Cecile Martin

New Privacy Developments in France

By Cecile Martin on December 16, 2016 Posted in Data Privacy Laws, International

DataGuidance spoke with Cécile Martin, Special International Counsel at Proskauer Rose LLP, at the International Association of Privacy Professionals’ Conference in Brussels in November 2016. Cécile discussed the passing of the Digital Republic Bill and its implications for organizations, as well as the latest developments regarding employee monitoring in France and the upcoming changes with … Continue Reading

French Data Protection Wants to Force Google to Extend the Right To Be Delisted to All the Search Engine’s Extensions

By Cecile Martin on April 8, 2016 Posted in Data Privacy Laws, International, Online Privacy, Privacy Litigation, Right to be Forgotten

Co-authored by Geoffrey Roche On March 10, 2016, the French data protection agency (« CNIL ») pronounced a €100.000 ($111,715) fine against Google Inc. for failure to comply with its formal injunction of May, 2015 ordering the company to extend delisting to all the search engine’s extensions.… Continue Reading

A German DPA Questions the Validity of the Use of Consent and Model Contractual Clauses to Transfer Personal Data to the U.S., and its peers seem to agree

By Cecile Martin on October 20, 2015 Posted in Uncategorized

Just one week after the milestone decision rendered by the CJEU (http://curia.europa.eu/juris/celex.jsf?celex=62014CJ0362&lang1=fr&type=TXT&ancre) to invalidate the Safe Harbor program established 15 years ago between the U.S. and the EU to facilitate the transfer of personal data from the EU to the U.S., a German data protection authority (DPA) of the state of Schleswig-Holstein (one of the … Continue Reading

A German DPA Questions the Validity of the Use of Consent and Model Contractual Clauses to Transfer Personal Data to the U.S.

By Cecile Martin on October 16, 2015 Posted in Data Privacy Laws, European Union, International

Just one week after the milestone decision rendered by the CJEU (http://curia.europa.eu/juris/celex.jsf?celex=62014CJ0362&lang1=fr&type=TXT&ancre) to invalidate the Safe Harbor program established 15 years ago between the U.S. and the EU to facilitate the transfer of personal data from the EU to the U.S., a German data protection authority (DPA) issued a position paper where it states that, … Continue Reading

From the Right to be Forgotten to the Right to an “e-Reputation’’: First Enforceability Ordered by French Court under Penalty

By Cecile Martin on December 16, 2014 Posted in Data Privacy Laws, International, Online Privacy, Privacy Litigation

A few months after the European Court of Justice ruled on May 13, 2014 that search engines are considered personal data controllers under the EU Data Protection Directive of 1995 and, as such, should provide data subjects with a right to be forgotten, a French Tribunal enforced this principle in X & Y v. Google … Continue Reading

Toward the enforceability of the “right to be forgotten” in Europe

By Cecile Martin on September 24, 2014 Posted in Data Privacy Laws, European Union

The European Court of Justice, in a decision rendered on May 13, 2014, held that search engines are considered data controllers under the Directive of October 24, 1995 on data protection, and as such they must provide data subjects with a “right to be forgotten.”… Continue Reading

France Facilitates Implementation of Whistleblowing Systems

By Cecile Martin on July 1, 2014 Posted in Data Privacy Laws

In France, before implementing a whistleblowing process, a company must inform and consult with its employees’ representatives, inform its employees and notify the French Data Protection Agency (CNIL). There are two possible ways to notify the CNIL of a whistleblowing system: request a formal authorization from the CNIL (this is quite burdensome and difficult to … Continue Reading

CNIL Cracks Down on Employee Video Monitoring and Password Strength

By Cecile Martin on August 6, 2013 Posted in European Union, Workplace Privacy

In a recent decision (deliberation CNIL May 30, 2013 n°2013-139), the French Data Protection Agency (CNIL) sanctioned a company for implementing a CCTV system without informing employees and because the CCTV enabled the constant monitoring of one employee making the recording disproportionate to the goal pursued. The CNIL also sanctioned the company because it failed … Continue Reading

In France, Are Employers Entitled to Access Their Employees’ Personal Emails?

By Cecile Martin on July 24, 2013 Posted in Data Privacy Laws, Online Privacy, Workplace Privacy

In France, the guiding principle is that emails received or sent by an employee through the employer’s company email account are considered “professional”, which means that the employer can access and read them. However, French employers must be cautious before accessing their employees’ professional emails because they are not permitted to access emails that have … Continue Reading

Navigating the Patchwork: When Is European Data Privacy Law Applicable to US Companies?

By Cecile Martin on April 17, 2013 Posted in Data Privacy Laws, European Union, International, Online Privacy

Are social media companies based in the United States subject to European data privacy laws? Two recent judicial decisions – one in France and the other in Germany – arrived at different answers. The Civil Court of Paris held that Twitter, based in California, was obligated under the French Code of Civil Procedure to reveal … Continue Reading

Is data breach notification compulsory under French law?

By Cecile Martin on June 20, 2012 Posted in Data Breaches, Data Privacy Laws, Electronic Communications, European Union, Security Breach Notification Laws

On May 28th, the Commission nationale de l’informatique et des libertés (“CNIL”), the French authority responsible for data privacy, published guidance on breach notification law affecting electronic communications service providers. The guidance was issued with reference to European Directive 2002/58/EC, the e-Privacy Directive, which imposes specific breach notification requirements on electronic communication service providers. French legislator recently amended … Continue Reading

Filers Beware! Court of Appeal Rejects CNIL-approved Whistleblowing System

By Cecile Martin on October 27, 2011 Posted in Data Privacy Laws

In a decision dated September 23, 2011, the Court of Appeal of Caen suspended the implementation of a whistleblowing system that had been previously authorized by the French Data Protection Agency (CNIL) because, in the court’s view, the system infringed on the individual and collective rights and liberties of the company’s employees.… Continue Reading

What’s new in Europe?

By Cecile Martin on August 16, 2011 Posted in International

While the European Commission is seeking to update its 15-year-old Directive regarding the protection of personal data, several regulations have been passed to strengthen privacy rights in Europe. With all this activity, it's clear that the United States is not the only country trying to adapt its privacy and information security standards to rapidly evolving technologies and marketplaces. Companies with an international presence need to stay alert to stay compliant. We can help! … Continue Reading

French Data Protection Agency Restricts the Scope of the Whistleblowing Procedures: Multinational Companies Need to Make Sure They Are Compliant

By Cecile Martin on December 15, 2010 Posted in Data Privacy Laws

By a decision dated October 14, 2010, and published on December 8, 2010, the French Data Protection Agency (known under the acronym CNIL) revised the deliberation that it issued on December 8, 2005. At that time, the CNIL had issued a deliberation to reach a compromise between the United States' Sarbanes-Oxley ("SOX") requirements and French law. According to Article 1 of that deliberation, companies were authorized to adopt whistleblowing systems implemented in response to French legislative mandates, regulatory internal control requirements (e.g. regulations governing banking institutions), or the whistleblowing requirements of the SOX Act. According to Article 3 of the 2005 deliberation, alleged wrongdoings not encompassed within these core areas may be covered by the whistleblowing system only if vital interests of the company or the physical or psychological integrity of its employees were threatened. … Continue Reading

French Data Protection Agency Issues Guidelines to Help Companies Strengthen the Security of their Data Processing

By Cecile Martin on October 25, 2010 Posted in Data Privacy Laws

To assist companies to comply with European data protection laws, in particular those implemented in France, the French Data Protection Agency (known as "CNIL") recently issued a set of guidelines organized by topic which provide elementary precautions to be taken by data controllers in several subject areas, including what types of conduct are prohibited as well as the CNIL's recommendations in these areas. … Continue Reading

Opt Out Rejected by the EU Data Protection Authorities for Online Behavioral Advertising

By Cecile Martin on July 22, 2010 Posted in Online Privacy

In an opinion issued on June 22, 2010, the EU Data Protection Authorities (Article 29 Working Party) clarified the legal framework applicable to online behavioral advertising - an activity that is becoming a hot topic for discussion as its popularity grows. Among other things, the Article 29 Working Party clearly took the position that it is incumbent upon advertising network providers to "create prior opt-in mechanisms requiring an affirmative action by the users indicating their willingness to receive cookies and the subsequent monitoring of their surfing behavior for the purposes of serving tailored advertising." … Continue Reading

French Supreme Court Limits the Scope of the Whistleblowing Processes

By Cecile Martin on January 22, 2010 Posted in International

The implementation of codes of conduct and whistleblowing systems is expanding at the international level. Global companies must pay attention to local law requirements when rolling out these codes in foreign countries, in order notably to comply with the rules and regulations provided by the local data protection authorities to govern data processing. A recent … Continue Reading

French Employers Can Open Files Located on a Company-Issued Computer Provided That They Are Not Clearly Identified As Personal

By Cecile Martin on December 10, 2009 Posted in European Union

the French Supreme Court made clear that all files created by an employee on an employer's computer belong to the employer unless they are expressly identified as personal … Continue Reading

French Data Protection Agency Issues Recommendations Regarding Employees’ Personal Data that Companies in France May Collect To Minimize the Impact of Swine Flu on Business Continuity

By Cecile Martin on September 21, 2009 Posted in Data Privacy Laws

In anticipation of the Swine Flu and the consequences that it may have upon the continuity of the business of companies, the French Data Protection Agency (known under the acronym "CNIL") recently issued recommendations regarding employers’ collection of employee data in connection with their swine flu business continuity programs. The French government has strongly recommended … Continue Reading

European Privacy Law And Social Networking

By Cecile Martin on July 7, 2009 Posted in Data Privacy Laws

With social networking sites proliferating across international boundaries, privacy and data protection concerns are becoming increasingly relevant. With these concerns in mind, the Article 29 Working Party, an independent European advisory body on data protection and privacy, adopted an opinion on online social networking on June 12, 2009. As noted by the Working Party, the … Continue Reading

This website uses third party cookies, over which we have no control. To deactivate the use of third party advertising cookies, you should alter the settings in your browser.