Stéphanie Faber

Subscribe to all posts by Stéphanie Faber

Data Privacy – Commission changes existing decisions on standard contractual clauses and adequacy of third countries

In the aftermath of the Court of Justice of the European Union’s (“CJEU”) judgment invalidating Safe Harbor, on 16 December 2016 the European Commission published two decisions, changing its previous decisions on standard contractual clauses (“SCC”) and adequacy decisions on third countries. Arguably, the amendments have been made in order to minimise the risk of … Continue Reading

Weekly Data Privacy Alert – 28 November 2016

Please click here to read the latest data privacy alert from the Squire Patton Boggs Data Protection & Cybersecurity team. This week’s alert covers news from the UK, France and Germany. UK Investigatory Powers Act Given Royal Assent Information Commissioner’s Offce (ICO) Issues More Fines to Companies Sending Spam Texts France Class Action for Data Protection Newly … Continue Reading

Weekly Data Privacy Alert – 14 November 2016

Please click here to read the latest data privacy alert from the Squire Patton Boggs Data Protection & Cybersecurity team. This week’s alert covers news from the UK, Germany, France and the US. UK Investigatory Powers Bill One Step Closer to Royal Assent Gambling Websites Warned About Using Personal Data Germany Data Protection Authorities Examine Data Transfers … Continue Reading

Weekly Data Privacy Alert – 7 November 2016

Please click here to read the latest data privacy alert from the Squire Patton Boggs Data Protection & Cybersecurity team. This week’s alert covers news from  the EU, UK, Germany and France. EU EU Data Protection Supervisor (EDPS): More Needs to Be Done to Allow Individuals to Take Back Their Online Identity UK Nuisance Callers Face … Continue Reading

Weekly Data Privacy Alert – 24 October 2016

Please click here to read the latest data privacy alert from the Squire Patton Boggs Data Protection & Cybersecurity team. This week’s alert covers news from France and Germany. France French National Data Protection Authority (CNIL) Issues First Digital Safe Label French National Data Protection Authority (CNIL) Ordered to Put a Time Limit on the Publication … Continue Reading

European Commission Finds Privacy Shield “Adequate” But Uncertainty Remains

As we predicted  last week, the European Commission has moved swiftly to issue an adequacy decision that formally adopts an agreement finalized with the US Department of Commerce in June concerning arrangements to legitimize the transfer of EU personal data to the US. The much anticipated “EU-US Privacy Shield” arrangements will replace the Safe Harbor regime, … Continue Reading

Weekly Data Privacy Alert – 4 July 2016

Please click here to read the latest data privacy alert from the Squire Patton Boggs Data Protection & Cybersecurity team. This week’s alert covers news from: EU EU Council Agrees on New Measures Against Cybercrimes France The CNIL Opens a Period of Public Consultation on the GDPR The French State Council Rules on Rights to … Continue Reading

Weekly Data Privacy Alert – 27 June 2016

Please click here to read the latest data privacy alert from the Squire Patton Boggs Data Protection & Cybersecurity team. This week’s alert covers news from: EU EU and US Sign Umbrella Agreement France France Launches New Do-Not-Call List French Supreme Court Rules on Privacy Rules Germany Thüringen Data Protection Commissioner: Private Video Recordings Require … Continue Reading

Weekly Data Privacy Alert – 23 May 2016

Please click here to read the latest data privacy alert from the Squire Patton Boggs Data Protection & Cybersecurity team. This week’s alert covers news from: EU EU Council Adopts the Network and Information Security Directive The Court of Justice of the EU Advises that IP Addresses are Personal Data France The CNIL Publishes Blanket … Continue Reading

Weekly Data Privacy Alert – 17 May 2016

Please click here to read the latest data privacy alert from the Squire Patton Boggs Data Protection & Cybersecurity team. This week’s alert covers news from: EU New Rules Give Europol More Power to Fight Cybercrime France The CNIL Prioritises Its Topics of Investigation UK Nuisance Callers Face Tighter Controls Judicial Review into the Legality … Continue Reading

Beware! French companies must arrange a mediator for consumer disputes by the end of the year

Currently, French consumers must bring any claims they may have against French companies to court.  However, starting 31 December 2015, French companies that offer goods and services to consumers will now need to set up mechanisms to make available to their consumers, free of charge, recourse to mediation in case of a dispute arising from the poor performance … Continue Reading

French Data Protection Authority Given New Powers to Conduct Online Investigations

Recently, a new consumer law was passed in France that gave the French Data Protection Authority, the CNIL, expanded powers to perform online compliance inspections.  Previously, the CNIL’s powers of investigation were limited to on-site inspections, document reviews and hearings. The CNIL is now authorised to carry out remote investigations on the internet to identify breaches … Continue Reading

French Data Protection Authority Investigation Programme for 2014

The French Data Protection Authority, the CNIL, has published its annual investigation program for 2014. The CNIL anticipates carrying out a total of around 550 data breach investigations (350 on-site investigations and 200 online).  Priority topics will be: Data breach notification by electronic communications operators Online social dating networks Online payment (particularly the fight against fraud … Continue Reading

Update on sanctions imposed by the French Data Protection Authority

Following an investigation, the French Data Protection Authority, the CNIL, has imposed a significant fine for data protection breaches on a luxury car rental company.  The fine of €5000 was imposed for use of an unlawful GPS tracking system on rented cars.  The CNIL found the fine justified because, amongst other things, the tracking system … Continue Reading

Annual Activity Report Published By The French Data Protection Authority

The French Data Protection Authority, the CNIL, recently published its annual report reviewing its activities during 2013 and setting out its priorities for 2014.  The report shows that, during 2013: The number of complaints made to the CNIL fell overall to 5,640. Most of these related to requests to erase internet data;. 15 data security … Continue Reading

European Union: Suppliers who “direct their commercial activities” to a foreign jurisdiction risk being sued there

Businesses that trade online should be aware of the implications of a recent judgment of Europe’s highest court, the Court of Justice of the European Union (CJEU).  The upshot of the judgment is that, in the event of a dispute, a supplier may be sued by a consumer in the consumer’s home courts.  This has … Continue Reading

New CNIL guidance on cookie use

On 5 December 2013, the French data protection authority, the CNIL, published new guidance (with supporting user-friendly factsheets) on the use of cookies by businesses operating in France.  The guidance updates the CNIL’s informal recommendations on the use of tracing technologies first published at the end of 2011.   All businesses using cookies must familiarise themselves … Continue Reading

New French data access law will increase the burden on telecommunications providers and ISPs

On 18 December 2013, a new law came into force in France giving the intelligence services increased access to data on telephone calls made by French citizens, for the purposes of preventing terrorism and organised crime.  The new law has privacy implications for individuals and will mean that telecommunications companies and internet service providers operating … Continue Reading

The management of card payment information in long distance-selling in France

On 14 November 2013, the CNIL (in decision n° 2013-358) replaced its previous decision of June 2003 on data processing in relation to card payments for online traders engaged in distance selling of goods and services.  The intent of this decision was to provide “concrete answers to the various stakeholders, taking into account the evolution of … Continue Reading
LexBlog