The French data protection authority CNIL issued on December 16, 2013, its
recommendations (source document in French) for the
implementation of cookies in compliance with the data protection
regulations applicable in France. In a communication (source document in French)
dated July 11, 2014, CNIL indicated that, as of October 2014, it
will be monitoring and enforcing compliance with these regulations.
CNIL will specifically be analyzing compliance on key issues
including (i) the types of cookies that are implemented, (ii) the
purposes of such data processing, (iii) how consent from the data
subject is obtained when required, and (iv) whether the data
subjects are duly informed about the implementation of cookies.
Businesses with websites that target French users should promptly
ensure compliance of their cookie implementation policy with French
data protection regulations.
DPA Authorizes Screening Processes More Widely
In a May 6 decision (source document in French),
the Commission Nationale de l'Informatique et des
Libertés ("CNIL") authorized the French
subsidiary of an international group outside of the banking and
financial sectors to implement personal data processing of its
commercial partners for screening purposes, in order to prevent
risks of corruption and money laundering. This decision shows that,
subject to compliance with strict conditions, the CNIL is willing
to authorize such screening processes implemented for compliance
with foreign law requirements (such as the Foreign Corrupt
Practices Act in the United States or the UK Bribery Act) even
though the data controller is not subject to a French law screening
DPA Warns Freight Company Following Leak
CNIL warned (source document in French) an
international logistics, freight, and express mail company that it
had violated a 1978 information privacy law when it was discovered
that personal data for nearly 700,000 clients of the company was
freely accessible on the internet. CNIL's warning cited the
company's failure to institute time-limiting measures on
document retention and failure to independently verify the security
of an information system designed by a third party.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
In this article Filippo Noseda examines the impact of the Common Reporting Standards (CRS), based on practical examples of data transfer and data breaches and analysed in the light of general tax law principles.
Four years after the overhaul of European data protection laws began, the final text of the new General Data Protection Regulation (GDPR) was approved in Spring 2016 and the new rules will come into effect on 25 May 2018.
This update is dedicated to covering the latest legislative developments affecting the way data is managed and protected, as well as reporting on the most recent news governing data breaches and industry developments.
The market of the so-called "connected vehicles" has been considerably growing since 2015. According to a recent study by AlixPartners, 78 million of connected vehicles will be commercialized in 2018, generating a EUR40 billion turnover.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).