In late March, the French Data Protection Authority, Commission Nationale de l’Informatique et des Libertés (“CNIL”) released a model regulation (the “Model Regulation”) governing the use of biometric access controls in the workplace. Unlike many items of personal information, biometric data (such as a person’s face or fingerprints) is unique and, if stolen or otherwise compromised, cannot be changed to avoid misuse. Under Article 9 of the GDPR, biometric data collected “for the purpose of uniquely identifying a natural person” is considered “sensitive” and warrants additional protections. The GDPR authorizes Member States to implement such additional protections. As such, the French Data Protection Act 78-17 of 6 January 1978, as amended, now provides that employers – whether public or private – wishing to use biometric access controls must comply with binding model regulations adopted by the CNIL, the first of which is the Model Regulation.
European Union
What Does Brexit Mean for Data Protection?
With less than a month to go until the UK is due to leave the EU (at 11pm GMT/12pm CET on 29 March 2019), there is still much uncertainty as to whether, and if so how, the UK will exit the EU (commonly dubbed “Brexit”). In light of this uncertainty we outline what will happen, and what should be considered, depending on how things play out especially given the important votes due to take place within the UK Parliament this week.
How Can Data Privacy Regulations Limit the Ability to Present Evidence in a Litigation?
The French Supreme Court sanctions a company for having produced complete employee pay slips in a litigation.
It is not news that the rules of evidence and data privacy laws may be conflicting. A recent decision of the French Supreme Court[1] illustrates this tension and highlights the need for litigators to take into account data privacy principles before producing evidence containing personal information.
Is Blockchain Technology Compatible with GDPR? French Data Protection Regulator Provides Guidance
Uncertainty regarding the compatibility of blockchain technology and the European Union’s General Data Protection Regulation (GDPR) has often been highlighted as a potential obstacle to the development and widespread implementation of blockchain systems involving personal data.
To address tensions between blockchain technology and the GDPR, Commission Nationale de l’Informatique et…
Blockchain, Personal Data and the GDPR Right to be Forgotten
…
GDPR FAQ’s for Fund Managers
The General Data Protection Regulation (GDPR) comes into force across the European Union (EU) on 25 May 2018. It will have an impact on EU fund managers and may have an impact on non-EU fund managers depending on their operations. Below are FAQs to help EU and non-EU fund managers…
What Employers Need to Know about Europe’s General Data Protection Regulation
Proskauer has released a white paper on “What Employers Need to Know about Europe’s General Data Protection Regulation.” As you may know, on April 14, 2016, the European Parliament approved the General Data Protection Regulation (“GDPR”), which will replace the EU’s current data privacy standard and begin to…
GDPR Compliance Update: Which Government Authorities Have Issued Official GDPR Guidance?
This post provides an update as to the current status of official GDPR-related guidance. With a little under a year remaining until the European Union’s General Data Protection Regulation (GDPR) becomes enforceable, companies are on the lookout for any interpretive guidance from EU or member state authorities that will help them focus their compliance efforts. The EU’s Article 29 Working Party (WP29) thus far has adopted guidelines relating to data portability, the identification of lead supervisory authorities, and the role of data protection officers, and has issued draft guidelines on data protection impact assessments (DPIAs, also known as “Privacy Impact Assessments”). Additionally, EU member states – led by Germany –are beginning to pass laws meant to complement the GDPR and legislate in areas the GDPR leaves to the member states. These laws also provide some clues as to how the GDPR will take effect on a country-by-country basis.