In November 2023, the National Commission on Informatics and Liberty (CNIL), the French data protection authority, has announced having issued 10 new sanctions under its new simplified procedure following complaints with respect to geolocation of vehicles and video surveillance of employees, data minimization, right to object and lack of response to CNIL requests.
The New
The French National Commission on Informatics and Liberty (CNIL) – the French data-protection authority – finally updated its standard of best practice on whistleblowing in July 2023, to accompany the significant changes introduced to the whistleblower protection regulation in the second half of 2022.Continue Reading The French CNIL’s New Guidance on Whistleblowing
On July 10, the European Commission formally adopted the EU-U.S. Data Privacy Framework (DPF). The Commission’s adequacy decision (and the documentation package accompanying it, including the FAQ) brings welcome news: for certified DPF participants, personal data can flow between the European Economic Area (EEA) and the United States (U.S.
Each year, the French data protection authority, “CNIL”, conducts hundreds of investigations (345 in 2022) on the basis of complaints received, notification of data breaches, information conveyed by press or other media, but also annual priority topics set by the CNIL. These topics are the following for 2023.
Continue Reading Priority Topics for French CNIL Investigations in 2023: “Smart” Cameras, Mobile Apps, Bank and Medical Records
The French government has decided to act in the fight against the resurgence of cyberattacks, together with ransom demands, which have a significant impact on the economy. By anticipating the development of the cyber risk insurance market in France, the French government has decided to make the payment of insurance compensation conditional on the filing
Congratulations to Privacy World’s Kristin Bryan and Stephanie Faber, recognized as Legal Influencers (Q3 and Q4, respectively) by Lexology. Both lawyers were recognized regionally in the Technology, Media and Telecommunications category (TMT), with Kristin being acknowledged for the US and Stephanie for Europe. Lexology Legal Influencers recognizes industry thought leaders each quarter who
In a decision on October 27, 2022, the European Court of Justice has clarified the operators’ obligations regarding consent and the right to object in relation to public directories and information services.
Legal Context
The ePrivacy Directive contains several provisions relating to public directories and information services of telecommunications operators.
In particular, EU Member States
Following a sanction decision in November 2022 relating to the use for marketing by email, of a list purchased from a data broker, the CNIL (France’s Commission Nationale de l’Informatique et des Libertés) deemed it useful to remind on December 5, 2022 the rules applying to transfers customer lists.
The acquisition of such files allows
As of March 1, 2023, a series of restrictions on telephone solicitation will be added to those already in place in France.
Opening hours
Telephone canvassing will only be possible on weekdays (excluding public holidays) and only from 10 a.m. to 1 p.m. and from 2 p.m. to 8 p.m.
This measure applies even to
In December 2016, the “Sapin II” law introduced comprehensive mandatory whistleblowing schemes (amongst other things) for certain private and public sector organizations in France. This law became effective in 2018 and was amended in 2022 to transpose the “EU Whistleblower Directive.” The legal changes came into effect on 1 September 2022, and the implementation decree of 3 October 2022 took effect on 5 October 2022.
Scope
On 21 March 2022, France enacted a law (the Law) “aiming to improve the protection of whistleblowers” by making numerous amendments to the Sapin II law, as well as to the labor code, the public service code, the criminal code and other laws.
Consistent with the previous version of the Sapin II law, the new Law is not restricted to breaches of EU law, as provided for in the EU Whistleblower Directive, but extends to breaches of French law or a “threat or prejudice to the general interest.” The Sapin II law also separately provides for reporting on breaches to the company’s anti-corruption code of conduct.
The Law does not apply in cases where French or EU law establishes specific reporting regulations (notably as set out under Part II of the Annex to the EU Whistleblower Directive, covering EU law in the fields of financial services, AML-CFT, transport and environment).
Moreover, transposing the EU Directive, the new Law expands the types of information falling outside its scope to include information protected by the secrecy of judicial deliberations and judicial investigations, in addition to information protected by national defense secrecy, medical secrecy, and lawyers’ professional secrecy.Continue Reading France Updates its Whistleblower Protection to Transpose the EU Whistleblower Directive