You are here: Home / Archives for French

French Data Protection Authority Launches Public Consultation on Cloud Computing : : Privacy and Information Security Law Blog

October 18, 2011 By Leave a Comment

On October 17, 2011, the French Data Protection Authority (the “CNIL”) launched a public consultation on cloud computing (the “Consultation”). The Consultation seeks to gather opinions from stakeholders (clients, providers, consultants) regarding cloud computing services for businesses, to identify legal and technical solutions that address data protection concerns while taking into account the economic interests involved.

  • The Consultation addresses several specific topics about personal data protection in the cloud computing context, including:
  • The definition of cloud computing
  • Cloud computing providers as data processors
  • Applicable law (i.e., what law applies to cloud computing stakeholders?)
  • Regulation of data transfers (e.g., what legal instruments are best suited to regulate cloud computing? Would binding corporate rules for data processors be an appropriate legal mechanism for transferring personal data to cloud computing service providers?)
  • Data security (e.g., cloud-specific risks and proposed security measures)

via French Data Protection Authority Launches Public Consultation on Cloud Computing : : Privacy and Information Security Law Blog.

Filed Under: From The News Tagged With: , , , , , , , , ,

Sarkozy enlists tech A-list for Web forum – The China Post

May 23, 2011 By Leave a Comment

When the Internet world’s titans alight in Paris next week for a two-day forum hosted by French President Nicolas Sarkozy, two often clashing views on the digital world will be on display.

 

One, typically espoused by new companies like Google Inc. or Amazon.com Inc challenging the status quo, favors a hands-off regulatory approach and favorable tax and labor rules to ensure the Internet remains a key growth engine.

The other, more common in Europe, tends to be more concerned about the excesses of the Internet and has been more willing to impose regulation on everything from privacy to copyright issues to protect entrenched interests.

“The future of the Internet is being decided by businesses that are just trying to protect themselves from the potential of the Internet,” says Stanford Professor Lawrence Lessig, a campaigner for less regulation in fields like copyright.

“These tend to be the businesses with the most political influence,” adds Lessig, who will join Facebook’s Mark Zuckerberg, Google’s Eric Schmidt, News Corp’s Rupert Murdoch and a host of other technology leaders in Paris.

The United States, with its flourishing Internet hub in Silicon Valley, is the envy of many entrepreneurs in Europe who feel hampered by a lack of angel investors, unhelpful regulation in areas like stock options — and a lack of like-minded people.

via Sarkozy enlists tech A-list for Web forum – The China Post.

Filed Under: Tech Bytes Tagged With: , , , , , , , , ,

On the Way to Fair Balance, the French Approach to Patent Litigation – The Latest Legal Features, Research and Legal Profiles – Who’s Who Legal

May 16, 2011 By Leave a Comment

Isabelle Romet and Pierre Véron from Véron & Associés provide an interesting insight into recent developments that have affected the way Patent litigation is done in France.

Isabelle Romet and Pierre Véron

The desire to achieve a fair balance between patentees and the public domain, the increasing number of international exchanges between European judges and the pressure created by forum shopping are only some of the numerous factors stimulating legislators, judges and lawyers to improve the quality and efficiency of patent litigation in their jurisdictions. Those who were familiar with French patent litigation only before 2007 will be surprised by the significant evolutions and new practices adopted in subsequent years by French judges, who seek an efficient and reasonable approach, as shown by the results of a statistical study performed by the law firm Véron & Associés on the patent decisions issued by Paris judges over the period of 2000 to 2009.

Paris, Capital of French Patent Litigation

Since 1 November 2009, the court of Paris, both in first instance and in appeal, has exclusive jurisdiction over patent cases, including for the grant of orders authorising the hundreds of seizures performed every year. In the first instance, all the patent cases are handled by the third chamber of the Tribunal de grande instance of Paris, which comprises four panels (sections) composed of three judges each and which handle only intellectual property cases (patents, trademarks, designs and copyright). In appeal, patent cases are handled by two panels, each made up of three judges specialising in intellectual property.

This concentration of patent litigation is praised by all practitioners. It enhances the quality of patent case law since all decisions are issued by specialist judges. It increases legal security since it is no longer possible for a plaintiff to choose a court with less experienced judges for a weak case. It also simplifies patent litigation by avoiding collecting evidence specifically intended to justify the jurisdiction of the most experienced court.

via On the Way to Fair Balance, the French Approach to Patent Litigation – The Latest Legal Features, Research and Legal Profiles – Who’s Who Legal.

Filed Under: From The News Tagged With: , , , , , , , , ,

French National Assembly Votes on Amendments to Data Protection Act : Privacy & Information Security Law Blog

January 18, 2011 By Leave a Comment

On January 13, 2011, a Bill (Projet de loi organique relatif au Défenseur des droits) containing several amendments to the French Data Protection Act was preliminarily adopted by the French National Assembly.  If enacted, the Bill would amend several key provisions of the French Data Protection Act, including revisions regarding the powers of the French Data Protection Authority (the “CNIL”), and the role of Chairman of the CNIL.  The amendments are summarized below.

Sanction Authority.  The Bill increases the deterrent effect of the CNIL’s sanctions by explicitly authorizing the CNIL to publish the sanctions it imposes on data controllers.  In addition, the procedure for sanctioning violators would require the Chairman of the CNIL to notify data controllers who breach the law prior to sanctioning them.

Investigatory Powers.  On November 6, 2009, and July 7, 2010, the French State Council (Conseil d’État) annulled several of the CNIL’s sanctions on the grounds that the CNIL’s on-site investigations violated Article 8 of the Council of Europe’s Convention for the Protection of Human Rights and Fundamental Freedoms (i.e., the right to respect for private and family life).  The State Council ruled that data controllers must be given advance notice of their right to object to an on-site inspection by the CNIL.  The State Council also ruled that the CNIL may not conduct surprise inspections without notifying the data controller or obtaining the prior approval of a judge.

Further to these rulings, the Bill adds a new provision to the Data Protection Act which would require the CNIL to obtain a court order to conduct an on-site inspection if the relevant data controller objects to such inspection.  However, under exigent circumstances (if, for example, there is risk that the data controller might destroy or conceal evidence), a judge may authorize a surprise inspection without advance notice to the data controller.

via French National Assembly Votes on Amendments to Data Protection Act : Privacy & Information Security Law Blog.

Filed Under: From The News Tagged With: , , , ,

French Data Protection Agency Restricts the Scope of the Whistleblowing Procedures: Multinational Companies Need to Make Sure They Are Compliant : Privacy Law Blog

December 16, 2010 By Leave a Comment

By a decision dated October 14, 2010, and published on December 8, 2010, the French Data Protection Agency (known under the acronym CNIL) revised the deliberation that it issued on December 8, 2005.

At that time, the CNIL had issued a deliberation to reach a compromise between the United States’ Sarbanes-Oxley (“SOX”) requirements and French law.  According to Article 1 of that deliberation, companies were authorized to adopt whistleblowing systems implemented in response to French legislative mandates, regulatory internal control requirements (e.g. regulations governing banking institutions), or the whistleblowing requirements of the SOX Act.  According to Article 3 of the 2005 deliberation, alleged wrongdoings not encompassed within these core areas may be covered by the whistleblowing system only if vital interests of the company or the physical or psychological integrity of its employees were threatened.

The French Supreme Court addressed the scope of the CNIL’s deliberation in a decision dated December 8, 2009. In that decision, the French Supreme Court was asked to consider the validity of a corporate Code of Conduct that had been implemented by a listed company (Dassault Systèmes) in order to comply with the SOX Act. The French Supreme Court found that the scope of Dassault’s code of conduct was too broad, in that it invited employees to report violations relating to more than just finance, accounting and anti-corruption matters, but also intellectual property rights, confidentiality, conflict of interest, discrimination, and sexual or psychological harassment. In the eyes of the Court, the Dassault code of conduct’s whistleblowing system was invalid because it permitted whistleblowers to report violations other than those enumerated under Article 1 of the CNIL deliberation.

While companies were already required to obtain approval from CNIL for whistleblowing systems that exceeded the scope of the 2005 deliberation, the French Supreme Court’s decision helped to clarify exactly when such approval is needed. According to the Supreme Court’s decision, any whistleblowing system that allows complaints concerning conduct violations beyond those listed must be specifically authorized by the CNIL on a case-by-case basis, or risk being invalidated.

via French Data Protection Agency Restricts the Scope of the Whistleblowing Procedures: Multinational Companies Need to Make Sure They Are Compliant : Privacy Law Blog.

Filed Under: From The News Tagged With: , , , , , , , , ,

French Data Protection Agency Issues Guidelines to Help Companies Strengthen the Security of their Data Processing : Privacy Law Blog

October 26, 2010 By Leave a Comment

To assist companies to comply with European data protection laws, in particular those implemented in France, the French Data Protection Agency (known as “CNIL”) recently issued a set of guidelines organized by topic which provide elementary precautions to be taken by data controllers in several subject areas, including what types of conduct are prohibited as well as the CNIL’s recommendations in these areas.

According to article 34 of the French Data Protection Act of January 6, 1978 (as later amended, the “Act”), data controllers must take all useful precautions, depending on the nature of the data and the risks involved in processing it, to preserve the security of the data and, in particular, to prevent its alteration and damage, or access by non-authorized third parties.

Failure to do so is punishable by five years’ imprisonment and a fine of €300,000.

This duty to ensure the security of data continues throughout all stages of data processing,  i.e. from the data’s creation, to its use, back-up, filing and through to its eventual destruction.

via French Data Protection Agency Issues Guidelines to Help Companies Strengthen the Security of their Data Processing : Privacy Law Blog.

Filed Under: From The News Tagged With: , , , , , , , ,

French DPA Releases New Guidance on Personal Data Security : Privacy & Information Security Law Blog htt… http://bit.ly/bJJIUU #ediscovery

October 16, 2010 By Leave a Comment

French DPA Releases New Guidance on Personal Data Security : Privacy & Information Security Law Blog htt… http://bit.ly/bJJIUU #ediscovery

Filed Under: Tweet Archive Tagged With: , , , , , , , ,

French DPA Releases New Guidance on Personal Data Security : Privacy & Information Security Law Blog http://bit.ly/dhMfAk #ediscovery

October 12, 2010 By Leave a Comment

French DPA Releases New Guidance on Personal Data Security : Privacy & Information Security Law Blog http://bit.ly/dhMfAk #ediscovery

Filed Under: Tweet Archive Tagged With: , , , , , , , ,

French DPA Releases New Guidance on Personal Data Security : Privacy & Information Security Law Blog http://bit.ly/dhMfAk #ediscovery

October 12, 2010 By Leave a Comment

French DPA Releases New Guidance on Personal Data Security : Privacy & Information Security Law Blog http://bit.ly/dhMfAk #ediscovery

Filed Under: Tweet Archive Tagged With: , , , , , , , ,

French DPA Releases New Guidance on Personal Data Security : Privacy & Information Security Law Blog

October 12, 2010 By Leave a Comment

On October 7, 2010, the French Data Protection Authority (the “CNIL”) released its first comprehensive handbook on the security of personal data (the “Guidance”).  The Guidance follows the CNIL’s “10 tips for the security of your information system” issued on October 12, 2009, which were based on the CNIL’s July 21, 1981 recommendations regarding security measures applicable to information systems.

The Guidance reiterates that data controllers have an obligation under French law to take “useful precautions” given the nature of the data and the risks associated with processing the data, to ensure data security and, in particular, prevent any alteration or damage, or access by non-authorized third parties (Article 34 of the French Data Protection Act).  Failure to comply with this requirement is punishable by up to five years imprisonment or a fine of €300,000.

The Guidance provides general recommendations and best practices aimed at assisting data controllers with the implementation of appropriate security measures.

via French DPA Releases New Guidance on Personal Data Security : Privacy & Information Security Law Blog.

Filed Under: From The News Tagged With: , , , , , , , ,
« Older Posts