Personal data

The French Data Protection Authority has served a formal notice on EDF and Engie for non-compliance with some of the requirements for obtaining consent in relation to the collection of consumption data from Linky smart meters, as well as for an excessive retention period of such consumption data.

Both companies have three months to comply.

As part of its action plan on targeted advertisement, the French Data Protection Authority (Commission Nationale de l’Informatique et des Libertés or “CNIL”) is proposing a consultation on a draft recommendation on practical procedures for collecting Internet user consent for the use of online trackers.

Following the guidelines recalling the legal provisions that govern the use of cookies and other trackers adopted on July 4, 2019, the CNIL conducted a consultation during the fall of 2019, in order to prepare a draft recommendation proposing operational procedures for obtaining consent. This draft is now subject to public consultation until February 25, 2020. At the end of this period, a final version of the recommendation will be presented for final adoption.

Very regularly called by a home insulation company, a person who had asked the operator to stop calling and exercised her right to object decided to lodge a complaint with the French data Protection Authority.

The French Data Protection Authority (Commission nationale de l’informatique et des libertés or “CNIL”) receives many individual and collective complaints (La Quadrature du Net, Privacy International, NOYB) relating to online marketing. In 2018, 21% of the complaints were related to marketing in the broad sense. Meanwhile, online marketing professionals and their representatives are seeking to better understand their obligations under the General Data Protection Regulation. Pending the adoption of the forthcoming ePrivacy Regulation, the CNIL has released new guidelines.

On April 15, the Commission Nationale de l’Informatique et des Libertés (French Data Protection authority, hereinafter the “CNIL”) presented its 2018 activity report, i.e. the assessment that it draws from its activities during the year 2018 which has been marked by the application of the General Data Protection Regulation and the new French Data Protection Act.
From the CNIL’s assessment and the decisions it took in 2018, we can learn lessons to prevent the risks incurred when processing personal data.

In the wake of the lengthy judgment by which it had ordered Twitter to amend almost all the clauses contained in its contractual documentation intended for French users – which we commented in an article entitled Unfair terms and personal data: Twitter sentenced by a French court – the Paris Court of First Instance ruled […]