On April 30, 2020, the French data protection authority, the CNIL, published a guidance surrounding considerations behind what it calls “commercial prospecting,” meaning scraping publicly available website data to obtain individuals’ contact info for purposes of selling such data to third parties for direct marketing purposes.  The guidance is significant in two respects.  First, it speaks to the CNIL’s view of this activity in the context of the GDPR and privacy concerns.  Second, beyond the context of direct marketing related privacy issues, the guidance lays out some guiding principles for companies that conduct screen scraping activities or hire outside vendors to collect and package such data.

DataGuidance spoke with Cécile Martin, Special International Counsel at Proskauer Rose LLP, at the International Association of Privacy Professionals’ Conference in Brussels in November 2016. Cécile discussed the passing of the Digital Republic Bill and its implications for organizations, as well as the latest developments regarding employee monitoring in France and the upcoming changes with the GDPR.

Proskauer Counsel Cécile Martin was recently interviewed by DataGuidance’s “Privacy This Week” covering new guidance issued by the French data protection authority (‘CNIL’) on June 15, 2016. The guidance highlights the main changes in relation to the General Data Protection Regulation (‘GDPR’). On June 16, 2016, CNIL launched an online

Co-authored by Geoffrey Roche

On March 10, 2016, the French data protection agency (« CNIL ») pronounced a €100.000 ($111,715) fine against Google Inc. for failure to comply with its formal injunction of May, 2015 ordering the company to extend delisting to all the search engine’s extensions.

According to the French Data Protection Authority’s (“CNIL”) recently issued activity report for 2013, the CNIL was especially busy in 2013. The main topics addressed by the CNIL in 2013 were the creation of a national consumer credit database, the right to be forgotten, the right to refuse cookies, the proposed EU Regulation, and, of course, the revelations concerning the U.S. Prism program and the surveillance of European citizens’ personal data by foreign entities. The report also presents the main issues that the CNIL will tackle in 2014. Such issues include privacy in relation to open data, as well as in relation to new health monitoring apps or quantified self apps. The CNIL will also deal with “digital death” and more specifically, on how to deal with the social network profiles of deceased persons.

In France, before implementing a whistleblowing process, a company must inform and consult with its employees’ representatives, inform its employees and notify the French Data Protection Agency (CNIL).

There are two possible ways to notify the CNIL of a whistleblowing system:

  1. request a formal authorization from the CNIL (this is quite burdensome and difficult to obtain), or
  2. opt for the standard whistleblowing authorization (AU-004).

In a recent decision (deliberation CNIL May 30, 2013 n°2013-139), the French Data Protection Agency (CNIL) sanctioned a company for implementing a CCTV system without informing employees and because the CCTV enabled the constant monitoring of one employee making the recording disproportionate to the goal pursued.  The CNIL also sanctioned the company because it failed to implement an adequate level of security of the data housed on its systems.

The French Data Protection Authority (“CNIL”) has recently issued its activity report for 2011. It provides us with some interesting data and allows us to reflect on the ever-growing importance of privacy and data protection in France. Video-surveillance, the right to be forgotten on the Internet, data breaches and abusive data collection by companies were the key highlights of 2011 and have remained dominant issues in 2012.