On 16 May 2022, the French data protection authority published preliminary criteria for the validity of cookies walls.
Continue Reading Fresh From the Oven: The CNIL’s Criteria for Allowing Cookie Walls in France
CNIL
Noteworthy Information in the French Data Protection Authority‘s (CNIL) Newly Published 2021 Annual Report
The French data protection authority, the CNIL, has published its annual report for 2021 (in French) which contains some useful information and figures notably on complaints, investigations and sanctions as well as standards of references issued by the CNIL in relation to specific processing activities.
- Complaints, Investigations and Sanctions
Complaints
In 2021, the CNIL received…
EDPB Coordinated Enforcement Action on Cloud under the CEF and the French CNIL’s 2022 Investigation Program
On February 15, 2022, the European Data Protection Board (“EDPB”) issued a press release announcing the launch of its first coordinated enforcement action, under the Coordinated Enforcement Framework (“CEF”) established in 2020 (see section 3 below). The initiative will focus on the use of Cloud based services by the public sector and will involve 22…
Cookies and the CNIL: Further Enforcement Actions by the French Data Protection Authority
The French data protection authority, the CNIL, has undertaken a long-term campaign to ensure the effectiveness of such its cookie rules under the moto: “refusing cookies should be as easy as accepting them”.
Its investigation and enforcement program started in October 2020, first based on the old 2013 version of the cookies rules…
Recommendations by the CNIL in the Context of COVID-19
On March 6, 2020, the CNIL published recommendations on the collection of personal data in the context of COVID-19. Health data is particularly protected within the framework of a series of regulations (notably GDPR, French Data Protection Act and French Public Health Code).
Restrictions
The CNIL insists that employers cannot take measures likely to impair the privacy of the data subjects, in particular, by collecting health data that would go beyond the management of suspected exposure to the virus.
For example, employers must refrain from collecting in a systematic and generalized manner, or through individual inquiries and requests, information relating to the search for possible symptoms presented by an employee/agent and their relatives. It is, therefore, not possible to implement, for example:
Continue Reading Recommendations by the CNIL in the Context of COVID-19
CNIL Makes Recommendations on “Bad Debtor Data Bases”
It is common for a company to create an exclusion file that allows it to identify “bad debtors” and exclude them from all future transactions.
The Commission nationale de l’informatique et des libertés (“CNIL”) published on 13 November the following recommendations for this type of data base.
Continue Reading CNIL Makes Recommendations on “Bad Debtor Data Bases”
CNIL Releases Software Tool For DPIA
On the 22 November, the CNIL released on its website an open source ready to use software tool for DPIAs, which can be downloaded for free.
The explanations on the website are currently only in French, but the CNIL’s intention is to have an English explanations as well.
Continue Reading CNIL Releases Software Tool For DPIA