CNIL – Privacy Design® / [protecting people by good design, solid security, efficient processes and trusted services] Tue, 07 Jul 2020 14:32:40 +0000 en-US hourly 1 https://wordpress.org/?v=6.9.4 /wp-content/uploads/2018/02/cropped-favicon-32x32.jpg CNIL – Privacy Design® / 32 32 CNIL Open Data initiative /2020/07/07/cnil-open-data-initiative/ Tue, 07 Jul 2020 02:15:49 +0000 /?p=2197 Continue reading "CNIL Open Data initiative"

]]> https://www.cnil.fr/fr/opendata

Quite a few interesting data sets published by CNIL as Opendata, incl. e.g.

  • Contact information for Data Protection Authorities around the world
  • Number of formal notices notified each year since 2014
  • Number and type of sanctions notified each year since 2014
  • Lists of declarative formalities completed with the CNIL (1979 – May 24, 2018)
  • List of notifications of personal data breaches received by the CNIL
  • List of formalities prior to the implementation of personal data processing sent to the CNIL since May 25, 2018
  • Number of complaints received annually by the CNIL since 1981
  • etc.
]]> France/CNIL: Health Data Processing: How to distinguish between a health datapool and research and what are the consequences? /2019/11/28/france-cnil-health-data-processing-how-to-distinguish-between-a-health-datapool-and-research-and-what-are-the-consequences/ Thu, 28 Nov 2019 16:45:54 +0000 /?p=1527 When the creation of a database containing health data is envisaged, the controller must determine whether it will allow the subsequent completion of several treatments (“warehouse”) or if it is a research, study or ad hoc evaluation. Depending on this choice, the legal regime and the formalities to be performed are different.

https://www.cnil.fr/fr/traitements-de-donnees-de-sante-comment-faire-la-distinction-entre-un-entrepot-et-une-recherche-et

]]> CNIL/France: Pior authorization for healthdata, pharmacovigilance and CNIL standards /2019/11/01/cnil-france-pior-authorization-for-healthdata-pharmacovigilance-and-cnil-standards/ Fri, 01 Nov 2019 09:34:49 +0000 /?p=1080 Continue reading "CNIL/France: Pior authorization for healthdata, pharmacovigilance and CNIL standards"

]]> Article by TwoBirds ” The CNIL published on 18 July 2019 a new standard concerning the processing of personal data for the purpose of vigilance in the health sector. ”
https://www.twobirds.com/en/news/articles/2019/global/new-cnil-standard-for-all-companies-doing-product-vigilance-activities

Quote: ” The standard is of great importance since according to the French Data Protection Act such processing activities are submitted to the CNIL’s prior authorization. The scope of the French prior authorization requirement is extraterritorial, and any organization worldwide doing product vigilance on individuals residing in France must obtain an authorization in order to be allowed to carry on their activities. But if their activities comply with the CNIL’s new standard, then they can now file a declaration of compliance with the CNIL, instead of filing a full request for authorization. “

Link to inofficial translation by TwoBirds at https://www.twobirds.com/~/media/pdfs/france/new-french-cnil-standard.pdf?la=en&hash=8AE9FA58104BDE6D234289328ACB6BBCE25DCBD2

TwoBird article on overall background at https://www.twobirds.com/en/news/articles/2019/france/processing-health-data-in-france-what-to-look-out-for-after-gdpr – incl. need for prior authorization and CNIL reference methods

]]> CNIL – Subject Access Request eMail generator /2018/02/25/cnil-subject-access-request-email-generator/ Sun, 25 Feb 2018 20:27:29 +0000 /?p=460 https://www.cnil.fr/fr/modeles/courrier

]]> CNIL – Data Protection Audit Procedure /2018/02/25/cnil-data-protection-audit-procedure/ Sun, 25 Feb 2018 20:15:13 +0000 /?p=453 Decision No. 2011-316 dated 6 October 2011 adopting a standard for delivering privacy seals in audit procedures covering the protection of persons with regard to the processing of personal data

(which could be read as a good way to deliver a privacy audit – or to expect one being done on you following this procedure)

https://www.cnil.fr/sites/default/files/atoms/files/referentiel_audit_en.pdf

]]> [Bird&Bird] Hosting health data: the French requirements /2018/02/25/birdbird-hosting-health-data-the-french-requirements/ Sun, 25 Feb 2018 18:29:48 +0000 /?p=431 Hosting health data: the French requirements
Going through the accreditation procedure

https://www.twobirds.com/~/media/pdfs/brochures/privacy-and-data-protection/hosting-health-data—the-french-requirements.pdf

]]> GDPR as a dataviz in French /2018/02/25/gdpr-as-a-dataviz-in-french/ Sun, 25 Feb 2018 07:05:06 +0000 /?p=315 This is *interesting*. I am not sure if it’s very usable – but certainly captures you.. I would be very interested to learn how many people actually use this tool.

https://www.cnil.fr/fr/reglement-europeen-protection-donnees/dataviz#

There is also some background on it in English at https://linc.cnil.fr/fr/eng-gdpr-dataviz-making

]]> CNIL’s approach during the transition period /2018/02/22/cnils-approach-during-the-transition-period/ Thu, 22 Feb 2018 07:00:12 +0000 /?p=283 I’m not sure how much “moderation”, you can read in this. – Also, have a look at how they addressed their “cookie notice” on the page.

https://www.cnil.fr/fr/rgpd-comment-la-cnil-vous-accompagne-dans-cette-periode-transitoire

]]>