Internet Marketing and Crowdsourcing: What are the Limits?

Eric Barbry

Internet Marketing and Crowdsourcing: What are the Limits?

The Internet marketing industry is exploring various strategies to try to influence the behaviors of Internet users as how they behave has now become integral to the operation of a growing number of services offered by search engines (e.g. Google Suggest) and more generally social networks.

Crowdsourcing is one of the avenues used to achieve their goals: via crowdsourcing platforms, companies can pay Internet users to complete a variety of microtasks ranging from performing image recognition to translating content, clicking on “like” or posting comments.

One can easily imagine how crowdsourcing platforms can be misused to produce fake comments or harm someone’s online reputation. In France, this type of behavior constitutes unfair trade practices and is actionable under Article L 120-1 of the French Consumer Code.

If a website experienced an unexplained drop in traffic or begins to be associated with negative search suggestions or comments, it is worth taking a closer look at these platforms. In France, to record evidence and build a case, companies should have the litigious practices recorded by a competent member of the legal profession (in France a huissier will draft their findings in a report called constat).

Link: Article L 120-1 of the French Consumer Code (in French)

Read More

Civilian Drones and Privacy Protection

Alain Bensoussan

Civilian Drones and Privacy Protection

Drones, also known as UAVs (Unmanned Aerial Vehicles) have long been confined to the military sector. But today their civilian use is growing exponentially in many areas. E-commerce giant Amazon’s recent announcement of the launch of a 30-minute package delivery service via small drones (Micro Aerial Vehicles) in the US within the next five years demonstrates the benefits of drones and showcases how enormous their potential can be.

In April 2012, France adopted regulations governing the use of drones. These regulations are implemented through the French Directorate General of Civil Aviation (DGAC).

In addition, drones equipped with a camera or a video camera must take account of the French Data Protection Act, which governs the processing of personal data and privacy rights.

CNIL, the French data protection authority, has especially been looking into UAVs that integrate different kinds of sensor as they can be powerful tools to observe, store and analyze personal data. In December 2013 it devoted a special issue of its newsletter to the topic “Drones, Innovations, Privacy and Individual Freedoms”, in which it examined the possible new forms of surveillance of individual behaviors and movements, and hence — more generally— their impact on privacy.

This gives food for thought not only about the civilian use of UAVs, but also on the broader issue of roboethics. The CNIL’s analysis could lead to future recommendations in this area.

Link: Cnil 6th Newsletter on Innovation & Foresight (in French)

Read More

CNIL’s Advanced Security and Privacy Risk Management Guides

Alain Bensoussan

The French data protection authority, the CNIL, recently published a translated version of its two new guides “Advanced security and Privacy risk management”.

These guides consist of :

  • A methodology for managing the risks that can affect the individuals ;
  • A catalogue of measures and best practices to treat the risks identified with the methodology.

These documents are primarily intended for use by controllers, data protection officers (DPO) and chief information security officers (CISO). They assist them in creating a rational understanding of the risks arising from the processing of personal data and to choose necessary and sufficient organizational and technical measures to protect privacy.

The two guides are available on the CNIL’s website :

Read More

France: Dismissal for Violation of IT Policy

Alain Bensoussan

A French Court of Appeals recently confirmed the dismissal of an employee who had downloaded software not authorized by his company’s IT policy. The judges rejected the employee’s claims that the employer did not have the right to monitor his PC in his absence, reminding the employee that a professional computer had to be used strictly for professional purposes during the working hours and that an employer was therefore entitled to monitor it even without the presence of the employee.

A technician, who had already received a warning from the HR department after the discovery on his professional hard disk of software not authorized by the company’s IT policy, was dismissed after it appeared that he had subsequently continued to use such software. (more…)

Read More

France: CNIL’s Unveiled its 2011 Annual Report

Alain Bensoussan

Every year, the French data protection authority, the CNIL, issues an annual report containing information and statistics on the past year and outlining its priorities for the next year. CNIL’s recently published its 32nd Annual Report for 2011.

Key figures

In 2011, the CNIL:

  • Conducted nearly 400 controls and audits (+ 25% versus 2010).
  • Received nearly 6,000 complaints (+ 19% versus 2010).

This demonstrates a high increase in the CNIL’s control and sanction activities. (more…)

Read More

CNIL’s Concerned on Contactless Credit Cards


Alain Bensoussan
The French data protection authority, the CNIL issued on May 10, 2012, a press release (read here in French) to express its concerns on the security of contactless credit cards.
It also announced that it was currently carrying out technical investigations to identify any security gap and analyze their impacts on privacy.
Contactless credit cards are using the NFC (Near Field Communication) technology. NFC is a wireless short-range and high-frequency technology allowing to exchange information between a smart card and a terminal. (more…)
Read More

CNIL’s Reminder on Personal Data Contained in Public Records


Alain Bensoussan
The CNIL issued in May 2012 a press release to provide a quick reminder of the personal data that could be contained public records published online.
The French data protection authority, the CNIL issued in May 2012 a press release (read here in French) on the personal data that could be contained public records published online.
In France, the different services of the Public Records Office (such as the records of towns or of the Ministry of Defense) can post online archived documents, such as birth, marriage and death certificates that contain personal data, i.e. documents relating to individuals potentially still alive and/or individuals who are deceased but whose data may have consequences on the privacy of their heirs. (more…)
Read More

French Court Says Employee Folder Entitled “My Documents” is not Personal


Alain Bensoussan
French Supreme Court recently ruled that a folder entitled “My Documents” contained in an employee workstation was not presumed to contain personal files.
On May 10, 2012, the social chamber of the French Supreme Court (“Cour de cassation”) ruled that an employee’s computer folder named “My documents” could not be regarded as a private folder.
In that case, in 2006, an employee had stored on his workstation in a folder titled ‘”My Documents” phonographic pictures and videos showing other employees, recorded without their consent. The employer opened the folder and dismissed the employee for serious misconduct in 2006. The employee then sued the employer for unfair dismissal on the grounds that his “My Documents” folder was personal and that the employer did not have the right to open it and, therefore, to use the documents contained therein to justify his dismissal. (more…)
Read More

France – Protection of Personal Data and Cloud Computing

Alain Bensoussan
In order to consider all potential solutions, both from a legal and technical standpoint, and to guarantee a high level of personal data protection, the French data protection authority, the CNIL, recently launched a Call for Contributions from all stakeholders (clients, providers, consultants) on cloud computing.
The CNIL’s Call for Contributions dealt with many issues related to cloud computing, including:
      Definition of cloud computing;
      Role of stakeholders;
      Applicable law;
      Regulation of data transfers;
      Security of data.


Read More