The revised French Health Data Hosting (HDS) certification framework, published on May 16, 2024, in the Official Journal, addresses data localization and transfers amidst concerns about digital sovereignty. The new provisions...more
On May 16, 2024, the CNIL announced a critical public consultation and three significant updates to adapt health research regulations in France. These updates, focusing on remote quality control, home monitoring, and...more
The CNIL has launched an investigation into a significant data breach affecting over 33 million individuals in France, involving third-party payment operators Viamedis and Almerys. It is the biggest breach in France involving...more
Le bureau Parisien de Hogan Lovells a le plaisir de vous adresser sa lettre d'information mensuelle qui vous présente les Actualités législatives et réglementaires du mois de décembre 2023. Ces Actualités législatives et...more
The French Data Protection Authority (the "CNIL") has just published two new reference methodologies for research, studies, or evaluations necessitating access to the data in the French Healthcare database. These new...more
The French Data Protection Authority (CNIL) is still seeking input from Artificial Intelligence (AI) stakeholders on how to ensure that AI systems comply with data protection laws. Use of large amount of data and data...more
P. Latombe, who is not only a Member of the French Parliament, but also seated at the French Data Protection Authority (CNIL)'s Commission, lodged a request for annulment of the DPF on 6 September 2023 before the Court of...more
9/12/2023
/ Annulment ,
CNIL ,
Court of Justice of the European Union (CJEU) ,
Data Privacy ,
Data Protection ,
France ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Popular ,
Schrems I & Schrems II ,
Treaty on the Functioning of the European Union (TFEU)
On 6 July 2023, the French data protection authority (the "CNIL") updated its guidelines on whistleblowing systems again. The last version dated from December 2019. This update is the result of the French transposition of...more
A few days after the European Parliament adoption of a compromise position on the Artificial Intelligence Act (the “AI Act”), the French Data Protection Authority (the “CNIL”) published, on 16 May 2023, a detailed 4-step...more
Les derniers mois ont vu une activité bouillonnante de la CNIL avec l’adoption de nombreuses délibérations. Nous avons analysé ces décisions pour comprendre les principales orientations prises par l’autorité française....more
While the French Data Protection Authority (the "CNIL") has consistently emphasized the importance of protecting health data, there will be even more focus for 2023 with more investigations and sanctions in this sector. The...more
The French Data Protection Authority (CNIL) has released a Q&A providing its position, possible alternative solutions as well as guidance on using a compliant audience measurement solution. It follows a set of formal notices...more
A new French template agreement for clinical trials (Convention Unique) was published on April 9, 2022. This new version was much awaited since the initial version, dated back to 2016, was missing some key provisions...more
The healthcare sector is a current focus of the French data protection authority (CNIL) which just published two draft standards regarding processing of personal data in the context of Early Access and Compassionate Access....more
Le 15 février 2022, la CNIL a publié deux projets de référentiels. Ces référentiels étaient très attendus car l’Autorisation Unique 041 sur les traitements de données personnelles dans le cadre des Autorisations Temporaires...more
The French Data Protection Authority (CNIL) published an FAQ on March 18, 2021 to further explain its earlier guidelines and “recommendation” on cookies and other tracking technologies, which were published on September 17,...more
On October 14, 2020, the French Administrative Supreme Court (Conseil d’Etat) published its decision in a lawsuit requesting that the French health data platform (Health Data Hub) be suspended for breach of the GDPR in light...more
10/22/2020
/ CNIL ,
Court of Justice of the European Union (CJEU) ,
Data Transfers ,
Enforcement Actions ,
EU ,
France ,
French Supreme Court ,
General Data Protection Regulation (GDPR) ,
Microsoft ,
Online Platforms ,
Personal Data ,
Popular ,
Regulatory Violations ,
Schrems I & Schrems II
On October 8, 2020, France’s data protection authority (CNIL) provided the French Administrative Supreme Court (Conseil d’Etat) with a brief presenting its arguments against the hosting of some French public health data by...more
The French Data Protection Authority (CNIL) has recently released new guidelines (French only) regarding human resources processing operations. ...more
On 19 July the French Data Protection Authority (the “CNIL”) published new guidelines on cookies and trackers. These replace the existing Recommendation No. 2013-378 of 5 December 2013, are intended to be in line with...more
7/22/2019
/ CNIL ,
Cookies ,
Data Protection ,
e-Privacy Directive ,
EU ,
France ,
General Data Protection Regulation (GDPR) ,
Grace Period ,
Information Technology ,
Internet ,
New Guidance ,
Opt-In ,
Prior Express Consent ,
Regulatory Oversight ,
Regulatory Requirements ,
Web Tracking ,
Websites
The French Data Protection Authority (the CNIL) has made targeted online advertising a priority topic in its 2019-2020 agenda and has changed its position on cookie consent. Although the ePrivacy Regulation is still being...more
7/8/2019
/ CNIL ,
Consent ,
Cookies ,
Data Protection Authority ,
Direct Marketing ,
e-Privacy Directive ,
France ,
New Guidance ,
New Rules ,
Popular ,
Proposed Rules ,
Sanctions ,
UK ,
UK ICO ,
Websites
The French Data Protection Authority (the CNIL) published its assessment of the first four months of GDPR and several guidelines, including one on how to make a GDPR compliant blockchain. ...more
10/11/2018
/ Big Data ,
Biometric Information ,
Blockchain ,
CCTV ,
CNIL ,
Cybersecurity ,
Data Protection ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Distributed Ledger Technology (DLT) ,
EU ,
France ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Right to Erasure
The General Data Protection Regulation (GDPR) will enter into force on 25 May 2018. In light of the urgency to adapt Law no. 78-17 dated 6 January 1978 to the new European Union law, the French Government has initiated an...more
The Decree No 2018-137 of 26 February 2018 on the hosting of personal health data has been published on 28 February 2018 in the Official Journal. The Decree defines notably the arrangements for implementing the procedure for...more
3/6/2018
/ Certification Requirements ,
Data Collection ,
Data Management ,
Data Protection Principles ,
Data-Sharing ,
Electronically Stored Information ,
France ,
Personal Data ,
Regulatory Oversight ,
Regulatory Standards ,
Transparency
The Decree has been adopted pursuant to Order No 2017-27 of 12 January 2017 on the hosting of personal health data which substantially modified Article L1111-8 of the French Public Health Code (FPHC)....more