Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Lionel de Souza

Posts by Lionel de Souza
Posted in International/EU Privacy

French Data Protection Authority Broadens the Scope of Its Whistleblowing Authorization

The French data protection authority has just published an amended version of its standard authorization for professional whistleblowing helplines which results in a significant broadening of its scope but also tightens the requirements for anonymous reporting. Under French data protection legislation, whistleblowing helplines are subject to prior authorization by the French data protection authority. Indeed, French data protection legislation require that processes which may result in the exclusion of a person from the benefit of a right or a contract are subject to prior authorization, as could be the case when resorting to a whistleblowing helpline (employees may incur sanctions and be terminated).

Posted in Consumer Privacy, International/EU Privacy

Article 29 Working Party Issues Guidance on Cookie Consent

On 14 October, the Article 29 Working Party of EU data protection commissioners published a Working Document providing guidance on obtaining consent for cookies, some eighteen months after the effective date of the so-called “cookie consent law” which required EU websites to obtain consent from Internet users before before placing cookies on their devices. The document analyses, to some extent, the practices more commonly used by website operators to obtain the required consent, and attempts to answer the question as to what measures would “be legally compliant for a website operating across all EU Member States.”

Posted in International/EU Privacy

Draft EU Data Protection Regulation Discussions Stall on One-Stop-Shop Issue

On 7 October 2013, the Ministries for Justice and Home Affairs of the 28 Member States of the European Union met in Luxembourg to further discuss the draft General Data Protection Regulation that is intended to replace the current European data protection framework, particularly debating the controversial “one-stop-shop” principle that would provide organization’s one lead regulator in Europe.

Posted in International/EU Privacy

French Associations Trigger Criminal Investigation over PRISM

In the wake of information disclosed by Edward Snowden regarding the U.S. National Security Agency’s and Federal Bureau of Investigation’s actions through the PRISM program, two French individual liberties defense associations have filed a motion to open a criminal investigation regarding these actions which contains, in addition to claims against U.S. law enforcement entities, allegations against U.S.-based companies that provide Internet services.

Posted in Consumer Privacy, International/EU Privacy

French Government Has Serious Reservations About the Draft EU Regulation, Putting its Adoption in Doubt

On June 11, the French Minister for Digital Economy indicated during questioning by a French Member of Parliament about the status of the draft data protection regulation that the Minister of Justice had rejected, during the meeting of the European Council held last week, the latest version of the draft regulation.

Posted in Consumer Privacy, International/EU Privacy

European Regulators State that Non-EU Mobile Apps Must Comply with EU Privacy Laws

The European Union’s Article 29 Data Protection Working Party (“WP29“), which consists of the 27 data protection authorities of the European Union Member States, has published its “Opinion on Apps in Smart Devices“, adopted on 27 February 2013 (the “Opinion“). Applicability of EU laws According to WP29, the 1995 Data Protection Directive applies to all […]

Posted in International/EU Privacy

Article 29 Working Party issues critical opinion of the Commission’s new proposed data protection framework

The Article 29 Working Party released on March 29, 2012 its opinion on the European Commission’s proposed new data protection Regulation and Directive (WP191 – Opinion 01/2012 on the data protection reform proposals). The Working Party expresses strong reservations about the proposed Directive on data processing for police and criminal justice matters, criticizing the Commission’s […]

Posted in International/EU Privacy

French Data Protection Authority launches public consultation on cloud computing

The French Data Protection Authority (the Commission Nationale de l’Informatique et des Libertés or CNIL) opened a public consultation on cloud computing, citing the growing significance of the cloud computing market: “already €6 billion at the European level, with a yearly growth of approximately 20%”. The CNIL is focusing on five areas: definition of cloud computing, role of the parties, applicable law, international transfers of data outside the European Union and data security. Public input into the issue is sought by the CNIL, as explained in this blog entry.

Posted in Employment Privacy, International/EU Privacy

French Court of Appeals reject company’s whistleblower system despite CNIL approval

A French Court of Appeals in Caen recently confirmed a lower court’s order for the suspension of a whistleblowing system implemented by French company Benoist Girard, a subsidiary of American group Stryker. The decision comes as a surprise as it rejects the approval of the whistleblower system by French data protection authority (the “CNIL”).