Tag Archive: france

FRANCE: CNIL Reiterates Need for Common Position on Safe Harbor

By Jeanne Bossi Malafosse and Carol Umhoefer


Following an emergency meeting this morning, Oct. 7, the CNIL has published a statement summarizing the ECJ’s Oct. 6 decision in the Schrem case invalidating EU-US Safe Harbor, and reiterating the fact that the CNIL is discussing with the G29 data protection authorities a position that should be shared by all the Member States. The CNIL’s president, Isabelle Falque-Pierrotin, presides over the G29.

The CNIL has therefore remained silent on positions emerging from a few other Member State authorities supporting European Commission-approved standard contractual clauses as a stopgap measure in light of the ECJ’s invalidation of Safe Harbor.

For further information, please contact Jeanne.BossiMalafosse@dlapiper.com or Carol.Umhoefer@dlapiper.com.

Permanent link to this article: http://blogs.dlapiper.com/privacymatters/france-cnil-reiterates-need-for-common-position-on-safe-harbor/

FRANCE: CNIL to Hold Emergency Meeting on Oct. 7 Following ECJ Safe Harbor Decision

By Jeanne Bossi Malafosse and Carol Umhoefer

After the ECJ’s Oct. 6 decision invalidating the EU-US Safe Harbor, all the European data protection authorities are facing an unprecedented situation: What will be the legal basis for personal data transfers to the United States? How will transfers be authorized?

The Article 29 Working Party, presided by French data protection authority (CNIL) president Isabelle Falque-Pierrotin, is seeking to find a coordinated response among all EU Member States. European Commission representatives have asked the national data protection authorities to find a solution and not to revoke authorizations granted to date.

For its part, the CNIL will be holding in the morning of Oct. 7 a special emergency meeting. The CNIL may decide whether past transfer authorizations are still valid; whether authorization must henceforth be given to each transfer; and if BCRs are now the only solution. We will report on the meeting’s outcome as information becomes available.

Permanent link to this article: http://blogs.dlapiper.com/privacymatters/france-cnil-to-hold-emergency-meeting-on-oct-7-following-ecj-safe-harbor-decision/

FRANCE: CNIL to begin cookies enforcement in october

By Carol Umhoefer, Jeanne Dauzier & Mathilde Hallé

Starting in October 2014, the French Data Protection Authority (the “CNIL”), will monitor compliance with its Recommendation on the use of cookies and tracking technologies

The CNIL’s inspections will follow the “cookies sweep day” which is due to take place from September 15, to September 19, 2014 and during which Data Protection Authorities across the European Union will review how Internet users are notified of the use of cookies, and how their consent to such use is obtained.

The CNIL recently announced that, as from October 2014, it will verify compliance with its Recommendation on cookies and tracking technologies issued on December 5, 2013. Compliance checks will be conducted through on-site and online inspections.

The CNIL may review:

  • The types of cookies used by internet websites (e.g.: HTTP cookies, local shared object, finger printing techniques, etc.);
  • The purpose of the cookies: (i) whether website operators are aware of the purpose of all the cookies that are set or read from their websites (including first-party and third-party cookies), and (ii) whether cookies are set that have no purpose (e.g.: obsolete cookies).

Furthermore, in cases where the cookies’ purpose requires obtaining users’ prior consent, the CNIL will review:

  • How users’ consent is obtained;
  • The visibility, quality and simplicity of the information pertaining to the use of cookies;
  • The consequences of users’ refusal to consent to the use of cookies;
  • The possibility for users to withdraw their consent at any time;
  • Cookies’ lifespan and consent period (the CNIL recommends a maximum validity of 13 months).

The other statutory provisions pertaining to the use of cookies (e.g.: data security, sensitive data, etc.) may be subject to compliance checks as well. Depending on the inspections’ outcome, the CNIL may issue cease and desist letters and sanctions.

For further information, please contact Carol Umhoefer (carol.umhoefer@dlapiper.com), Jeanne Dauzier (jeanne.dauzier@dlapiper.com), or Mathilde Hallé (mathilde.halle@dlapiper.com).

Permanent link to this article: http://blogs.dlapiper.com/privacymatters/france-cnil-to-begin-cookies-enforcement-in-october/