Speaking at a recent conference organized jointly by AmCham and EY on “the Internet of Things, Opportunities and Challenges for the Protection of Personal Data”, Sophie Nerbonne, Head of Compliance at the French data protection authority explained how the CNIL views the opportunities and risks raised by connected devices, focusing particularly on smart meters as a scheme that may apply to other devices.
Accountability has been described by the Article 29 Working Party as a way of “showing how responsibility is exercised and making this verifiable”. Accountability is far from being a new concept. It was introduced back in 1980 in the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. This entry is an excerpt from Hogan Lovells’ “Future-proofing privacy: A guide to preparing for the EU Data Protection Regulation.”
On 16 April 2015, the French data protection authority, the CNIL, published its annual report for 2014. The CNIL’s annual report is an opportunity for the authority to report on its activities over the previous year as well as set out its priorities for the coming year. Significantly, a number of new technologies such as connected cars and smart cities were included in the list of priorities that the CNIL will tackle in coming months.
On 24 March, the French data protection authority, the CNIL, announced that it will soon make easier the practical implementation of intra-group transfers of data from French entities to entities located outside the European Union where groups of companies have adopted Binding Corporate Rules (BCRs). BCRs are becoming increasingly popular among multinationals as a legal means for providing adequate protection to personal data which are transferred from the European Union to countries that are not considered to provide an adequate level of protection by the European Commission. In the CNIL’s view, the implementation of BCRs shows a strong commitment from multinational organisations to protect personal data. Indeed, the CNIL has been a champion of the emerging “BCR for processors” initiative which is also prompting interest from sophisticated processors who operate globally.
In a decision of 16 December, the French data protection authority (the “CNIL”) issued new recommendations with regards to the appropriate fashion in which businesses should implement the so-called “cookie consent law”.
On Monday, a European Parliament Inquiry established to investigate the recent U.S. National Security Agency surveillance revelations indicated that its final report would recommend suspension of the popular EU-U.S. Safe Harbor Framework.