In a decision (French only) dated 27 February 2020, the French Administrative Court of Marseille invalidated the deliberation of the Provence-Alpes-Côte d’Azur Regional Council which allowed to set up, on an experimental basis, a facial recognition mechanism in two high schools in order to (i) better control and speed up entry of students into the high schools and (ii) control … Continue Reading
On 19 July the French Data Protection Authority (the “CNIL”) published new guidelines on cookies and trackers. These replace the existing Recommendation No. 2013-378 of 5 December 2013, are intended to be in line with relevant GDPR provisions and have been produced in anticipation of the future ePrivacy Regulation. The guidelines will be supplemented, at a later stage, with sectoral … Continue Reading
Following the one-year anniversary of the coming into effect of the GDPR, Hogan Lovells’ Privacy and Cybersecurity practice has prepared a compilation of key GDPR-related developments of the past 12 months. The compilation covers regulatory guidance, enforcement actions, court proceedings, and various reports and materials.
Regulatory GuidanceContinue Reading
After numerous reports and propositions drafted over the past years, a public national consultation and almost a year of discussions before the French Parliament, the much awaited Law no. 2016-1321 of 7 October 2016 for a Digital Republic (“French Digital Law”) has finally been promulgated. Although it officially entered into force on 9 October 2016, a number of implementing Decrees … Continue Reading
In an April 15, 2016 report, the French Data Protection Authority, the CNIL, provided details about its little-known responsibility as overseer of the French police’s website-blocking powers. The French legislature gave the CNIL this new role in a November 13, 2014 law designed to enhance French police powers against terrorism. The 2014 law increased French police and intelligence agencies’ … Continue Reading
While organizations in the EU will have to get used to the possibility of receiving fines of up to 4% of total worldwide annual turnover when the General Data Protection Regulation (GDPR) comes into force in roughly 2 years’ time, organizations in France should prepare for higher sanctions sooner.
A bill, passed by the French National Assembly on 26th January … Continue Reading
Speaking at a recent conference organized jointly by AmCham and EY on “the Internet of Things, Opportunities and Challenges for the Protection of Personal Data”, Sophie Nerbonne, Head of Compliance at the French data protection authority (the CNIL) explained how the CNIL views the opportunities and risks raised by connected devices, focusing particularly on smart meters as a scheme that … Continue Reading
Accountability has been described by the Article 29 Working Party as a way of “showing how responsibility is exercised and making this verifiable”.
Accountability is far from being a new concept. It was introduced back in 1980 in the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.
In 2010, … Continue Reading
On June 30, 2015, the French data protection authority, the CNIL, announced that it gave notice to 20 websites to comply with the consent requirements applicable to cookies.
After patiently waiting for almost a year to give websites the opportunity to comply with the cookie notice and consent rules explained in its official guidance from December 2013, the CNIL launched … Continue Reading
On 16 April 2015, the French data protection authority, the CNIL (Commission Nationale de l’Informatique et des Libertés), published its annual report for 2014. The CNIL’s annual report is an opportunity for the authority to report on its activities over the previous year as well as set out its priorities for the coming year. Significantly, a number of … Continue Reading
On 24 March, the French data protection authority (Commission Nationale de l’Informatique et Libertés – the “CNIL”) announced that it will soon make easier the practical implementation of intra-group transfers of data from French entities to entities located outside the European Union where groups of companies have adopted Binding Corporate Rules (BCRs). BCRs are becoming increasingly popular among multinationals … Continue Reading
In June 2013, the French National Commission on Information Technology and Liberties (Commission Nationale de l’Informatique et des Libertés, “CNIL”) announced that, following a question of Member of European Parliament Françoise Castex, it was going to investigate IP Tracking practices that e-commerce sites allegedly used to illegitimately increase their prices. This investigation was carried out in close connection with … Continue Reading