French National Commission on Informatics and Liberty (CNIL)

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Singapore Unveils Guide on Synthetic Data Generation: A Strategic Resource for AI Decision-Making

Singapore Consults on Cybersecurity Guidelines for AI

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.Continue Reading Privacy World Week in Review

Context

Businesses are under pressure from a range of internal and external stakeholders to create and maintain genuinely diverse and inclusive workplaces. Consequently, more and more businesses want to collect and track Diversity and Inclusion (“D&I”) data about their staff. This may include information about gender, sexual orientation, race, ethnic origin, religion, socio-economic background health, and disability. This information may help organizations better understand the current profile of their workforce, assess the impact of their equal opportunities policies, determine what steps they may need to take to address any barriers to change and measure progress against any objectives/targets set.

However, in some countries, collection and tracking of such data is regulated by various laws and it is socially and culturally inappropriate to ask certain questions in this area.

In France, various regulations and case law restrict the collection of such data, including the EU General Data Protection Regulation (“GDPR”). There is a particular sensitivity in relation to origin/race/ethnicity data (as notably stated in a decision from the French Constitutional Council of 15 November 2007 sanctioning the collection of such data in this context).

Draft recommendation

To guide organizations wishing to implement diversity measurement surveys, the CNIL is submitting a recommendation for public consultation until September 13, 2024 (the “Draft Recommendation”).

It notably includes GDPR-specific recommendations that were not in the guide “Measuring to progress towards equal opportunities” that the CNIL had published with the Defender of Rights twelve years ago (the “Guide”).

The recommendation addresses the following issues in relation to diversity surveys.Continue Reading Measuring Diversity at Work in France: the CNIL Launches a Public Consultation on a Draft Recommendation

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Privacy Challenges for Digital Advertising, Particularly in Europe

The Online Safety Act: Does this present a difficult balancing act for

Today at a panel before the International Association of Privacy Professionals (“IAPP”) – Europe Data Protection Congress in Brussels, leading European Union (“EU”) data protection authority commissioners cast doubt on the notion that there could ever be a lawful basis for targeted advertising based on behavioral profiling, referred to often as interest-based advertising (“IBA”).Continue Reading Privacy Challenges for Digital Advertising, Particularly in Europe

In November 2023, the National Commission on Informatics and Liberty (CNIL), the French data protection authority, has announced having issued 10 new sanctions under its new simplified procedure following complaints with respect to geolocation of vehicles and video surveillance of employees, data minimization, right to object and lack of response to CNIL requests.

The New

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

India Welcomes Landmark Data Protection Law | Privacy World

Join Us Live in Washington DC on September 19: Avoiding Litigation

The French National Commission on Informatics and Liberty (CNIL) – the French data-protection authority – finally updated its standard of best practice on whistleblowing in July 2023, to accompany the significant changes introduced to the whistleblower protection regulation in the second half of 2022.Continue Reading The French CNIL’s New Guidance on Whistleblowing