The French Data Protection Authority ("CNIL") has
recently issued its activity report for 2011 (http://www.cnil.fr/fileadmin/documents/en/Cnil-RA2011-EN/index.html.)
It provides us with some interesting data and allows us to reflect
on the ever-growing importance of privacy and data protection in
France. Video-surveillance, the right to be forgotten on the
Internet, data breaches and abusive data collection by companies
were the key highlights of 2011 and have remained dominant issues
159 persons: the workforce of the CNIL. The
staff doubled over the last seven years, demonstrating the
increasing workload of the CNIL, and this growth seems to have
continued in 2012. This is not surprising as the CNIL has been
entrusted with two new missions. First, it now has competence to
oversee all video-surveillance systems (CCTV) installed on streets
and highways. Second, the CNIL is now competent to oversee the
notifications of data breaches. Indeed, data controllers in the
telecommunication industry have, since 2011, the obligation to
report data breaches to the CNIL.
138,979 phone calls:answered by the information
service of the CNIL. Formalities (i.e. required filings with
the CNIL) also increased with more than 82,000 notifications of
data processing (data controllers in France are required to notify
the CNIL prior to conducting any data processing.)
5,738 complaints: complaints to the CNIL grew
significantly from 2010 to 2011. The CNIL attributes this increase
both to its new on-line complaint section available on its website
(26% of the complainants are filed on-line), and to the growing
interest of individuals in the protection of their personal data.
In particular, complaints relating to the "right to be
forgotten" on the Internet (i.e., requests for deletion of
content) increased by 42% and complaints relating to
video-surveillance increased by 30%.
385 audits: the CNIL carried out 25% more
audits in 2011 than in 2010 in order to verify the compliance of
public and private companies with the data protection law. The CNIL
focused its audits on four sectors: 1) security of health data
(audits were conducted in health care establishments, health data
providers, etc.), 2)debt collection agencies and private
investigators, 3) companies that transfer data outside of the
European Union, and finally, 4) companies handling consumer data,
primarily e-commerce websites.
19 decisions with sanctions: this includes 13
warnings and only 5 financial penalties. Generally the CNIL uses
its power to impose sanctions with great prudence. In addition, 65
formal notices to comply were issued.
100 000 euros: this is the largest penalty
imposed in 2011. Google was fined 100 000 euros on March 17,
2011 for abusive data collection by "Google cars" that
were collecting data from wireless networks for its Street View
service. The Google cars collected and recorded not only
photographs, but also data transmitted by nearby wireless
11, 600 Twitter followers: the CNIL has 3223
The Article 29 Working Party, an advisory body composed of representatives of the European Commission, the EU data protection supervisor and the data protection authorities of all EU Member States, has recently issued Opinion 03/2013 on Purpose Limitation.
The date of the first binding vote by the Civil Liberties, Justice and Home Affairs Committee (LIBE) on the proposed General Data Protection Regulation (Regulation), which was initially planned for April-May 2013, has been postponed a second time.
Sam Allardyce recounted a humorous tale which re-enforced how important it is to have the right facts and figures at your disposal, and the importance of controls in establishing a trustworthy dataset.
The Article 29 Working Party, the independent advisory body set up to make recommendations on all matters relating to the processing of personal data within the EU, has recently published an Opinion on the Principle of Purpose Limitation.
The UK’s data protection watchdog, Information Commissioner’s Office, joins the global initiative for improving website privacy policies organised by the Global Privacy Enforcement Network.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”