Privacy & Information Security Law Blog

On November 16, 2011, the French Data Protection Authority (the “CNIL”) published its Annual Activity Report for 2010 (the “Report”) highlighting its main 2010 accomplishments and outlining some of its priorities for the upcoming year. This year’s Report covers events that occurred since last year’s publication of the Annual Activity Report for 2009.

The Report discusses the upcoming revision of the EU data protection framework (Directive 95/46/EC) and presents the CNIL’s recommendations on key topics, such as introducing a right to be forgotten, increasing developer liability for data protection failures in new technologies, creating a binding international data protection regulation, and maintaining specific formalities to govern “risky” data processing (e.g., those including sensitive data or public security files).

Also, in January 2011, the CNIL was the first European data protection authority to create a Foresight and Innovation Department (the “Department”). Gathering lawyers, IT experts, sociologists, politicians and economists, the Department’s mission is to analyze new technological trends and developments and assess their impact on privacy and personal data protection. The Report notes that the Department plans to conduct two studies in 2011: one to address the smartphone boom, and the other, “Privacy 2020,” to forecast how the evolution of new technologies will affect legislation and the CNIL’s role.

The following are some of the other highlights from the Report:

• In 2010, data controller services were improved through a new online registration process and quicker turnaround times for acknowledgments of receipts and authorizations to transfer data outside the European Economic Area.
• In terms of sanctions, the CNIL’s powers were strengthened, and it issued its first injunctions to stop data processing activities. It also levied a record fine against Google.
• The CNIL inspected the implementation of 55 video surveillance cameras (i.e., CCTV cameras) and included in its Report recommendations for the implementation of such devices in workplaces. In addition, pursuant to a new security bill (Loi d’orientation et de programmation pour la performance de la sécurité intérieure of March 14, 2011), the CNIL was granted additional authority to monitor the use of video surveillance cameras in both private and public areas.
• The CNIL invested €500,000 in privacy awareness programs for children, parents and teachers by sending guidelines to schools, broadcasting a clip on both the Internet and TV channels, launching an iPhone application and creating a special website.
• In order to increase cooperation, the CNIL signed an agreement with the French General Directorate for Competition Policy, Consumer Affairs and Fraud Control (Direction Générale de la Concurrence, de la Consommation et de la Répression des Fraudes) and joined the Global Privacy Enforcement Network.
• The CNIL opened its own accounts on Facebook, Twitter and LinkedIn.
• In 2010, the CNIL received more than 4,821 complaints and 70,797 data processing registrations. It also conducted 308 on-site inspections around the country, which constitutes a 14 percent increase over 2009. In April 2011, the CNIL released its 2011 inspections report which indicated that it planned to conduct at least 400 inspections over the course of 2011.

Read the CNIL’s full report (in French).

Read our coverage of the CNIL’s 2009 Activity Report.