Subscribe to all posts by Cecile Martin
DataGuidance spoke with Cécile Martin, Special International Counsel at Proskauer Rose LLP, at the International Association of Privacy Professionals’ Conference in Brussels in November 2016. Cécile discussed the passing of the Digital Republic Bill and its implications for organizations, as well as the latest developments regarding employee monitoring in France and the upcoming changes with … Continue Reading
Proskauer Counsel Cécile Martin was recently interviewed by DataGuidance’s “Privacy This Week” covering new guidance issued by the French data protection authority (‘CNIL’) on June 15, 2016. The guidance highlights the main changes in relation to the General Data Protection Regulation (‘GDPR’). On June 16, 2016, CNIL launched an online consultation regarding the interpretation and … Continue Reading
Co-authored by Geoffrey Roche On March 10, 2016, the French data protection agency (« CNIL ») pronounced a €100.000 ($111,715) fine against Google Inc. for failure to comply with its formal injunction of May, 2015 ordering the company to extend delisting to all the search engine’s extensions.… Continue Reading
Just one week after the milestone decision rendered by the CJEU (http://curia.europa.eu/juris/celex.jsf?celex=62014CJ0362&lang1=fr&type=TXT&ancre) to invalidate the Safe Harbor program established 15 years ago between the U.S. and the EU to facilitate the transfer of personal data from the EU to the U.S., a German data protection authority (DPA) of the state of Schleswig-Holstein (one of the … Continue Reading
Just one week after the milestone decision rendered by the CJEU (http://curia.europa.eu/juris/celex.jsf?celex=62014CJ0362&lang1=fr&type=TXT&ancre) to invalidate the Safe Harbor program established 15 years ago between the U.S. and the EU to facilitate the transfer of personal data from the EU to the U.S., a German data protection authority (DPA) issued a position paper where it states that, … Continue Reading
A few months after the European Court of Justice ruled on May 13, 2014 that search engines are considered personal data controllers under the EU Data Protection Directive of 1995 and, as such, should provide data subjects with a right to be forgotten, a French Tribunal enforced this principle in X & Y v. Google … Continue Reading
The European Court of Justice, in a decision rendered on May 13, 2014, held that search engines are considered data controllers under the Directive of October 24, 1995 on data protection, and as such they must provide data subjects with a “right to be forgotten.”… Continue Reading
In France, before implementing a whistleblowing process, a company must inform and consult with its employees’ representatives, inform its employees and notify the French Data Protection Agency (CNIL). There are two possible ways to notify the CNIL of a whistleblowing system: request a formal authorization from the CNIL (this is quite burdensome and difficult to … Continue Reading
In a recent decision (deliberation CNIL May 30, 2013 n°2013-139), the French Data Protection Agency (CNIL) sanctioned a company for implementing a CCTV system without informing employees and because the CCTV enabled the constant monitoring of one employee making the recording disproportionate to the goal pursued. The CNIL also sanctioned the company because it failed … Continue Reading
In France, the guiding principle is that emails received or sent by an employee through the employer’s company email account are considered “professional”, which means that the employer can access and read them. However, French employers must be cautious before accessing their employees’ professional emails because they are not permitted to access emails that have … Continue Reading
Are social media companies based in the United States subject to European data privacy laws? Two recent judicial decisions – one in France and the other in Germany – arrived at different answers. The Civil Court of Paris held that Twitter, based in California, was obligated under the French Code of Civil Procedure to reveal … Continue Reading
For the second year in a row, Proskauer has conducted a global survey, “Social Media in the Workplace Around the World 2.0”, which addresses the use of social media in the work place. In 2012, Proskauer surveyed multinational businesses in 19 different countries (Argentina, Brazil, Canada, China, The Czech Republic, France, Germany, Hong-Kong, India, Ireland, … Continue Reading
Concurrent with the European Commission’s recent release of a new strategy to “unleash the potential of cloud computing in Europe,” the French Data Protection Agency (CNIL) issued 7 recommendations to assist companies to comply with French law when using cloud computing services.… Continue Reading
On May 28th, the Commission nationale de l’informatique et des libertés (“CNIL”), the French authority responsible for data privacy, published guidance on breach notification law affecting electronic communications service providers. The guidance was issued with reference to European Directive 2002/58/EC, the e-Privacy Directive, which imposes specific breach notification requirements on electronic communication service providers. French legislator recently amended … Continue Reading
It may seem obvious to a lay person that employees should refrain from insulting their companies on social media due to the threat of termination for cause; however, there are contradictory legal principles that apply to the use of social media by employees which can be used both for and against employees (i.e. freedom of speech, right to privacy, data protection laws, an employer's right to take disciplinary action, public insult offense, etc.) As a consequence, there is uncertainty as to whether an employer can use its employees' postings made on social media websites to sanction them.
… Continue Reading
In a decision dated September 23, 2011, the Court of Appeal of Caen suspended the implementation of a whistleblowing system that had been previously authorized by the French Data Protection Agency (CNIL) because, in the court’s view, the system infringed on the individual and collective rights and liberties of the company’s employees.… Continue Reading
While the European Commission is seeking to update its 15-year-old Directive regarding the protection of personal data, several regulations have been passed to strengthen privacy rights in Europe. With all this activity, it's clear that the United States is not the only country trying to adapt its privacy and information security standards to rapidly evolving technologies and marketplaces. Companies with an international presence need to stay alert to stay compliant. We can help!
… Continue Reading
By a decision dated October 14, 2010, and published on December 8, 2010, the French Data Protection Agency (known under the acronym CNIL) revised the deliberation that it issued on December 8, 2005.
At that time, the CNIL had issued a deliberation to reach a compromise between the United States' Sarbanes-Oxley ("SOX") requirements and French law. According to Article 1 of that deliberation, companies were authorized to adopt whistleblowing systems implemented in response to French legislative mandates, regulatory internal control requirements (e.g. regulations governing banking institutions), or the whistleblowing requirements of the SOX Act. According to Article 3 of the 2005 deliberation, alleged wrongdoings not encompassed within these core areas may be covered by the whistleblowing system only if vital interests of the company or the physical or psychological integrity of its employees were threatened.
… Continue Reading
To assist companies to comply with European data protection laws, in particular those implemented in France, the French Data Protection Agency (known as "CNIL") recently issued a set of guidelines organized by topic which provide elementary precautions to be taken by data controllers in several subject areas, including what types of conduct are prohibited as well as the CNIL's recommendations in these areas.
… Continue Reading
In an opinion issued on June 22, 2010, the EU Data Protection Authorities (Article 29 Working Party) clarified the legal framework applicable to online behavioral advertising - an activity that is becoming a hot topic for discussion as its popularity grows. Among other things, the Article 29 Working Party clearly took the position that it is incumbent upon advertising network providers to "create prior opt-in mechanisms requiring an affirmative action by the users indicating their willingness to receive cookies and the subsequent monitoring of their surfing behavior for the purposes of serving tailored advertising."
… Continue Reading
The implementation of codes of conduct and whistleblowing systems is expanding at the international level. Global companies must pay attention to local law requirements when rolling out these codes in foreign countries, in order notably to comply with the rules and regulations provided by the local data protection authorities to govern data processing. A recent … Continue Reading
the French Supreme Court made clear that all files created by an employee on an employer's computer belong to the employer unless they are expressly identified as personal
… Continue Reading
In anticipation of the Swine Flu and the consequences that it may have upon the continuity of the business of companies, the French Data Protection Agency (known under the acronym "CNIL") recently issued recommendations regarding employers’ collection of employee data in connection with their swine flu business continuity programs. The French government has strongly recommended … Continue Reading
With social networking sites proliferating across international boundaries, privacy and data protection concerns are becoming increasingly relevant. With these concerns in mind, the Article 29 Working Party, an independent European advisory body on data protection and privacy, adopted an opinion on online social networking on June 12, 2009. As noted by the Working Party, the … Continue Reading