014, the French data protection authority decided to examine 100 mobile apps most commonly used in France. This review takes place in connection with the Global Privacy Enforcement Network’s second annual enforcement sweep, which involves participation by the CNIL and 26 data protection authorities.
-
French Data Protection Authority Revises Authorization on Whistleblowing Schemes
In a decision published on February 11, 2014, the French Data Protection Authority adopted several amendments to its Single Authorization AU-004 regarding the processing of personal data in the context of whistleblowing schemes.
-
French Data Protection Authority Rules on Keylogger Software
On March 20, 2013, the French Data Protection Authority issued guidance on keylogger software that enable employers to monitor the activities of an employee’s computer without the employee’s knowledge.
-
French Data Protection Authority Launches Consultation on Open Data
On March 6, 2013, the French Data Protection Authority announced its launch of a consultation of relevant private and public actors for the purpose of determining whether the CNIL should adopt an initiative on Open Data.
-
EU Commissioner Reding Promotes Use of BCRs at IAPP Congress in Paris
On November 29, 2011, at the IAPP Europe Data Protection Congress, EU Commissioner Viviane Reding provided insight into some of the details of the proposals for the revised EU data protection framework. She focused on promoting Binding Corporate Rules as a solution for safeguarding international flows of data.
-
Council of Europe Considers Proposal to Amend Convention 108 Rules on Transborder Data Flows
On October 10-12, 2011, the Council of Europe’s T-PD-Bureau met in Strasbourg, France, to discuss amending Convention 108. One of the main topics of discussion was the regulation of transborder data flows.
-
France Introduces Data Security Breach Notification Requirement for Electronic Communication Service Providers
On August 24, 2011, a new French Ordinance implementing the EU e-Privacy Directive came into effect. The law will require electronic communication service providers to provide notice in the event of a data security breach.
-
French Data Protection Authority Unveils its Goals for 2011 Inspections
On April 26, 2011, the CNIL issued a press release unveiling its inspection goals for the coming year, which will focus on international data transfers, electronic tracking, behavioral advertising, video surveillance and health data.