Individuals having difficulties in obtaining responses to their personal data subject access requests (DSAR) from French telephone operator Free Mobile filed several complaints before the Frenchdata protection authority (CNIL). These requests related to accessing their personal data and objecting to receiving direct marketing messages by electronic means. After its investigations, the CNIL imposed a fine of €300,000 against Free Mobile on 28 December 2021.(more…)
‘Specialist in new technologies’, K&L Gates LLP‘s team has an outstanding reputation for legal advice on innovative technologies and data-related concerns. Claude-Etienne Armingaud and Raphael Bloch are recognised as ‘exceptional lawyers who miss no details and who know their fields to perfection’. Claude-Etienne Armingaud has developed particular knowledge of multijurisdictional transactional matters dealing with IT outsourcing and data protection for blockchain and fintech, connected cars, and big data services.
Leading individuals: Claude-Etienne Armingaud – K&L Gates LLP
Practice head(s): Claude-Etienne Armingaud
Other key lawyers: Raphael Bloch(more…)
Quoted by Global Data Review:
Claude-Étienne Armingaud, a partner at K&L Gates in Paris, said the decision would have little impact in practice.
“The new sections adopted in July 2021 are implementing specific and targeted data retention requirements which should therefore comply with both the ECJ decisions and the Constitutional Council decision of today,” he said.
“So, if anything, it’s a tardy decision that was expected and confirmation that the Government did well to anticipate this.”
Read full article here.
During his January 2022 hearing before France’s National Assembly, the newly appointed chairman of the French competition authority (AdlC), Benoit Coeuré, stated that the digital sector would be one of the principal subject matters of his chairmanship (see press release here in English).
His intention is to focus on “the emergence of new essential infrastructures such as cloud-computing” and that, in consequence, “it would be important and justified for the AdlC to rapidly undertake in-depth work on the consequences of cloud-computing in all sectors in conjunction with the relevant sectoral authorities.”
Pursuant to Article L. 462-4 of the French Commercial Code, the AdlC has therefore decided to conduct a wide analysis of the matter in order to assess the competitive situation of the cloud-computing ecosystem.
A BOOMING SECTOR
This opinion comes at a time when the cloud-computing market is booming at both the European and French level, with an average annual growth expected to exceed 25% over the next few years, with strong value-creation challenges for the economy, and allowing for a 2030 market prediction 10 times larger than in 2020.
Over the last few years, cloud computing has become a complex ecosystem of technologies, products, and services, giving rise to a wealthy economy where several cloud-computing service providers compete for an ever-increasing share of the service market. This peaking sector allows for more efficient ways of working, which has ended up being especially valuable during the COVID-19 pandemic.
This “cloud boom” also serves as the backbone of a widespread digitalization of the economy, which is supported by the French government with its new national plan to support the French cloud industry.
THE NECESSITY FOR GLOBAL ANALYSIS
The AdlC’s purpose to conduct a broad analysis of the cloud-computing sector is pushed by both a European and international dynamic.
In this regard, the AdlC intends to provide for a definition of the relevant markets in the sector.
This commitment can be traced back to the European Commission’s (EU Commission) early analysis of the “IT outsourcing services” market encompassing the “public cloud computing services” as one of its sub-segments.1 Concurrently and from a transatlantic perspective, the U.S. Federal Trade Commission is also pushing forward with an antitrust scrutiny in the cloud-computing business.
The AdlC intends to study the competitive dynamics of the sector and the presence of operators in the various segments of the value chain (including their contractual relations) in a context where multiple alliances and partnerships are concluded for the provision of cloud services.
Should the AdlC identify potential improvements, proposals may be issued for the competitive functioning of the sector.
Taking into account the variety and complexity of the cloud-computing technologies involved, the AdlC announced that, for the first time, the investigation unit will comprise lawyers, economists, and data scientists notably from the newly created Digital Economy Department.
THE NEXT STEPS
A broad public consultation will be taking place in the next few months to gather comments and suggestions from the stakeholders. Comments are to be sent to the AdlC through the following email address: firstname.lastname@example.org.
The final opinion is expected to be issued by the beginning of 2023.
The firm’s global competition and data protection team (including the competition team and data protection team in each of our European offices) remains available to assist you in achieving the compliance of your data and antitrust matters at global levels.
Claude-Etienne Armingaud from K&L Gates ranked among the Best Lawyers France 2021 for Privacy and Data Security Law
Source: Best Lawyers
The French data protection Supervisory Authority (The CNIL) has issued a fine totaling EUR 400,000 against Monsanto for failing to inform individuals whose personal data was collected and processed for lobbying purposes.
Further to the revelation by several media outlets, in May 2019, that Monsanto kept records on more than 200 political and civil society figures (e.g. journalists, environmental activists, scientists or farmers) likely to influence the debate or public opinion on the renewal of the authorization of glyphosate in Europe, the CNIL received seven complaints from individuals whose personal data was included in those records. The personal data included in those records included professional details (e.g. company name, position, business address, business phone number, mobile phone number, business email address and Twitter account), along with a score of 1 to 5, aiming at evaluating their influence, credibility and support for Monsanto on various topics such as pesticides or genetically modified organisms.(more…)
The French Law n°2016-1691 of 9 December 2016 relating to transparency, the fight against corruption, and the modernization of economic life, known as the “Sapin II” Act 1)Sapin II entered into force on 10 December 2016 (JORF n°0287 of Dec. 10, 2016) introduced to legal entities additional compliance requirements to address corruption in order for France to meet the highest European and international standards.
Sapin II has established a general principle of prevention and detection of corruption risks under the control of a national anticorruption structure, the French Anti-Corruption Agency (AFA), whose main mission is to help economic and public players in the process.
The AFA noted in its 2019 annual activity report 2)French Anti-Corruption Agencyn Annual Activity Report 2019 (7 July 2020) (in French).that anticorruption measures implemented by economic and public players were still incomplete.
On 12 January 2021, the AFA published new recommendations entered into force on 13 January 2021 (Recommendations, here in French).
The AFA specifies the practical procedures for implementing an anticorruption system structured around three foundational principles, namely:
- Governing body’s commitment;
- Understanding the entity’s exposure to probity risks; and
- Risk management.
|↑1||Sapin II entered into force on 10 December 2016 (JORF n°0287 of Dec. 10, 2016)|
|↑2||French Anti-Corruption Agencyn Annual Activity Report 2019 (7 July 2020) (in French).|
GDPR/Data Scraping – A Clear Limitation by the French Data Protection Authority to Direct Marketing PracticesMarch 10th, 2021 | Posted by in eCommerce | France | Privacy - (0 Comments)
The French Supervisory Authority (CNIL) wrapped up 2020 with a EUR 20,000 fine against NESTOR, a French food preparation and delivery company catering to office employees (see full Decision SAN-2020-018 in French).
The CNIL highlighted various breaches of the General Data Protection Regulation (GDPR) and the ePrivacy Directive regarding the processing of prospects and clients’ personal data by the CNIL, most notably:
- The lack of prior consent of the prospects to receiving direct marketing communication by electronic means, thereby violating Article L.34-5 of the French Post and Electronic Communications Code (CPCE);
- The failure to properly inform individuals (Article 12 and 13 GDPR) whether:
- Upon the creation of their account on the company’s platform, or
- Upon indirect collection through external sources;
- The failure to properly address Data Subjects’ Access Requests (DSAR – Article 15 GPDR).
While the fine is rather limited in view of the maximum potential amount of EUR 20 million or four percent of the turnover (whichever the greater), this decision presents an opportunity to examine web scraping and direct marketing practices, which are rapidly developing.(more…)