Since the GDPR entered into force in May 2018, multiple decisions were issued by the CNIL according to the ancient law. Their analysis put into bright that the most frequent breaches are about: the legality of the personal data processing (data that are not minimized, purpose diversion, lack of consent of the data subject), the …
What learning can we get from the first CNIL’s formal notices under the GDPR? Read More »
Facts: Potential security breach detected and quickly corrected, potentially resulting in data breaches of possibly more than 2 million potential victims (name; billing postcode, phone number, email address, account number and type of account, no payment data). Notification though a press release. Charlotte Urman
Co-responsibility of a religious community (Jehovah’s witnesses) and its preaching member: preaching by door-to-door is not an exclusively personal and domestic activity of each preacher, which would allow them to escape from the regulation, since it goes beyond their private sphere. The joint responsibility does not necessarily presuppose that each actor has access to personal …
10/07/2018 CJUE- The data protection regulation applies to religious communities Read More »
Following the CNIL’s formal notice, the answers provided by Genesis and the subsequent controls from the CNIL, allowed to verify that the voice recognition, necessary for the toys to respond to the questions asked by the children, is no longer used. The discussions with the toys are no longer transferred to the servers of a …
17/07/2018- CNIL – Closing of the formal notice against Genesis Industries Limited Read More »
The CNIL’s controls in 2018 will follow the same lines as before, with investigations based on complaints and reports sent to the CNIL, verifications carried out following closures, formal notices or sanctions, missions carried out on the basis of current topics and the annual program of controls on the specific themes selected. For 2018, it …
02/07/2018 CNIL press release – What controls for 2018? Read More »
After 8 years of work and inspired by the 1995 European Directive, the 1st Brazilian law on the protection of personal data (LGPD) will come into force. It creates and standardizes a comprehensive system of protection with 10 legal bases to justify the processing of personal data (including consent), enhanced protection for so-called sensitive data …
01/07/2018- International/ Brazil – the LGPD should come into force within 18 months. Read More »
The pitfalls quite easy to avoid and yet most often encountered concerning the security of the web sites are in particular: an authentication by a password too flexible, the absence of authentication rules to an account (the only incremental URL enough to access), the lack of encrypted data, the indexing of data in a search …
28/06/2018 CNIL press release- The most common negligence in the security of websites. Read More »
Facts: Notification sent to the CNIL, which carries out an online check and warns the ADEF of a personal data breach (modification of the path of the URL displayed in the browser allowed access to documents registered by other applicants: taxi notices, passports, identity cards, residence permits, pay slips, CAF payment certificates, NIR, IBAN, etc. …
21/06/2018 CNIL- Sanction for the association for the development of fireplaces : 75K€. Read More »
Update of certain provisions regarding the Data Protection Regulation, exercise of the national maneuvers foreseen in the Data Protection Regulation (eg age of numerical majority) and transposition of the Directive 2016/680 “Police Justice”. According to the CNIL, an order for a complete rewriting of the law “Data processing and liberty” is planned within a period …
21/06/2018 – Promulgation of Law No. 2018-493 of June 20, 2018 amending the LIL. Read More »
