France

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Are Data Practice Risk Assessments at Risk in the US?

FCC Moves Forward with Proposed Rules for Use of Artificial

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.Continue Reading Privacy World Week in Review

Context

Businesses are under pressure from a range of internal and external stakeholders to create and maintain genuinely diverse and inclusive workplaces. Consequently, more and more businesses want to collect and track Diversity and Inclusion (“D&I”) data about their staff. This may include information about gender, sexual orientation, race, ethnic origin, religion, socio-economic background health, and disability. This information may help organizations better understand the current profile of their workforce, assess the impact of their equal opportunities policies, determine what steps they may need to take to address any barriers to change and measure progress against any objectives/targets set.

However, in some countries, collection and tracking of such data is regulated by various laws and it is socially and culturally inappropriate to ask certain questions in this area.

In France, various regulations and case law restrict the collection of such data, including the EU General Data Protection Regulation (“GDPR”). There is a particular sensitivity in relation to origin/race/ethnicity data (as notably stated in a decision from the French Constitutional Council of 15 November 2007 sanctioning the collection of such data in this context).

Draft recommendation

To guide organizations wishing to implement diversity measurement surveys, the CNIL is submitting a recommendation for public consultation until September 13, 2024 (the “Draft Recommendation”).

It notably includes GDPR-specific recommendations that were not in the guide “Measuring to progress towards equal opportunities” that the CNIL had published with the Defender of Rights twelve years ago (the “Guide”).

The recommendation addresses the following issues in relation to diversity surveys.Continue Reading Measuring Diversity at Work in France: the CNIL Launches a Public Consultation on a Draft Recommendation

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

FCC Acts to Protect Consumer Data by Strengthening Customer Proprietary Network Information and Number Porting Rules | Privacy World

Considering

In November 2023, the National Commission on Informatics and Liberty (CNIL), the French data protection authority, has announced having issued 10 new sanctions under its new simplified procedure following complaints with respect to geolocation of vehicles and video surveillance of employees, data minimization, right to object and lack of response to CNIL requests.

The New

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

China Generative AI New Provisional Measures | Privacy World

Red Hot Enforcement Summer: No Vacation for California and Colorado Privacy

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

The French CNIL’s New Guidance on Whistleblowing | Privacy World

SEC Adopts Final Cybersecurity Risk Management and Incident Disclosure Regulations

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

South Korea Consults on Draft Decree to Personal Information Protection Act | Privacy World

Bilingual Draft of China’s Standard Contract

Stephanie Faber will be speaking at the 3rd Annual France-Singapore Symposium on Law and Business which will take place in Paris on May 11-12, 2023.

The symposium is organized by the Singapore Academy of Law, Embassy of France in Singapore in collaboration with Paris Bar, the Université Paris 1 Panthéon-Sorbonne, the Asian Business Law

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

UNSUBSCRIBED! — FTC Proposes Substantial Amendments to the Negative Option Rule to Cover all Autorenewals, including B2B Services, and Add