Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: France

Posted in Consumer Privacy, Cybersecurity & Data Breaches, International/EU Privacy

France Enacts Law to Facilitate Real-Time Collection of Metadata

France’s December 18, 2013 law on military spending contains two provisions that facilitate the collection of data by the French military and intelligence services. The first provision relates to the collection of passenger name records (PNRs) while the second, more controversial provision permits French intelligence and security agencies to collect metadata from telecom operators and hosting providers in real time.

Posted in International/EU Privacy

French Associations Trigger Criminal Investigation over PRISM

In the wake of information disclosed by Edward Snowden regarding the U.S. National Security Agency’s and Federal Bureau of Investigation’s actions through the PRISM program, two French individual liberties defense associations have filed a motion to open a criminal investigation regarding these actions which contains, in addition to claims against U.S. law enforcement entities, allegations against U.S.-based companies that provide Internet services.

Posted in Consumer Privacy, International/EU Privacy, Social Media

IAPP Piece Explores Jurisdictional Implications of French Court’s Privacy/Hate Speech Dilemma

On June 12, a French Court of Appeals upheld a decision ordering Twitter to divulge the identities of the authors of anti-Semitic tweets, which are illegal under French law. In a detailed analysis of the court’s order for the IAPP Privacy Perspectives blog, Winston Maxwell and Christopher Wolf describe how the order, issued directly by the French court to California-based Twitter, which does not have a French establishment, implicates jurisdictional issues and calls into question the use of anonymity as a privacy shield to post hate speech online.

Posted in Consumer Privacy, International/EU Privacy

French Government Has Serious Reservations About the Draft EU Regulation, Putting its Adoption in Doubt

On June 11, the French Minister for Digital Economy indicated during questioning by a French Member of Parliament about the status of the draft data protection regulation that the Minister of Justice had rejected, during the meeting of the European Council held last week, the latest version of the draft regulation.

Posted in Cybersecurity & Data Breaches, Health Privacy/HIPAA, International/EU Privacy

Journalist Uncovers Data Breaches at French Hospitals

A February 4, 2013 article published by the specialized healthcare news site “Actusoins” revealed data breaches at several French hospitals and clinics, demonstrating that such incidents can occur even in a highly-regulated jurisdiction. The journalist was researching another article, and entered the name of a physician into Google. The journalist was astonished to find at [...]

Posted in International/EU Privacy

French report recommends privacy tax

The French government released on January 18, 2013 a 200-page study prepared by Pierre Collin and Nicolas Colin proposing changes to international tax rules to take better account of value creation by digital firms. As a shorter term step, the report proposes that France create a tax that would affect all firms that create value [...]

Posted in Cybersecurity & Data Breaches, International/EU Privacy

French CNIL Publishes English Language Compliance Guides

France’s data protection authority, the Commission Nationale de l’Informatique et des Libertés (CNIL), released on November 14, 2012 English-language versions of its compliance guides for businesses. The first guide, “Methodology for Privacy Risk Management”, provides a step-by-step guide for identifying risks and prioritising remedial actions. The second guide, “Measures for the Privacy Risk Treatment“, provides practical guidance on [...]

Posted in International/EU Privacy

French Data Protection Authority launches public consultation on cloud computing

The French Data Protection Authority (the Commission Nationale de l’Informatique et des Libertés or CNIL) opened a public consultation on cloud computing, citing the growing significance of the cloud computing market: “already €6 billion at the European level, with a yearly growth of approximately 20%”. The CNIL is focusing on five areas: definition of cloud computing, role of the parties, applicable law, international transfers of data outside the European Union and data security. Public input into the issue is sought by the CNIL, as explained in this blog entry.

Posted in Employment Privacy, International/EU Privacy

French Court of Appeals reject company’s whistleblower system despite CNIL approval

A French Court of Appeals in Caen recently confirmed a lower court’s order for the suspension of a whistleblowing system implemented by French company Benoist Girard, a subsidiary of American group Stryker. The decision comes as a surprise as it rejects the approval of the whistleblower system by French data protection authority (the “CNIL”).

Posted in International/EU Privacy, News & Events

Upcoming EU Cloud Strategy Announced: Application of Local Privacy Laws Remain an Issue, To Be Explored at IAPP Navigate on September 14

An announcement came this week from EC Digital Agenda VP Neelie Kroes of an EU Cloud Strategy (described in this blog entry), for which the former US CIO Vivek Kundra will be an advisor, and it once again raises questions about the application of the EU Directive in the cloud. This is an issue that will be explored through a Moot Court problem at IAPP’s Navigate in Dallas on September 14, also described and shared in this entry.

Posted in International/EU Privacy

France Implements EU Requirements for Data Breach Notification, Audits and Cookies Applicable to Electronic Communications Service Providers

On August 26, 2011 France implemented new EU provisions on data breach notifications for electronic communications providers, as well as new provisions requiring prior consent for cookies. The French measure also gives the government power to order security audits for electronic communications providers.

Posted in International/EU Privacy

French Data Protection Authority Issues Recommendations in the Context of U.S. Discovery

On August 19, 2009, the French Official Journal published the French Data Protection Authority’s (‘CNIL’) long-awaited recommendations on the transfer of personal data for U.S. discovery purposes (‘Recommendations’, currently only available in French). The Recommendations were based at least in part on suggestions from a working group composed of representatives from all stakeholders, which was set up by the CNIL in 2008. The [...]