On April 15, the Commission Nationale de l'Informatique et des Libertés (French Data Protection authority, hereinafter the “CNIL”) presented its 2018 activity report, i.e. the assessment that it draws from its activities during the year 2018 which has been marked by the application of the General Data Protection Regulation and the new French Data Protection Act.
From the CNIL's assessment and the decisions it took in 2018, we can learn lessons to prevent the risks incurred when processing personal data.
The combined reading of the thorough analysis made by the Court in this recent decision and in the previous decision concerning Twitter offers a valuable framework for identifying provisions that may be considered abusive or unlawful within the meaning of French consumer law and the legislation on the protection of personal data.
On January 21, 2019, the Commission nationale de l’informatique et des libertés (French Data Protection Authority) fined Google LLC 50 million euros under EU Regulation known as the General Data Protection Regulation (“GDPR”) for lack of transparency, inadequate information and lack of valid consent as regards personalized advertisements.
This is the largest fine imposed in relation to the GDPR, the key text in the field of data protection, that came into force on May 25, 2018.
The blockchain is a technology a personal data processing can rely on. Its very specific characteristics raise difficulties for the implementation of the obligations imposed by the General Data Protection Regulation (GDPR).
On September 24, 2018, the CNIL (The French Data Protection Authority) issued its first analysis and recommendations for those who wish to use the blockchain when they process personal data.
Twitter was ordered to change all of its contractual documentation intended for French users and to make the entire judgment publicly available.
250,000 euros. This is the amount of the fine imposed by the Commission Nationale de l’Informatique et des Libertés (French Data Protection Authority or “CNIL”) on Optical Center, a French company specialized in optics, for having failed to properly secure its website www.optical-center.fr.
This is the first time that the CNIL imposes such a heavy fine. And this is not under the General Data Protection Regulation (“GDPR”) which provides that companies may be fined up to 20 million euros and 4% of their turnover.
Law n°2018-493 of June 20, 2018 on the protection of personal data was promulgated on June 20, 2018 and published in the Official Journal on June 21, 2018.
The purpose of this new Law is to adapt Law n° 78-17 of January 6, 1978 on information technology, data files and liberties to UE law following the General Data Protection Regulation that entered into force on May 25, 2018 (a Regulation is binding in its entirety and directly applicable in all EU Member States) and Directive 2016/680 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties (a Directive is binding on Member States as to the result to be achieved but leaves them the choice of the form and method) that ought to be transposed into domestic law by May 6, 2018.
The EU General Data Protection Regulation will take effect on May 25, 2018. Companies must take steps to ensure an enhanced protection of personal data, failing which they will face heavy fines of up to 4% of their annual turnover. The GDPR – that includes 99 articles and 173 recitals – combines both legal and technical provisions that promote an accountability approach. What are the key practical implications for businesses?
In a deliberation dated January 8; 2018, the Commission Nationale de l'Informatique et des Libertés (French Data Protection Authority or “CNIL”) imposed a 100,000 euros fine on Darty (a leader in the retail of entertainment and leisure products, consumer electronics and household appliances) for not having sufficiently secured the data of its customers who had made online requests for after-sale services.
The sanction imposed by the CNIL serves as a warning to companies which must comply with the General Data Protection Regulation that will enter into force on May 25, 2018.
The very much expected Regulation n°2016/679 of the European parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (also known as “General Data Protection Regulation” or “GDPR”) has just been published on the Official Journal of the European Union (OJ, L 119, May 4, 2016).
Based on a proposal from the European Commission of January 25, 2012, this Regulation jointly adopted by the European Parliament and the Council repeals Directive 95/46/EC and provides for a general and unique framework for the data protection in Europe.
In this article (Part II; Part I published last month), we propose to identify the most important innovations in this Regulation.
Ce site utilise des cookies pour vous proposer une expérience de navigation personnalisée. En utilisant ce site, vous acceptez notre usage des cookies comme expliqué dans nos Mentions Légales
Merci de lire nos Mentions Légales pour plus d'informaiton sur notre usage des cookies.AccepterEn savoir plus au sujet des cookies