France

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

CJEU Rules Consumer Associations Can File Data Infringement Class Actions Without a Consumer Mandate

CPW’s Scott Warren Joins Faculty

The French data protection authority, the CNIL, has published its annual report for 2021 (in French)  which contains some useful information and figures notably on complaints, investigations and sanctions as well as standards of references issued by the CNIL in relation to specific processing activities.

  1. Complaints, Investigations and Sanctions

Complaints

In 2021, the CNIL received

By amending the “Sapin II” law, France has become the fourth EU country to transpose the EU Whistleblower Directive as of 21 March 2022, following Denmark, Sweden and Portugal.

Sapin II introduced, in December 2016, mandatory whistleblowing schemes (amongst other things) for certain private and public sector organisations.

Scope

On 21 March 2022, France enacted

On Thursday, March 17, at 2pm Paris time, CPW’s Stephanie Faber and Jonathan Perez, CIPP/E, Data Privacy Director EMEA at Estée Lauder Companies Europe, will present a session titled “International Data Protection Update” in French.

Stephanie and Jonathan will discuss new US State Privacy Acts, Brazil’s General Data Protection Act, China’s Personal Information Protection

On February 15, 2022, the European Data Protection Board (“EDPB”) issued a press release announcing the launch of its first coordinated enforcement action, under the Coordinated Enforcement Framework (“CEF”) established in 2020 (see section 3 below). The initiative will focus on the use of Cloud based services by the public sector and will involve 22

In case you missed it, below is a summary of recent posts from CPW.  Please feel free to reach out if you are interested in additional information on any of the developments covered.

2021 Year in Review: Data Breach and Cybersecurity Litigations | Consumer Privacy World

2021 Year in Review: Financial Privacy Litigation and Developments

The French data protection authority, the CNIL, has undertaken a long-term campaign to ensure the effectiveness of such its cookie rules under the moto: “refusing cookies should be as easy as accepting them”.

Its investigation and enforcement program started in October 2020, first based on the old 2013 version of the cookies rules

On March 6, 2020, the CNIL published recommendations on the collection of personal data in the context of COVID-19. Health data is particularly protected within the framework of a series of regulations (notably GDPR, French Data Protection Act and French Public Health Code).

Restrictions

The CNIL insists that employers cannot take measures likely to impair the privacy of the data subjects, in particular, by collecting health data that would go beyond the management of suspected exposure to the virus.

For example, employers must refrain from collecting in a systematic and generalized manner, or through individual inquiries and requests, information relating to the search for possible symptoms presented by an employee/agent and their relatives. It is, therefore, not possible to implement, for example:
Continue Reading Recommendations by the CNIL in the Context of COVID-19