Commission Nationale de L'Informatique et des Libertés (CNIL)

The Commission Nationale de l’Informatique et des Libertés, the French Data Protection Agency, has issued a 150M Euro fine against Google and a 60M Euro fine against Facebook/Meta for cookie consent violations.

Here are some key takeaways, and their US relevance:

  • It must be as easy to refuse cookies as it is to accept them.

The development of alternative techniques to “third-party” cookies cannot be done at the expense of the right of individuals to protect their personal data and privacy, according to France’s Commission Nationale de l’Informatique et des Libertés (CNIL).

The commission has issued new guidance on what happens after third party cookies.

Data Protection Considerations:
  • The end

French Data Protection Authority CNIL has weighed in on CCTV surveillance in schools.

CNIL received 25 complaints regarding systematic surveillance of students throughout their day, whether during their recess, during their lunch in the canteen or even during their class time. These cameras also made it possible to film almost constantly a part of the

Web crawling and data protection: CNIL has issued a 180,000 EUR fine against a provider of automobile insurance policies for failure to adequately protect data in violation of GDPR, specifically citing disallowing web crawling as a way to protect personal data from wrongful access.

In particular the company :
  1. sent usernames and passwords in cleartext

Spotlight on adequate/reasonable protections to personal information – Part 1 – France.

CNIL fined a real estate company 400,000 EUR for failure to implement adequate protections to personal data in violation of GDPR.

In this case, the URLs on the company’s website were the problem. By changing a character, you could gain access to documents