jfgilbert

France: Dismissal for Violation of IT Policy

Alain Bensoussan

A French Court of Appeals recently confirmed the dismissal of an employee who had downloaded software not authorized by his company’s IT policy. The judges rejected the employee’s claims that the employer did not have the right to monitor his PC in his absence, reminding the employee that a professional computer had to be used strictly for professional purposes during the working hours and that an employer was therefore entitled to monitor it even without the presence of the employee.

A technician, who had already received a warning from the HR department after the discovery on his professional hard disk of software not authorized by the company’s IT policy, was dismissed after it appeared that he had subsequently continued to use such software. (more…)

Read More

France: CNIL’s Unveiled its 2011 Annual Report

Alain Bensoussan

Every year, the French data protection authority, the CNIL, issues an annual report containing information and statistics on the past year and outlining its priorities for the next year. CNIL’s recently published its 32nd Annual Report for 2011.

Key figures

In 2011, the CNIL:

  • Conducted nearly 400 controls and audits (+ 25% versus 2010).
  • Received nearly 6,000 complaints (+ 19% versus 2010).

This demonstrates a high increase in the CNIL’s control and sanction activities. (more…)

Read More

Analytics Cookies & Consent Exemption

Alain Bensoussan

Are analytics cookies, i.e., cookies used to measure website audience, subject to the prior consent of Internet users? This article provides insights about the French and European views on this topic.

Background

Directive 2002/58/EC, as amended by Directive 2009/136/EC (known as the
e-Privacy Directive) has reinforced the protection of users of electronic communication networks and services by requiring informed consent before information is stored or accessed in the user’s (or subscriber’s) terminal device. Article 5.3 of the Directive allows cookies to be exempted from the requirement of informed consent, if they satisfy some criteria.

(more…)

Read More

FTC v. Google 2012 – Misrepresentation of Compliance with NAI Code a Key Element

Francoise Gilbert

Google was hit by a $22.5 million penalty as a result of an investigation by the Federal Trade Commission covering Google’s practices with users of the Safari browser. A very interesting aspect of this new case against Google (Google 2), is that it raises the issue of Google’s violation of the Self-Regulatory Code of Conduct of the Network Advertising Initiative (NAI Code). This is an interesting evolution in the history of the FTC rulings. At first, the FTC focused on violation of privacy promises made in Privacy Statements, then it went on to pursue violation of the Safe Harbor Principles. In this new iteration, the FTC attacks misrepresentation of compliance with industry standard.

(more…)

Read More

Stringent Requirements by the Swiss Federal Supreme Court for Google Street View

Ursula Widmer

On 8th June 2012 the Swiss Federal Supreme Court published its long and eagerly awaited decision on Google Street View. The court partially upheld the complaint by Google on one important point. The Federal Supreme Court does not consider it necessary for Google to take further steps in addition to the automated anonymization of faces and vehicle number plates to ensure complete anonymization for all images before uploading. This was precisely what the Federal Data Protection and Information Commissioner (FDPIC) had demanded of Google because the software for automated anonymization is not to 100% reliable. The Federal Administrative Court was likewise of this opinion in its decision of April 2011. However, the Federal Supreme Court now considers it reasonable that the automated anonymization does not completely cover all persons and vehicle number plates, provided that the error quota of inadequately anonymized images is not more than approximately 1 per cent. (more…)

Read More

Article 29 Working Party’s Opinion on Cloud Computing: A Threat for the Industry?

Francoise Gilbert

In its Opinion 05/2012 on Cloud Computing published as document WP 196 in early July 2012, the Article 29 Working Party identifies the data protection risks that are likely to result from the use of cloud computing services, such as the lack of control over personal data and lack of information about how, where and by whom the data are being processed or sub-processed in the cloud.  It expressly deems the Safe Harbor regime insufficient to meet the requirements of the national data protection laws.

(more…)

Read More

CNIL’s Concerned on Contactless Credit Cards

 

Alain Bensoussan
 
The French data protection authority, the CNIL issued on May 10, 2012, a press release (read here in French) to express its concerns on the security of contactless credit cards.
 
It also announced that it was currently carrying out technical investigations to identify any security gap and analyze their impacts on privacy.
 
Contactless credit cards are using the NFC (Near Field Communication) technology. NFC is a wireless short-range and high-frequency technology allowing to exchange information between a smart card and a terminal. (more…)
Read More

CNIL’s Reminder on Personal Data Contained in Public Records

 

Alain Bensoussan
 
The CNIL issued in May 2012 a press release to provide a quick reminder of the personal data that could be contained public records published online.
 
The French data protection authority, the CNIL issued in May 2012 a press release (read here in French) on the personal data that could be contained public records published online.
 
In France, the different services of the Public Records Office (such as the records of towns or of the Ministry of Defense) can post online archived documents, such as birth, marriage and death certificates that contain personal data, i.e. documents relating to individuals potentially still alive and/or individuals who are deceased but whose data may have consequences on the privacy of their heirs. (more…)
Read More

French Court Says Employee Folder Entitled “My Documents” is not Personal

 

Alain Bensoussan
 
French Supreme Court recently ruled that a folder entitled “My Documents” contained in an employee workstation was not presumed to contain personal files.
 
On May 10, 2012, the social chamber of the French Supreme Court (“Cour de cassation”) ruled that an employee’s computer folder named “My documents” could not be regarded as a private folder.
 
In that case, in 2006, an employee had stored on his workstation in a folder titled ‘”My Documents” phonographic pictures and videos showing other employees, recorded without their consent. The employer opened the folder and dismissed the employee for serious misconduct in 2006. The employee then sued the employer for unfair dismissal on the grounds that his “My Documents” folder was personal and that the employer did not have the right to open it and, therefore, to use the documents contained therein to justify his dismissal. (more…)
Read More