In December 2016, the “Sapin II” law introduced comprehensive mandatory whistleblowing schemes (amongst other things) for certain private and public sector organizations in France. This law became effective in 2018 and was amended in 2022 to transpose the “EU Whistleblower Directive.” The legal changes came into effect on 1 September 2022, and the implementation decree of 3 October 2022 took effect on 5 October 2022.

Scope

On 21 March 2022, France enacted a law (the Law) “aiming to improve the protection of whistleblowers” by making numerous amendments to the Sapin II law, as well as to the labor code, the public service code, the criminal code and other laws.

Consistent with the previous version of the Sapin II law, the new Law is not restricted to breaches of EU law, as provided for in the EU Whistleblower Directive, but extends to breaches of French law or a “threat or prejudice to the general interest.” The Sapin II law also separately provides for reporting on breaches to the company’s anti-corruption code of conduct.

The Law does not apply in cases where French or EU law establishes specific reporting regulations (notably as set out under Part II of the Annex to the EU Whistleblower Directive, covering EU law in the fields of financial services, AML-CFT, transport and environment).

Moreover, transposing the EU Directive, the new Law expands the types of information falling outside its scope to include information protected by the secrecy of judicial deliberations and judicial investigations, in addition to information protected by national defense secrecy, medical secrecy, and lawyers’ professional secrecy.

Continue Reading France Updates its Whistleblower Protection to Transpose the EU Whistleblower Directive

On December 1st, CPW’s Tokyo partner, Scott Warren, will be speaking at the 8th Annual International Arbitration & Corporate Crime Summit, hosted by LegalPlus, in Tokyo, Japan. 

In his topic “Cyber Breach Response, Regulatory Investigations and Disputes,” Scott will discuss top items in preparing for and responding to data incidents, along with effective handling of the regulatory investigations, litigation and other disputes that can often follow. The event is in-person and is free for in-house counsel. 

For more information on the event and how to register, please visit the summit website, or contact Bettina at legalpluseventsasia@legalplus-asia.com.

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Our Team Joined the Discussion on the Stage of the Global Data Protection Congress 2022 | Consumer Privacy World

Have You Updated Your French B2C T&Cs Yet? | Consumer Privacy World

Squire Patton Boggs Takes Part in Two Metaverse Conferences in Brussels and Paris | Consumer Privacy World

FCC Acts to Protect Consumer Privacy from Unwanted Ringless Voicemails | Consumer Privacy World

Cybersecurity Law Report Features CPW Authors’ Insights on the EU’s Latest SCC’s Guidance   | Consumer Privacy World

WEBINAR Federal Privacy Legislation: Within Reach After a Decade of Debate. If So, What Next?

Federal Court Dismisses Biometric Privacy Class Action Brought Against University, On Basis It Was a Regulated “Financial Institution”

Recent BIPA Opinion Illustrates Continued Uncertainty Underlying Core Issues in Biometric Privacy Class Action Litigation

Federal Court Rules in Favor of LinkedIn’s Breach of Contract Claim after Six Years of CFAA Data Scraping Litigation

CPW’s Kristin Bryan, Scott Warren, and James Brennan to Speak at Conference on Data Privacy, Cybersecurity, and Governance, Risk & Compliance

More than 10 Squire Patton Boggs European Data Privacy, Cybersecurity and Digital lawyers attended last week’s Brussels Data Protection Congress.

At the congress, Counsel Diletta De Cicco participated in a panel with journalists Luca Bertuzzi from Euractiv and Vincent Manancourt from POLITICO. They explored the topic: Is the Press the (Best) GDPR Enforcer? The discussion focused on the perceived lack of effective enforcement of the GDPR and the different roles the press plays in filling the enforcement void – such as setting enforcement priorities, triggering investigations, raising awareness, or even acting as a deterrent.

The panelists underlined that the regulators still play a primary role in enforcement but acknowledged their own influence on concrete enforcement actions. They also shared valuable insights into their day-to-day work and their rapport with regulators, lawyers, and other industry stakeholders. Both panelists noted the importance of building a network and being a “people person,” as well as the challenges of considering divergent points of view when covering a story. As a wish list for the future, the panelists called for more focus on other sectors besides the big tech and emphasized the importance of having more journalists specializing in tech topics.

Since October 1, 2022, new obligations relating to the warranties of conformity and of hidden defects, as well as new warranties for digital content and services, have come into force and require the update of the consumer Terms and Conditions.

Context

The changes were made by the decree n°2022-946 of June 29, 2022, “relating to the statutory warranty of conformity for goods, digital content and digital services,” which came into effect on October 1, 2022.

This decree revises and completes the regulatory provisions of the French consumer code following the reform carried out by Ordinance No. 2021-1247 of September 29, 2021, which transposed European Directives (EU) 2019/770 “on certain aspects concerning contracts for the supply of digital content and digital services” and (EU) 2019/771 “on certain aspects concerning contracts for the sale of goods.”

The objective of these texts is to modernize the statutory warranty of conformity and consumer contracts to strengthen consumer protection and create a statutory warranty for the provision of digital content or digital services.

Continue Reading Have You Updated Your French B2C T&Cs Yet?

The discussions on the metaverse are heating up, with partner Charles Helleputte speaking at two specialist conferences in the coming week.

At the Abilways conference in Brussels on 28 November, titled Digital finance and transformation of banks, he will discuss the use of new technologies in the financial sector and examines challenges, such as ethics and legal issues (also) from the perspective of EU data privacy rules.

At the “Innovation Month” event in Paris on 29 November, titled Quoi de neuf dans le métavers, he will address the treatment of personal data in the metaverse, with emphasis on the protection of vulnerable groups such as minors, workers, persons with disabilities, etc.

Join us at the conferences to gain practical insight into the complexities of the metaverse and the associated legal issues across various industries.

In February of this year, Federal Communications Commission (“FCC”) Chairwoman Jessica Rosenworcel announced that she had submitted a proposal to her colleague Commissioners to regulate “ringless voicemails” to wireless phones under the Telephone Consumer Protection Act (“TCPA”). She noted that “‘[r]ingless voicemail can be annoying, invasive, and can lead to fraud like other robocalls—so it should face the same consumer protection rules…’” The proposal would require that “callers to obtain a consumer’s consent before delivering a ‘ringless voicemail,’ a message left in their mailbox without ringing their cell phone.”

On November 21, 2022, the FCC released a unanimous Declaratory Ruling and Order (“Ruling”) finding that “‘ringless voicemail’ to wireless phones requires consumer consent because it is a ‘call’ made using an artificial or prerecorded voice and thus is covered by section 227(b)(1)(A)(iii) of the 1991 Telephone Consumer Protection Act…” The FCC acted even though All About the Message (“AATM”), who filed the initial petition arguing for various reasons that the TCPA did not apply to ringless voicemail, filed a letter to withdraw the request. The agency noted “substantial attention from commenters, and members of Congress, and the applicability of the TCPA to ringless voicemail technology has been the subject of considerable recent litigation…” warranted addressing the issue. Indeed, the FCC’s Consumer and Governmental Affairs Bureau received over 8,000 comments and replies in connection with the AATM petition, almost all in opposition.

The FCC declared that AATM’s ringless voicemail technology was a “call” under the TCPA for the same reasons that the FCC found in 2015 that computer-generated text messages sent to a carrier’s text server were calls for TCPA purposes. The fact that the “calls” were directed to the consumer’s wireless telephone number was a key fact – “the telephone number assigned to a consumer’s wireless phone and associated with the voicemail account is a necessary and unique identifier for the consumer in the ringless voicemail context.” The agency concluded that its Ruling is consistent with the ordinary meaning of “call” and the legislative history and purpose of the TCPA. 

Among other things, the Commission rejected the AATM argument that ringless voicemail is “non-invasive.” The agency’s Ruling noted: “As the commenters and complainants explain, consumers cannot block these messages and consumers experience an intrusion on their time and their privacy by being forced to spend time reviewing unwanted messages in order to delete them. The consumer’s phone may signal that there is a voicemail message and may ring once before the message is delivered, which is another means of intrusion. Consumers must also contend with their voicemail box filling with unwanted messages, which may prevent other callers from leaving important wanted messages.”

The Ruling, which became effective on its release, applies to “any entity that provides ringless voicemail using the end user’s mobile telephone number to direct the ringless voicemail message to a mailbox associated with the end user’s mobile phone.”

The Cybersecurity Law Report recently featured a guest article from CPW’s Diletta De Cicco and Charles Helleputte. The article sorts out the key aspects of the latest EU FAQs, offers interpretation insights around some more ambiguous provisions, and provides practical thoughts in areas where the FAQs are silent. Check out the full article (subscription required) and get some practical tips ahead of the upcoming December 27, 2022, deadline by which your old SCCs need to be transitioned to the new EU modules.

The Cybersecurity Law Report provides a business analysis of critical legal issues related to the cybersecurity, data protection and data privacy challenges facing entities across industries.  

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

WEBINAR Federal Privacy Legislation: Within Reach After a Decade of Debate. If So, What Next?

Federal Court Dismisses Biometric Privacy Class Action Brought Against University, On Basis It Was a Regulated “Financial Institution”

Recent BIPA Opinion Illustrates Continued Uncertainty Underlying Core Issues in Biometric Privacy Class Action Litigation

Federal Court Rules in Favor of LinkedIn’s Breach of Contract Claim after Six Years of CFAA Data Scraping Litigation

CPW’s Kristin Bryan, Scott Warren, and James Brennan to Speak at Conference on Data Privacy, Cybersecurity, and Governance, Risk & Compliance

Registration Open: Compliance Week’s Cyber Risk & Data Privacy Virtual Summit 2023

Federal Court Sanctions Company for Spoilation of Evidence Over Arguments Data Settings Changed to Comply with CCPA and ISO Requirements

Ed Tech Company’s Four Data Breaches in Three Years Leads to FTC Enforcement Action

The California Privacy Protection Agency (CPPA) Releases California Privacy Rights Act (CPRA) Modified Regulations for Public Comment

The California Privacy Protection Agency (CPPA) Decides on a Roadmap for Revised California Privacy Rights Act (CPRA) Regulations

Burn After Reading… Data Retention Compliance

CPW’s Kristin Bryan joins two of Squire Patton Boggs’ policy experts – Beth Goldstein and Jeffrey Turner – to discuss one of the most critical pieces of privacy legislation in years, the American Data Privacy and Protection Act (ADPPA), for Lexology’s Masterclass series. This game-changing privacy legislation not only has potential far-reaching impact, but it could also be in effect within the next year. Join us for an insightful look at what this legislation means for businesses and consumers.

Wednesday, December 7, 2022

11 a.m. ET

More details and registration

Key topics:

  • Current policy and political landscape in Congress and in state capitals
  • Main provisions of the ADPPA
  • Recent state legislative developments driving Congressional action
  • Limitations on the Federal Trade Commission’s power to regulate privacy in the absence of federal legislation
  • Ongoing litigation and future risks
  • Sovereigns vs. corporate distinctions

We hope you can join us on December 7!