recent work

French Data Protection Regulator granted new powers of inspection

Privacy Law and Business reported yesterday on the new powers of inspection granted to the French data protection regulator, CNIL. The French Data Protection Act was amended on 17th March to give CNIL the right to perform checks on on-line data bases. The sort of checks anticipated include how individuals are informed of the use of their data and how their consent is collected, how cookies and tracking tools are used, and also by implication, an assessment regarding the risk of security breaches.

A CNIL spokesperson said, “The CNIL will not infringe companies’ security to gain access to their systems. But I want to stress that ‘security breaches’ only represent a part of our online inspections. If an infringement has occurred, the CNIL’s President can decide whether to issue an injunction or not. This injunction will compel the organization to take the necessary measures within a determined period of time.”

Privacy Law and Business stated that, “the new power allows the CNIL to remotely detect and react to data breaches on the Internet”.

Absolute Data Comment
This is an interesting development in light of the impending Data Protection Directive which will bring the UK’s data protection law in line with the rest of Europe in the next few years. It would seem that the French Regulator now has the power to be proactive in testing for compliance – a new power which may be granted to the Information Commissioner in the UK in the not-so-distant future. Of course UK companies with French operations may well find that they already fall under the scope of these new powers.

Tags: , , ,