Even the French Data Protection Authority (CNIL –
Commission Nationale de l’Information et des Libertés)
can be sued for the violation of its own recommendations. Following
is its recommendation regarding the anonymization of personal data
on jurisprudence databases (deliberation n°01-0577 from the
November 29, 2001).
On April 11, 2013, the CNIL sanctioned Total Raffinage Marketing
for several breaches of the Act of January 6, 1978 regarding the
setting up of an electronic voting system. The company E., which
created the electronic system, was not prosecuted, but participated
freely in the proceeding. The decision was published on the CNIL
website and on Legifrance.
The company E., having not been sued in that proceeding, asked
the President of the CNIL to remove its name from the published
decision. The CNIL refused this request by decision of August 19,
The company E. then brought a claim before the Conseil
d’Etat (supreme administrative court) on grounds of
exceedance of powers, asking for the invalidation of the
The Conseil d’Etat:
invalidated the August 19, 2013 decision explaining that the
CNIL had to accept the company E. anonymization request as it was
ordered the CNIL to proceed with the anonymization of the
document within fifteen days starting from the notification of that
To conclude, this decision confirms that National Data
Protection Authorities are, of course, also subjected to data
protection's legal framework.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
In this article Filippo Noseda examines the impact of the Common Reporting Standards (CRS), based on practical examples of data transfer and data breaches and analysed in the light of general tax law principles.
Four years after the overhaul of European data protection laws began, the final text of the new General Data Protection Regulation (GDPR) was approved in Spring 2016 and the new rules will come into effect on 25 May 2018.
This update is dedicated to covering the latest legislative developments affecting the way data is managed and protected, as well as reporting on the most recent news governing data breaches and industry developments.
The market of the so-called "connected vehicles" has been considerably growing since 2015. According to a recent study by AlixPartners, 78 million of connected vehicles will be commercialized in 2018, generating a EUR40 billion turnover.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).