menu

Personal data

9 September 2021 | Laure Marolleau

French Data Protection Authority imposes a 1.75 million fine on AG2R LA MONDIALE

The French Data Protection Authority imposed on AG2R LA MONDIALE a 1.75 million euros fine for failing to comply with the obligations under the General Data Protection Regulation regarding data retention periods and information to be provided to individuals.

Two breaches were mainly highlighted: an excessive retention period for personal data and a lack of information provided to people during telemarketing calls by subcontractors.

Read more
23 April 2021 | Pauline Kubat

COVID-19: Joint opinion from the EDPB and the EDPS on the digital green certificate designed to facilitate travels within the EU

On March 17, 2021, the European Commission presented a proposal for a regulation to create a digital green certificate to facilitate free movement within the European Union in the current context of the COVID-19 pandemic.

This contemplated digital tool was discussed in a joint opinion from the European Data Protection Board and the European Data Protection Supervisor dated March 31, 2021, published on April 6, 2021.

Read more
15 April 2021 | Laure Marolleau

French Administrative Supreme Court rejects the suspension of the platform established in partnership between the French State and Doctolib and hosted by Amazon

In an order dated March 12, 2021, the Conseil d’Etat (French Administrative Supreme Court) refused to suspend the partnership between the French State and Doctolib in the context of the COVID-19 vaccination campaign.

The plaintiffs had requested this suspension in summary proceedings, arguing that the safeguards provided by Amazon Web Services for data hosting were insufficient.

Read more
11 March 2021 | Laure Marolleau

Cookies and trackers: Are your websites and mobile apps compliant?

When visiting a website or using mobile apps, users must be informed and give their consent before cookies or other trackers are deposited or read, unless these trackers benefit from one of the exemptions provided for by law.

Following the publication of its guidelines and recommendation on October 1, 2020, the French Data Protection Authority has given until March 31, 2021 to bring websites and mobile apps into compliance with the new rules.

Read more
26 February 2021 | Pauline Kubat

Opinion of the French Data Protection Authority on the contemplated extension of the Contact COVID digital information system

In a deliberation No. 2021-006 issued on January 19, 2021, the Commission Nationale de l’Informatique et des Libertés (French Data Protection Authority, hereinafter the “CNIL”) gave its opinion on a draft Decree aimed at strengthening the system for tracing the chains of COVID-19 transmission, known as the “Contact Covid” information system, as part of the French Government’s strategy to fight against the spread of the virus.

This article outlines the CNIL’s main observations and recommendations which aim at maintaining the protection of often sensitive personal data while the draft Decree foresees a considerable and substantial extension of the information collected.

Read more
27 November 2020 | Laure Marolleau

Personal Data: Carrefour fined in excess of 3 million euros

Having received several complaints against the Carrefour group, the French Data Protection Authority carried out inspections between May and July 2019 at Carrefour France (mass retail sector) and Carrefour Banque (banking sector).

During these inspections, it found a number of breaches in the processing of customer and potential user data, and consequently imposed a 2,250,000 euros fine on Carrefour France and a 800,000 euros fine on Carrefour Banque. The breaches mainly concerned the information provided to individuals and the respect for the rights of such individuals.

Read more

All posts ared displayed

No more page

Next page

Load more