Blog

Article 29 Working Party’s Opinion on Cloud Computing: A Threat for the Industry?

Francoise Gilbert

In its Opinion 05/2012 on Cloud Computing published as document WP 196 in early July 2012, the Article 29 Working Party identifies the data protection risks that are likely to result from the use of cloud computing services, such as the lack of control over personal data and lack of information about how, where and by whom the data are being processed or sub-processed in the cloud.  It expressly deems the Safe Harbor regime insufficient to meet the requirements of the national data protection laws.

(more…)

Read More

CNIL’s Concerned on Contactless Credit Cards

 

Alain Bensoussan
 
The French data protection authority, the CNIL issued on May 10, 2012, a press release (read here in French) to express its concerns on the security of contactless credit cards.
 
It also announced that it was currently carrying out technical investigations to identify any security gap and analyze their impacts on privacy.
 
Contactless credit cards are using the NFC (Near Field Communication) technology. NFC is a wireless short-range and high-frequency technology allowing to exchange information between a smart card and a terminal. (more…)
Read More

CNIL’s Reminder on Personal Data Contained in Public Records

 

Alain Bensoussan
 
The CNIL issued in May 2012 a press release to provide a quick reminder of the personal data that could be contained public records published online.
 
The French data protection authority, the CNIL issued in May 2012 a press release (read here in French) on the personal data that could be contained public records published online.
 
In France, the different services of the Public Records Office (such as the records of towns or of the Ministry of Defense) can post online archived documents, such as birth, marriage and death certificates that contain personal data, i.e. documents relating to individuals potentially still alive and/or individuals who are deceased but whose data may have consequences on the privacy of their heirs. (more…)
Read More

French Court Says Employee Folder Entitled “My Documents” is not Personal

 

Alain Bensoussan
 
French Supreme Court recently ruled that a folder entitled “My Documents” contained in an employee workstation was not presumed to contain personal files.
 
On May 10, 2012, the social chamber of the French Supreme Court (“Cour de cassation”) ruled that an employee’s computer folder named “My documents” could not be regarded as a private folder.
 
In that case, in 2006, an employee had stored on his workstation in a folder titled ‘”My Documents” phonographic pictures and videos showing other employees, recorded without their consent. The employer opened the folder and dismissed the employee for serious misconduct in 2006. The employee then sued the employer for unfair dismissal on the grounds that his “My Documents” folder was personal and that the employer did not have the right to open it and, therefore, to use the documents contained therein to justify his dismissal. (more…)
Read More

Facebook and Privacy

Lance Michalson

The CCMA has made two interesting decisions about whether it is unfair for an employer to dismiss an employee for posting intentionally offensive statements about their employer on a social networking website, like Facebook. The decisions are reported under Sedick & another / Krisray (Pty) Ltd [2011] JOL 27445 (CCMA) and Fredericks / Jo Barkett Fashions (2011) 20 CCMA 8.24.3.

The employees in each case were fairly dismissed, because the Arbitrators held that their privacy had not been infringed when their employers accessed their Facebook posts. The employees had published the statements in the public domain by not restricting their Facebook privacy settings. The CCMA took the view that, their employers were entitled to intercept the posts in terms of South African monitoring law.

These decisions raise the question, “How can organisations manage the use of social networking websites by their employees properly?”

(more…)

Read More

What the January 25, 2012 Draft of the Proposed EU Data Protection Reform Means for Companies Doing Business with or in the EU

January 27, 2012 – Francoise Gilbert

The comprehensive proposed data protection package that the European Commission unveiled on January 25, 2012 provides a sneak preview of the plans for the European Commission for the reform of the data protection rules in the European Union. It the draft legislative texts are adopted in a form substantially similar to that which was presented in the package, by 2015, the European Union will be operating under a single data protection law that applies directly to all entities and individuals in the Member States. In addition, much of the administrative burden that are currently costing billions of Euros to companies will have been removed. The savings would allow companies to allocate their data protection budget to more meaningful, efficient, data protection practices that are better adapted to the uses of personal data, the new technologies and the 21st century way of life.

(more…)

Read More

EU Data Protection Overhaul – New Draft Regulation

Francoise Gilbert

Note: This post is superseded by the post above, due to the publication of a new draft of the proposed legislative texts.

The European Commission has just published drafts of the two documents that will form the new legal framework for the protection of personal data throughout the European Economic Area. The draft documents are intended to provide a last opportunity for comments. The final version is expected to be published during the first quarter of 2012, and will come into force two years after publication. Thus, the new rules are currently not expected to be effective before the middle of 2014.

The proposed new legal framework consists of two legislative proposals: a proposal for a General Data Protection Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data, which will supersede Directive 95/46/EC; and a proposal for a Police and Criminal Justice Data Protection Directive on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data. This article discusses only the Regulation.

(more…)

Read More

France – Protection of Personal Data and Cloud Computing

Alain Bensoussan
 
In order to consider all potential solutions, both from a legal and technical standpoint, and to guarantee a high level of personal data protection, the French data protection authority, the CNIL, recently launched a Call for Contributions from all stakeholders (clients, providers, consultants) on cloud computing.
 
The CNIL’s Call for Contributions dealt with many issues related to cloud computing, including:
 
      Definition of cloud computing;
      Role of stakeholders;
      Applicable law;
      Regulation of data transfers;
      Security of data.

(more…)

Read More

Meet the New CNIL Chairwoman

Alain Bensoussan
 
The CNIL’s new Chairwoman, Isabelle Falque-Pierrotin, presents her priorities, both in French and in English in a video posted online, that can be viewed here.
 
Ms. Falque-Pierrotin was elected on September 21st, 2011, after CNIL’s previous Chairman, Mr. Alex Türk, who was also a member of the French Senate, proactively resigned to comply with a recent legal provision that will soon prohibit the CNIL’s Chairman from holding any other elected office or public position.
 
In the video, the new boss of the French data protection regulator stresses that in an evolving and global environment, CNIL must innovate and become more open to resolutely step into the digital world. She firmly believes that cooperation with the private sector is important and thinks “the EU revision [of the data protection framework] will be a wonderful occasion to demonstrate that we are able to have a competitive protection but also a modernized protection” of personal data.

(more…)

Read More