CNIL Open Data initiative

https://www.cnil.fr/fr/opendata

Quite a few interesting data sets published by CNIL as Opendata, incl. e.g.

  • Contact information for Data Protection Authorities around the world
  • Number of formal notices notified each year since 2014
  • Number and type of sanctions notified each year since 2014
  • Lists of declarative formalities completed with the CNIL (1979 – May 24, 2018)
  • List of notifications of personal data breaches received by the CNIL
  • List of formalities prior to the implementation of personal data processing sent to the CNIL since May 25, 2018
  • Number of complaints received annually by the CNIL since 1981
  • etc.

France/CNIL: Health Data Processing: How to distinguish between a health datapool and research and what are the consequences?

When the creation of a database containing health data is envisaged, the controller must determine whether it will allow the subsequent completion of several treatments (“warehouse”) or if it is a research, study or ad hoc evaluation. Depending on this choice, the legal regime and the formalities to be performed are different.

https://www.cnil.fr/fr/traitements-de-donnees-de-sante-comment-faire-la-distinction-entre-un-entrepot-et-une-recherche-et

CNIL/France: Pior authorization for healthdata, pharmacovigilance and CNIL standards

Article by TwoBirds ” The CNIL published on 18 July 2019 a new standard concerning the processing of personal data for the purpose of vigilance in the health sector. ”
https://www.twobirds.com/en/news/articles/2019/global/new-cnil-standard-for-all-companies-doing-product-vigilance-activities

Quote: ” The standard is of great importance since according to the French Data Protection Act such processing activities are submitted to the CNIL’s prior authorization. The scope of the French prior authorization requirement is extraterritorial, and any organization worldwide doing product vigilance on individuals residing in France must obtain an authorization in order to be allowed to carry on their activities. But if their activities comply with the CNIL’s new standard, then they can now file a declaration of compliance with the CNIL, instead of filing a full request for authorization. “

Link to inofficial translation by TwoBirds at https://www.twobirds.com/~/media/pdfs/france/new-french-cnil-standard.pdf?la=en&hash=8AE9FA58104BDE6D234289328ACB6BBCE25DCBD2

TwoBird article on overall background at https://www.twobirds.com/en/news/articles/2019/france/processing-health-data-in-france-what-to-look-out-for-after-gdpr – incl. need for prior authorization and CNIL reference methods