Subscribe to France RSS Feed

Recommendations by the CNIL in the Context of COVID-19

On March 6, 2020, the CNIL published recommendations on the collection of personal data in the context of COVID-19. Health data is particularly protected within the framework of a series of regulations (notably GDPR, French Data Protection Act and French Public Health Code). Restrictions The CNIL insists that employers cannot take measures likely to impair … Continue Reading

Final Call to Participate in the CNIL’s Consultation on Cookies Rules

On 21 January 2020, the CNIL launched a public consultation on the proposed guidelines for cookies and other trackers, which is open until 25 February 2020. The proposed guidelines are presented as “non-binding” and aim to assist organisations to comply with the regulation by providing practical examples of how to obtain consent. However, the CNIL … Continue Reading

Public Consultation in France on the Transposition of the European Electronic Communications Code (Directive 2018/1972 of December 11, 2018)

The French government has launched a public consultation on the transposition of Directive (EU) 2018/1972 December 11, 2018, establishing the EU Electronic Communications Code (EECC), which must be transposed before December 21, 2020. What Is It About? The consultation concerns the draft modification of the French Postal Services and Electronic Communications (CPCE) and French Consumer … Continue Reading

Use of the Social Security Number in France

Under article 87 regulation (EU) 2016/679 General Data Protection Regulation GDPR, member states may define the specific conditions for the processing of a national identification number or any other identifier of general application. As discussed below, France has made an interesting application of this rule regarding, in particular, the social security number. … Continue Reading

Claims Against the CNIL’s Decision to Grant an Adaptation Period for Compliance on Cookie Consent Rules Dismissed

The French Council of State considers legal, the Commission Nationale de l’Informatique et des Libertés (CNIL), decision to engage in a consultation to define the new practical modalities of expression of consent in the matter of targeted advertising, and to grant a period of adaptation to the stakeholders. Context Pending the finalization of the new … Continue Reading

No More Games! The CNIL Publishes its 2018 and 2019 Activity Report

The CNIL blows the whistle for the end of the transition period.  For the first time, the CNIL’s 2019 investigation program is not specific to an industry and potentially impacts controllers and processors throughout all sectors of business. Going forward, the CNIL will also be more thorough and less lenient. 2019 Program Investigation program CNIL’s … Continue Reading

France Launches Consultation on Regulation for Biometrics at Work  

The General Data Protection Regulation (GDPR) applicable since 25 May 2018 , modifies the legal rules on the use of  biometric data. The processing of biometric data for the purpose of “uniquely identifying a natural person”  is, as a matter of principle, prohibited under Article 9 GDPR . Amongst the authorised exceptions is the processing “necessary … Continue Reading

France Issues New Rules for the Accreditation of Health Data Hosting Services Providers

As some companies may have experienced already, the French Public Health Code (Article L.1111-8) requires that services providers hosting certain types of health/medical data (in French “hébergeurs de données de santé” or “HDS”) be accredited for this activity. The accreditation procedure is changing, effective 1 April 2018, from an authorisation procedure to a certification… Continue Reading

France’s Law to Accompany the GDPR and EU Directive Published

On December 13, 2017 the French Ministry of Justice published a draft law to accompany the implementation within France of the General Data Protection Regulation 2016/679 (GDPR) and the Directive 2016/680, governing the handling of data in law enforcement situations. The following are some of the noticeable change brought by the draft law with respect … Continue Reading

A New French Scientific Committee For Cybersecurity of Medical Device Software

The French  National Agency for Safety of Medicines and Health Products (Agence nationale de sécurité du médicament et des produits de santé or ANSM) has announced on its website in October 2017 the  creation of a  “temporary specialized scientific committee” (comité scientifique spécialisé temporaire CSST) on the cybersecurity of medical device software.… Continue Reading

The CNIL Publishes Compliance Pack for Connected Cars

On October 17, 2017, the French data protection authority, the CNIL, released a “compliance pack” for connected cars. This toolkit provides guidance to stakeholders on how to integrate data protection by design and by default into their production pipeline, enabling data subjects to have effective control over their data. Developed by the CNIL in consultation with … Continue Reading

Survey of the National GDPR Implementation Laws of Key Member States

While the GDPR compliance clock is ticking for companies, EU Member States have also been preparing for the implementation of the General Data Protection Regulation (“GDPR”) which will become enforceable on May 25, 2018. The GDPR will be directly applicable in all EU Member States without the need for implementing national laws. However, apart from … Continue Reading