CNIL - French Data Protection Supervisory Authority’s strategy for 2020
Posted - 20.04.2020
On 12 March 2020, the French Data Protection Authority1 ("DPA") announced its objective for the year 2020 to conduct formal procedures of control over processing activities based on a thematic approach. The French DPA therefore intends to operate controls with regard to the three following themes:
- Security of health data
As sensitive personal data is [are] subject to strict conditions of processing, in particular with regard to the requirements set out under Article 9 of the EU General Data Protection Regulation 2016/679 (“GDPR”), the French DPA wishes to ensure that appropriate measures of security are being implemented when players operate processing activities involving this type of data2 .
- Mobility and geo-tracking
The French DPA notes that many applications and devices enable users to benefit from certain functions that involve geo-tracking technologies. As these technologies may have an impact on the private life of individuals, the French DPA is willing to operate certain controls, in particular with regard to the proportionality of the data to be collected by providers proposing such applications.
- Cookies and other tracking tools
As far as the Grand Duchy of Luxembourg is concerned, the 2018 activities report of the Luxembourg DPA5 shows that the Luxembourg DPA is also willing to conduct certain audits and controls based on a thematic approach, and, in this respect, this authority has already carried out a global audit over certain companies with regard to the potential mandatory requirement to appoint a Data Protection Officer.
This may also interest you :
- EDPB contribution to the evaluation of the GDPR
- Data Protection - CNPD provides further Guidance: Processing operations requiring a DPIA
- 1CNIL – Commission Nationale de l’Informatique et des Libertés.
- 2It is clear that the recent COVID-19 crisis and subsequent management of health data will have an impact from a data protection regulatory standpoint.
- 4See CNIL deliberation here.
- 5See report here.