Tag: CNIL

CNIL released results of public consultation report about the GDPR

2. December 2016

CNIL, the French Data Protection Authority,  just released the report of the public consultation. This report refers to the consultation of  professionals about the upcoming General Data Protection Regulation, GDPR.

The basis of the report were 540 replies from 225 contributors and the main aspects relate to:

  • the Data Protection Officer, DPO
  • the right to data portability,
  • the data protection impact assessments and
  • the certification mechanism.

The report states that there are questions on how the requirements of the GDPR should be applied in practice. Some of the most frequently asked questions are:

  • What is considered to be a conflict of interest – who can be appointed?
  • Can a DPO be whole a team? Can a DPO be a legal person?
  • What kind of investments will need to be made in order to implement the right to data portability?

Therefore, CNIL announced that some national communication campaigns will be launched and that there will be training sessions and workshops in cooperation with the current CILs, Correspondants Informatique et Libertés.

 

Category: General
Tags:

The application of the right to be forgotten in France challenged by Wikimedia

24. October 2016

Since the ECJ established the right to be delisted from search engines (right to be forgotten) in 2014, Google has received numerous requests from individuals and organizations regarding the deletion of search results that contain their personal data which is not any more current, correct, relevant or which causes damages to the data subjects. The right to be forgotten refers to certain domains, such as co.uk; fr, de, es or nl.

However the French DPA requested Google to delete these results from all Google search domains (including .com). As Google did not fully comply with this request, the French DPA (CNIL) imposed Google a fine early this year.

As the French Highest Court has still to decide about this, Wikimedia, the parent company of Wikipedia, filed a petition in order to take part in the case and support Google France regarding the ongoing dispute about implementation of the “right to be forgotten”. Wikimedia’s legal counsel said in a statement that “no single nation should attempt to control what information the entire world may access”. Furthermore, she added that the application of the right to be forgotten involves the disappearance of several Wikimedia websites, which has an impact on the availability of knowledge.

Not only in France, but also in other jurisdictions is Google facing similar processes regarding the application of the right to be forgotten.

French DPA launches public consultation on GDPR

21. June 2016

In June 2016, a public consultation process about the GDPR was opened by the French DPA (CNIL). The consultation is based on the topics that the WP 29 identified as having priority in its action plan for the implementation of the GDPR, published beginning 2016.

The consultation aims at encouraging stakeholders to formulate questions regarding the GDPR in order to identify potential interpretation difficulties. Once the main questions and difficulties have been addressed, the WP 29 will issue guidelines regarding the relevant topics. The CNIL also offers the possibility to formulate questions about other topics, which are not directly mentioned in the consultation.

The main topics that are object of the current consultation are the institution of the DPO, Privacy Impact Assessments (PIA), data protection certifications and the right to data portability.

The consultation is opened until the 15th July 2016 and stakeholders can participate through the CNIL´s website. After that, the French DPA will publish a summary with the contributions.

The French DPA fines Google

29. March 2016

The French Data Protection Authority (“CNIL”) fines Google for data protection violation. In May 2014, the European Court of Justice had decided, that citizens could request search engines to delist inadequate or irrelevant web search results of themselves; the so-called “right-to-be-forgotten” was born.

The CNIL has now fined the US search engine 100.000 Euros over the right-to-be-forgotten, since Google just delisted web search results regionally, for instance only accross their European websites, such as google.fr and not also on the google.com website. By delisting web search results of a person only regionally, the data subject will practically not be able to exercise her/his right-to-be-forgotten efficiently. Search engines should instead delist search results from all their domains.

Authorization of the French DPA to process Personal Data for litigation purposes

26. February 2016

In February 2016, the French DPA (CNIL), published a single decision (AU-046) addressed to cover data processing activities from public organisms and private organizations for the purpose of managing and enforcing court actions.

The CNIL states that corporations may process certain categories of personal data, such as criminal convictions, offences or security measures in this context, in order to defend their interests in court. Art. 25. I. 3° of the French Data Protection Act, regulates the processing of these categories of personal data, for which a prior authorization from the CNIL is required. Also the prevention of criminal offences falls under the scope of this article. However, this article does not apply if the offences and criminal convictions are not related to the criminal sphere.

The AU-046 aims at accelerating and simplifying the process to obtain CNIL´s authorization for the processing of these personal data categories. The scope of application of this authorization is the processing related to offenses, convictions and security measures to prepare, perform and follow disciplinary action or judicial proceedings and, if necessary, to enforce the decision.

This authorization concerns all sectors and all types of litigation.

Category: French DPA
Tags: ,
Pages: Prev 1 2 3 4
1 2 3 4