On July 2, 2018, the French Data Protection Authority (“Commission Nationale de l’Informatique et des Libertés” or “CNIL”) published its yearly thematic guidance for the priority axes of its control activities, notably further to the entry into force of the recent General Data Protection Regulation (“GDPR”).

As for the previous periods, the CNIL is expecting to launch 300 dawn-raids, either on premises or online, in order to control compliance of companies subject to French and European data protection regulations, notably on newly introduced aspects relating to the implementation of GDPR (right to portability, data protection impact assessments…).

One of the new aspects of GDPR also includes the joint control operations by several EU supervisory authorities.
The themes which will guide the CNIL’s actions over the following months will include:

Recruitment operations
While the development of big data solutions and AI-assisted recruitment, through the use of algorithm offer the vast possibility to assess the applicants and predicts their adequacy for the position on the basis of pre-defined criteria, such technologies are also likely to impact a broad number of data subjects and subject them to arbitrary or opaque decision making outcomes. The CNIL will therefore target the transparency and the selection requirements, as well as retention periods for the surrounding meta data.

Real estate documentation
Fair home access is a key concern of our times. French Decree no.2015-1437 dated 5 November 2015 aims at protecting tenants with regard to information which may be requested. However, almost three years after this decree, it seems that asking additional documentation remains common practice, including sensitive data such as medical files. The lack of proportionality between the documents requested and the purposes of the processing may affect the compliance of realtors, who will be a priority control target.

Connected e-ticketing services
The MAPTAM Act allowed for local territorial administration to outsource the parking ticket process and the automation thereof. However, several complaints emerged since the beginning of the year from data subjects who perceived a decrease in their protection under the data protection framework. As such, the CNIL will also target the conditions under which the outsourcing operations have been performed and the conditions for use, retention and safeguarding of the data subjects’ information.

While the guidance addresses the control aspects of its activities, the CNIL also mentioned that the follow up to such controls, notably in terms of sanctions against the controlled companies, would be assessed at a later stage and will take into consideration good faith efforts initiated by targeted companies.

As a consequence, it remains a priority to validate a sound action plan to reach compliance with GDPR undertakings by the end of this year for all impacted companies.

The French Privacy team of K&L Gates remains available to assist you in your implementation and evaluation of your GDPR compliance strategy.

First published on K&L Gates French Privacy Alert

The French Autorité des Marchés Financiers has recently published a synthesis of the contributions it received in response to its public consultation on Initial Coin Offerings (ICOs) to obtain stakeholder views on how these new types of blockchain offerings might be regulated.

The consultation included a presentation of ICOs, a warning on the risks they present, a legal analysis of ICOs with respect to the rules overseen by the AMF and the regulatory options proposed by the AMF. Respondents were invited to give their views on all of these points.

The English version of the synthesis can be found here, the French version here and our previous coverage of the consultation can be found here.

First published on K&L Gates Fintech Law Blog.

On 26 October 2017, France’s Financial Markets Authority, the “Autorité des Marchés Financiers” (“AMF”), published a discussion paper focusing on initial coin offerings (“ICOs”) that highlights the (many) dangers that arise from these unregulated transactions and discusses the regulation options that it currently foresees.
(more…)

Further to the adoption of Act no.2016-1691, dated 9 December 2016, on Transparency, Anti-Corruption and Modernization of Economic Life (“Sapin II” – see our compliance coverage here) and the public consultation whose results were made public on 30 August 2017 (see our coverage here), the French Ministry of Finance published a draft document aiming at adapting the French legal framework to the use of blockchain technology.

The proposed draft (which may be accessed here in French) address the possibility, for company, to register in a “shared electronic registry”:

  • Negotiable debt securities;
  • Units or shares of undertakings for collective investment;
  • Capital securities issued by corporations and debt securities other than negotiable debt securities, provided that they are not traded on a trading platform

The conditions under which such registration would possible expressly exclude any item admitted to the operations of a central depository or delivered in a system for the payment and delivery of financial instruments. In addition, the bylaws of the issuer must expressly provide for the possibility to use such shared electronic registries.

In any case, the French regulatory framework would subject to French law whenever the issuer is headquartered in France or the issuance itself is already governed by French law.

Additional technical measures will subsequently be devised by a supplementing Decree, in order to provide the required safeguards.

While assessing the relevancy of a blockchain framework for corporate titles remains difficult in the absence of such technical details, all players are welcome to provide the Ministry with observations on the proposed framework until 9 October 2017.

First published on the K&L Gates Fintech Law Blog with Emilie Oberlis.

The French Act no.2016-1691 dated 9 December 2016 on Transparency, Anti-Corruption and Modernization of Economic Life (Or “Sapin II” – see our compliance coverage here) empowered the Government to amend the regulatory framework to facilitate the transmission of certain financial securities through blockchain technology 1)Article 120 of Sapin II “The Government may by way of executive orders within the 12 months following this Act take the measures necessary to (…) … Continue reading

In order to prepare such executive order, the Ministry of Finance initiated last Spring a public consultation, whose results were made public on 30 August 2017.
(more…)

References

1 Article 120 of Sapin II “The Government may by way of executive orders within the 12 months following this Act take the measures necessary to (…) amend the regulatory framework applicable to securities in order to allow the representation and the transmission (via a shared electronic recording device) of securities that are not admitted to the operations of a central depositary or a system of payment and delivery of financial instruments.”

The new generic top-level domain (gTLD) .africa, a regional domain for users located in and out of the continent, has been officially validated by ICANN.

More than a decade after its other regional counterparts, such as .eu or .asia, the .africa gTLD has been the subject matter of a legal conundrum for years.
The new generic top-level domain (gTLD) .africa, a regional domain for users located in and out of the continent, has been officially validated by ICANN.

More than a decade after its other regional counterparts, such as .eu or .asia, the .africa gTLD has been the subject matter of a legal conundrum for years.
(more…)

The French Act No. 2016-1321 of 7 Oct. 2016 for a Digital Republic (the “Digital Republic Act”) amends the existing framework for online intermediation platform created under Article L.111-5-1 of the French Consumer code by the Act No. 2015-990 of 6 August 2015.

The Digital Republic Act creates a general, autonomous and impersonal status of online platform operator (“OPO”) and completes the existing legal framework relating to consumer protection through the consumers’ prior information.
(more…)

After its invalidation of the data retention requirements imposed by Directive 2006/24/EC in its Digital Rights Ireland decision dated 8 April 2014, the ECJ was requested to assess the compatibility with the Directive 2002/58/EC (the “ePrivacy Directive”) and the Charter of Fundamental Rights of the European Union (the “CFREU”) of a domestic legislation mandating a general and indiscriminate obligation to retain traffic and location data, without prior judicial review, for purposes including the fight against crime.). The ECJ joined the two cases which had been submitted for review and issued its decision on 21 December 2016 (the “Decision”).
(more…)

The advent of autonomous cars represents a unique opportunity to rethink urbanism globally. Indeed, such a technological evolution will undoubtedly foster the development of a range of new offerings, such as car sharing and value-added opportunities, while at the same time ensure added safety on the roads at a time when traffic injuries remain the primary cause of death among people aged 15 to 29.

One direction in which this new paradigm could be expressed may be the decline of exclusive car ownership and the shift toward CaaS, or “Car-as-a-Service”. Autonomous cars could be shared among a community of subscribers and used on an as-needed basis, after which they could then park themselves outside of the urban landscape for battery-reloading purposes or when not in use.
Nevertheless, such an idealistic picture can only be achieved once all regulatory barriers have been lifted.
(more…)

ArabianIndustry.com article by Fatima De La Cerna

Autonomous transportation systems may no longer be the stuff of science fiction, but there’s still a large amount of work, regulation-wise, that needs to be done before they can replace conventional vehicles on the road.

“A start has been made towards laying the foundation of a regulatory framework in many countries around the world, but there are still considerable challenges that must be overcome by lawmakers and regulators alike in developing a comprehensive and unified approach to govern what we anticipate will be a strong sector in the near future,” said Claude-Étienne Armingaud, a Paris-based partner at K&L Gates, who spoke via video link during a press conference held on 7 March, in Dubai.

Read the full article here.

ArabianIndustry.com article by Fatima De La Cerna

Autonomous transportation systems may no longer be the stuff of science fiction, but there’s still a large amount of work, regulation-wise, that needs to be done before they can replace conventional vehicles on the road.

“A start has been made towards laying the foundation of a regulatory framework in many countries around the world, but there are still considerable challenges that must be overcome by lawmakers and regulators alike in developing a comprehensive and unified approach to govern what we anticipate will be a strong sector in the near future,” said Claude-Étienne Armingaud, a Paris-based partner at K&L Gates, who spoke via video link during a press conference held on 7 March, in Dubai.

Read the full article here.