Proskauer on Privacy

Cecile Martin

Subscribe to all posts by Cecile Martin

New Privacy Developments in France

DataGuidance spoke with Cécile Martin, Special International Counsel at Proskauer Rose LLP, at the International Association of Privacy Professionals’ Conference in Brussels in November 2016. Cécile discussed the passing of the Digital Republic Bill and its implications for organizations, as well as the latest developments regarding employee monitoring in France and the upcoming changes with … Continue Reading

Privacy Pros Invited to Confront GDPR Application

Proskauer Counsel Cécile Martin was recently interviewed by DataGuidance’s “Privacy This Week” covering new guidance issued by the French data protection authority (‘CNIL’) on June 15, 2016. The guidance highlights the main changes in relation to the General Data Protection Regulation (‘GDPR’). On June 16, 2016, CNIL launched an online consultation regarding the interpretation and … Continue Reading

French Data Protection Wants to Force Google to Extend the Right To Be Delisted to All the Search Engine’s Extensions

Co-authored by Geoffrey Roche   On March 10, 2016, the French data protection agency (« CNIL ») pronounced a €100.000 ($111,715) fine against Google Inc. for failure to comply with its formal injunction of May, 2015 ordering the company to extend delisting to all the search engine’s extensions.… Continue Reading

A German DPA Questions the Validity of the Use of Consent and Model Contractual Clauses to Transfer Personal Data to the U.S., and its peers seem to agree

Just one week after the milestone decision rendered by the CJEU (http://curia.europa.eu/juris/celex.jsf?celex=62014CJ0362&lang1=fr&type=TXT&ancre) to invalidate the Safe Harbor program established 15 years ago between the U.S. and the EU to facilitate the transfer of personal data from the EU to the U.S., a German data protection authority (DPA) of the state of Schleswig-Holstein (one of the … Continue Reading

A German DPA Questions the Validity of the Use of Consent and Model Contractual Clauses to Transfer Personal Data to the U.S.

Just one week after the milestone decision rendered by the CJEU (http://curia.europa.eu/juris/celex.jsf?celex=62014CJ0362&lang1=fr&type=TXT&ancre) to invalidate the Safe Harbor program established 15 years ago between the U.S. and the EU to facilitate the transfer of personal data from the EU to the U.S., a German data protection authority (DPA) issued a position paper where it states that, … Continue Reading

From the Right to be Forgotten to the Right to an “e-Reputation’’: First Enforceability Ordered by French Court under Penalty

A few months after the European Court of Justice ruled on May 13, 2014 that search engines are considered personal data controllers under the EU Data Protection Directive of 1995 and, as such, should provide data subjects with a right to be forgotten, a French Tribunal enforced this principle in X & Y v. Google … Continue Reading

France Facilitates Implementation of Whistleblowing Systems

In France, before implementing a whistleblowing process, a company must inform and consult with its employees’ representatives, inform its employees and notify the French Data Protection Agency (CNIL). There are two possible ways to notify the CNIL of a whistleblowing system: request a formal authorization from the CNIL (this is quite burdensome and difficult to … Continue Reading

CNIL Cracks Down on Employee Video Monitoring and Password Strength

In a recent decision (deliberation CNIL May 30, 2013 n°2013-139), the French Data Protection Agency (CNIL) sanctioned a company for implementing a CCTV system without informing employees and because the CCTV enabled the constant monitoring of one employee making the recording disproportionate to the goal pursued.  The CNIL also sanctioned the company because it failed … Continue Reading

In France, Are Employers Entitled to Access Their Employees’ Personal Emails?

In France, the guiding principle is that emails received or sent by an employee through the employer’s company email account are considered “professional”, which means that the employer can access and read them.  However, French employers must be cautious before accessing their employees’ professional emails because they are not permitted to access emails that have … Continue Reading

Navigating the Patchwork: When Is European Data Privacy Law Applicable to US Companies?

Are social media companies based in the United States subject to European data privacy laws?  Two recent judicial decisions – one in France and the other in Germany – arrived at different answers.  The Civil Court of Paris held that Twitter, based in California, was obligated under the French Code of Civil Procedure to reveal … Continue Reading

5 Best Practices for Employers Addressing Social Media Use in the Workplace

For the second year in a row, Proskauer has conducted a global survey, “Social Media in the Workplace Around the World 2.0”, which addresses the use of social media in the work place. In 2012, Proskauer surveyed multinational businesses in 19 different countries (Argentina, Brazil, Canada, China, The Czech Republic, France, Germany, Hong-Kong, India, Ireland, … Continue Reading

Is data breach notification compulsory under French law?

On May 28th, the Commission nationale de l’informatique et des libertés (“CNIL”), the French  authority responsible for data privacy, published guidance on breach notification law affecting electronic communications service providers.   The guidance was issued with reference to European Directive 2002/58/EC, the e-Privacy Directive, which imposes specific breach notification requirements on electronic communication service providers. French legislator recently amended … Continue Reading

French employees should check their privacy settings before posting on social media platforms

It may seem obvious to a lay person that employees should refrain from insulting their companies on social media due to the threat of termination for cause; however, there are contradictory legal principles that apply to the use of social media by employees which can be used both for and against employees (i.e. freedom of speech, right to privacy, data protection laws, an employer's right to take disciplinary action, public insult offense, etc.) As a consequence, there is uncertainty as to whether an employer can use its employees' postings made on social media websites to sanction them. … Continue Reading

Filers Beware! Court of Appeal Rejects CNIL-approved Whistleblowing System

In a decision dated September 23, 2011, the Court of Appeal of Caen suspended the implementation of a whistleblowing system that had been previously authorized by the French Data Protection Agency (CNIL) because, in the court’s view, the system infringed on the individual and collective rights and liberties of the company’s employees.… Continue Reading

What’s new in Europe?

While the European Commission is seeking to update its 15-year-old Directive regarding the protection of personal data, several regulations have been passed to strengthen privacy rights in Europe. With all this activity, it's clear that the United States is not the only country trying to adapt its privacy and information security standards to rapidly evolving technologies and marketplaces. Companies with an international presence need to stay alert to stay compliant. We can help! … Continue Reading

French Data Protection Agency Restricts the Scope of the Whistleblowing Procedures: Multinational Companies Need to Make Sure They Are Compliant

By a decision dated October 14, 2010, and published on December 8, 2010, the French Data Protection Agency (known under the acronym CNIL) revised the deliberation that it issued on December 8, 2005. At that time, the CNIL had issued a deliberation to reach a compromise between the United States' Sarbanes-Oxley ("SOX") requirements and French law. According to Article 1 of that deliberation, companies were authorized to adopt whistleblowing systems implemented in response to French legislative mandates, regulatory internal control requirements (e.g. regulations governing banking institutions), or the whistleblowing requirements of the SOX Act. According to Article 3 of the 2005 deliberation, alleged wrongdoings not encompassed within these core areas may be covered by the whistleblowing system only if vital interests of the company or the physical or psychological integrity of its employees were threatened. … Continue Reading

French Data Protection Agency Issues Guidelines to Help Companies Strengthen the Security of their Data Processing

To assist companies to comply with European data protection laws, in particular those implemented in France, the French Data Protection Agency (known as "CNIL") recently issued a set of guidelines organized by topic which provide elementary precautions to be taken by data controllers in several subject areas, including what types of conduct are prohibited as well as the CNIL's recommendations in these areas. … Continue Reading

Opt Out Rejected by the EU Data Protection Authorities for Online Behavioral Advertising

In an opinion issued on June 22, 2010, the EU Data Protection Authorities (Article 29 Working Party) clarified the legal framework applicable to online behavioral advertising - an activity that is becoming a hot topic for discussion as its popularity grows. Among other things, the Article 29 Working Party clearly took the position that it is incumbent upon advertising network providers to "create prior opt-in mechanisms requiring an affirmative action by the users indicating their willingness to receive cookies and the subsequent monitoring of their surfing behavior for the purposes of serving tailored advertising." … Continue Reading

French Supreme Court Limits the Scope of the Whistleblowing Processes

The implementation of codes of conduct and whistleblowing systems is expanding at the international level. Global companies must pay attention to local law requirements when rolling out these codes in foreign countries, in order notably to comply with the rules and regulations provided by the local data protection authorities to govern data processing. A recent … Continue Reading

French Data Protection Agency Issues Recommendations Regarding Employees’ Personal Data that Companies in France May Collect To Minimize the Impact of Swine Flu on Business Continuity

In anticipation of the Swine Flu and the consequences that it may have upon the continuity of the business of companies, the French Data Protection Agency (known under the acronym "CNIL") recently issued recommendations regarding employers’ collection of employee data in connection with their swine flu business continuity programs. The French government has strongly recommended … Continue Reading

European Privacy Law And Social Networking

  With social networking sites proliferating across international boundaries, privacy and data protection concerns are becoming increasingly relevant. With these concerns in mind, the Article 29 Working Party, an independent European advisory body on data protection and privacy, adopted an opinion on online social networking on June 12, 2009. As noted by the Working Party, the … Continue Reading
LexBlog

This website uses third party cookies, over which we have no control. To deactivate the use of third party advertising cookies, you should alter the settings in your browser.

OK