This page contains a Flash digital edition of a book.
where those organisations could show they had "made a serious effort to comply with the DPA and had genuine reason to believe that the data it disclosed did not contain personal data or present a re-identification risk.”


Read more


-DATA PROTECTION & PRIVACY-


CNIL Adds New Consent Requirement for Use of Credit Card Data The CNIL, France’s data protection authority, published a new recommendation relating to the collection of credit card information, replacing an older 2003 recommendation. The new recommendation, which represents a de facto standard for online merchants and payment services providers who collect data from French consumers, is more prescriptive than the old, particularly regarding how online merchants should seek consent for the retention of credit card information. Under the CNIL’s analysis, the principle purpose for which consumers provide payment information to a merchant is to complete a given online transaction. If a merchant or service provider wants to retain card information to provide additional services, such as the ability to make subsequent purchases without having to enter credit card information a second time, the CNIL considers this as a separate “purpose” for which the online merchant must seek separate consent. The CNIL said that a user’s consent to the terms and conditions is not sufficient. There must be a separate check-the-box consent pursuant to which the consumer explicitly agrees that the online merchant may keep payment details in order to facilitate future transactions. The online merchant must then give users a visible and easy-to-use opt-out to later revoke their content.


Read more


More CNIL Guidance for Multinationals Seeking to Comply with SOX & Dodd-Frank


United States employers operating in France often face a dilemma. While they may be bound by the whistleblowing requirements of the Sarbanes-Oxley Act (SOX) and its Dodd-Frank amendments, they also are bound by the data privacy requirements of French law, which can be at odds with U.S. whistleblowing laws. The French data protection authority (La Commission Nationale de l'Informatique et des Libertés or CNIL) periodically issues guidelines that provide some clarity on how employers can resolve this conundrum. On January 30, 2014, the CNIL finalized amendments to these guidelines expanding the scope of the topics that could be disclosed through an anonymous whistleblowing hotline. The amendments also clarify the conditions under which SOX-type anonymous whistleblowing is permitted under French law. The new guidelines attempt to balance the CNIL's interest in ensuring that employers establish a transparent whistleblowing system with its divergent interest in protecting the confidentiality of the report and the identity of the whistleblower. In particular, the guidelines require that a whistleblower self-identify, and that the corporate administrator managing the "alerts" treat that identification as confidential. The CNIL's guidance provides useful clarity for employers that have implemented, or plan to implement, a whistleblower scheme that is consistent with French law.


Read more


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17