France

Eric Barbry

Internet Marketing and Crowdsourcing: What are the Limits?

The Internet marketing industry is exploring various strategies to try to influence the behaviors of Internet users as how they behave has now become integral to the operation of a growing number of services offered by search engines (e.g. Google Suggest) and more generally social networks.

Crowdsourcing is one of the avenues used to achieve their goals: via crowdsourcing platforms, companies can pay Internet users to complete a variety of microtasks ranging from performing image recognition to translating content, clicking on “like” or posting comments.

One can easily imagine how crowdsourcing platforms can be misused to produce fake comments or harm someone’s online reputation. In France, this type of behavior constitutes unfair trade practices and is actionable under Article L 120-1 of the French Consumer Code.

If a website experienced an unexplained drop in traffic or begins to be associated with negative search suggestions or comments, it is worth taking a closer look at these platforms. In France, to record evidence and build a case, companies should have the litigious practices recorded by a competent member of the legal profession (in France a huissier will draft their findings in a report called constat).

Link: Article L 120-1 of the French Consumer Code (in French)

Alain Bensoussan

Civilian Drones and Privacy Protection

Drones, also known as UAVs (Unmanned Aerial Vehicles) have long been confined to the military sector. But today their civilian use is growing exponentially in many areas. E-commerce giant Amazon’s recent announcement of the launch of a 30-minute package delivery service via small drones (Micro Aerial Vehicles) in the US within the next five years demonstrates the benefits of drones and showcases how enormous their potential can be.

In April 2012, France adopted regulations governing the use of drones. These regulations are implemented through the French Directorate General of Civil Aviation (DGAC).

In addition, drones equipped with a camera or a video camera must take account of the French Data Protection Act, which governs the processing of personal data and privacy rights.

CNIL, the French data protection authority, has especially been looking into UAVs that integrate different kinds of sensor as they can be powerful tools to observe, store and analyze personal data. In December 2013 it devoted a special issue of its newsletter to the topic “Drones, Innovations, Privacy and Individual Freedoms”, in which it examined the possible new forms of surveillance of individual behaviors and movements, and hence — more generally— their impact on privacy.

This gives food for thought not only about the civilian use of UAVs, but also on the broader issue of roboethics. The CNIL’s analysis could lead to future recommendations in this area.

Link: Cnil 6^th Newsletter on Innovation & Foresight (in French)

Alain Bensoussan

The French data protection authority, the CNIL, recently published a translated version of its two new guides “Advanced security and Privacy risk management”.

These guides consist of :

• A methodology for managing the risks that can affect the individuals ;
• A catalogue of measures and best practices to treat the risks identified with the methodology.

These documents are primarily intended for use by controllers, data protection officers (DPO) and chief information security officers (CISO). They assist them in creating a rational understanding of the risks arising from the processing of personal data and to choose necessary and sufficient organizational and technical measures to protect privacy.

The two guides are available on the CNIL’s website : http://www.cnil.fr/english/

Alain Bensoussan

A French Court of Appeals recently confirmed the dismissal of an employee who had downloaded software not authorized by his company’s IT policy. The judges rejected the employee’s claims that the employer did not have the right to monitor his PC in his absence, reminding the employee that a professional computer had to be used strictly for professional purposes during the working hours and that an employer was therefore entitled to monitor it even without the presence of the employee.

A technician, who had already received a warning from the HR department after the discovery on his professional hard disk of software not authorized by the company’s IT policy, was dismissed after it appeared that he had subsequently continued to use such software. (more…)

Alain Bensoussan

Every year, the French data protection authority, the CNIL, issues an annual report containing information and statistics on the past year and outlining its priorities for the next year. CNIL’s recently published its 32^nd Annual Report for 2011.

Key figures

In 2011, the CNIL:

• Conducted nearly 400 controls and audits (+ 25% versus 2010).
• Received nearly 6,000 complaints (+ 19% versus 2010).

This demonstrates a high increase in the CNIL’s control and sanction activities. (more…)

(more…)