On October 11, 2023, the French data protection authority (“CNIL”) issued a set of “how-to” sheets on artificial intelligence (“AI”) training databases. The sheets are open to consultation until December 15, 2023, and all AI stakeholders (including companies, researchers, NGOs) are encouraged to provide comments.
On June 9, 2021, the French Supervisory Authority (“CNIL”) published recommendations to help strengthen the protection of minors online (see here, in French). These recommendations are the result of a survey and public consultation conducted by the CNIL in 2020, which focused on the digital practices of minors (see our blog post here). The results of the CNIL’s survey and public consultation indicate that children are accessing the Internet at an early age on a “massive” scale. In light of this reality, the CNIL underscores the importance of ensuring that minors benefit from the effective protection of their personal data when engaging online.
Continue Reading French CNIL Publishes Recommendations for Protecting Minors Online
In January 2021, the French Supervisory Authority (“CNIL”) published a summary report of contributions it received in response to a public consultation and survey on the digital rights of minors launched in April 2020 (see the press release here and a summary report here, both in French). Stakeholders who responded to the consultation included companies, professionals dedicated to the legal and educational issues related to children, parents and minors.
Continue Reading French Supervisory Authority Publishes Results of Public Consultation on the Digital Rights of Minors
On October 1, 2020, the French Supervisory Authority (“CNIL”) published the final version of its Guidelines on cookies and other tracking technologies (hereafter, “guidelines” – see announcement here, and guidelines here, in French), as well as an adjoining set of best practice recommendations (in French) with examples on how to implement the guidelines. In this blog post, we summarize the key points mentioned in the CNIL’s guidelines.
Continue Reading French Supervisory Authority Publishes Final Version of Cookie Guidelines, Says It Will Start Enforcing Them in April 2021
On June 19, 2020, the French Council of State (Conseil d’État) decided that the French Supervisory Authority (“CNIL”) had gone too far in its guidance on cookies and similar technologies when it stated that conditioning a user’s access to a website upon his or her acceptance of certain cookies (commonly known as “cookie walls”) is never compliant with the consent requirements in the EU General Data Protection Regulation (“GDPR”).
According to the Council of State, such a blanket prohibition cannot be deduced from the text of the GDPR. The Council of State reminded the CNIL that its guidance is only soft law and therefore must follow the text of the GDPR. The CNIL has announced that it will adapt its guidance in light of the Council of State’s decision. The decision serves as a stark reminder that even EDPB or CNIL guidance is can only interpret the text of the GDPR, and cannot break fresh legal ground.
Continue Reading French Council of State Decides that the French Supervisory Authority Cannot Prohibit Cookie Walls
On June 2, 2020, the French Supervisory Authority (“CNIL”) published a paper on algorithmic discrimination prepared by the French independent administrative authority known as “Défenseur des droits”. The paper is divided into two parts: the first part discusses how algorithms can lead to discriminatory outcomes, and the second part includes recommendations on how to identify and minimize algorithmic biases. This paper follows from a 2017 paper published by the CNIL on “Ethical Issues of Algorithms and Artificial Intelligence”.
Continue Reading French CNIL Publishes Paper on Algorithmic Discrimination
On April 21, 2020, the French Supervisory Authority (“CNIL”) launched a public consultation on the rights of minors in the digital services. The consultation is open until June 1, 2020. The CNIL will use the contributions it receives to prepare recommendations in this area.
Under the French Data Protection Law, minors over 15 years old…
On March 6, 2020, the French Supervisory Authority (“CNIL”) released a statement on processing personal data in light of COVID-19.
The CNIL notes that while everyone should take measures to prevent the spread of the virus, such efforts must comply with applicable data protection rules, in particular when collecting and processing sensitive health data. As…
In its nine articles, the guidance sets out how to properly inform users and collect their consent in this context. For each requirement, the guidance provides examples and best practices.…
On November 15, 2019, the French Supervisory Authority (“CNIL”) published guidance on the use of facial recognition. The guidance is primarily directed at public authorities in France that want to experiment with facial recognition.
The guidance warns that this technology risks leading to biased results because the algorithms used are not 100% reliable and the…