menu

Personal data

23 April 2021 | Pauline Kubat

COVID-19: Joint opinion from the EDPB and the EDPS on the digital green certificate designed to facilitate travels within the EU

On March 17, 2021, the European Commission presented a proposal for a regulation to create a digital green certificate to facilitate free movement within the European Union in the current context of the COVID-19 pandemic.

This contemplated digital tool was discussed in a joint opinion from the European Data Protection Board and the European Data Protection Supervisor dated March 31, 2021, published on April 6, 2021.

Read more
15 April 2021 | Laure Marolleau

French Administrative Supreme Court rejects the suspension of the platform established in partnership between the French State and Doctolib and hosted by Amazon

In an order dated March 12, 2021, the Conseil d’Etat (French Administrative Supreme Court) refused to suspend the partnership between the French State and Doctolib in the context of the COVID-19 vaccination campaign.

The plaintiffs had requested this suspension in summary proceedings, arguing that the safeguards provided by Amazon Web Services for data hosting were insufficient.

Read more
11 March 2021 | Laure Marolleau

Cookies and trackers: Are your websites and mobile apps compliant?

When visiting a website or using mobile apps, users must be informed and give their consent before cookies or other trackers are deposited or read, unless these trackers benefit from one of the exemptions provided for by law.

Following the publication of its guidelines and recommendation on October 1, 2020, the French Data Protection Authority has given until March 31, 2021 to bring websites and mobile apps into compliance with the new rules.

Read more
26 February 2021 | Pauline Kubat

Opinion of the French Data Protection Authority on the contemplated extension of the Contact COVID digital information system

In a deliberation No. 2021-006 issued on January 19, 2021, the Commission Nationale de l’Informatique et des Libertés (French Data Protection Authority, hereinafter the “CNIL”) gave its opinion on a draft Decree aimed at strengthening the system for tracing the chains of COVID-19 transmission, known as the “Contact Covid” information system, as part of the French Government’s strategy to fight against the spread of the virus.

This article outlines the CNIL’s main observations and recommendations which aim at maintaining the protection of often sensitive personal data while the draft Decree foresees a considerable and substantial extension of the information collected.

Read more
27 November 2020 | Laure Marolleau

Personal Data: Carrefour fined in excess of 3 million euros

Having received several complaints against the Carrefour group, the French Data Protection Authority carried out inspections between May and July 2019 at Carrefour France (mass retail sector) and Carrefour Banque (banking sector).

During these inspections, it found a number of breaches in the processing of customer and potential user data, and consequently imposed a 2,250,000 euros fine on Carrefour France and a 800,000 euros fine on Carrefour Banque. The breaches mainly concerned the information provided to individuals and the respect for the rights of such individuals.

Read more
13 August 2020 | Laure Marolleau

The French Data Protection Authority imposes a 250,000 euros fine on Spartoo

The Commission Nationale de l’Informatique et des Libertés (French Data Protection authority or “CNIL”) has just imposed a penalty of 250,000 euros on Spartoo, a company specializing in the online sale of shoes. The CNIL noted several breaches of the GDPR, the general regulation on data protection which came into force on May 25, 2018.

This is the first penalty imposed by the CNIL as “lead supervisory authority” in cooperation with other EU supervisory authorities as the consumers (and their personal data) of Spartoo which is based in Grenoble extend beyond French borders.

Read more

All posts ared displayed

No more page

Next page

Load more