French Data Protection Authority CNIL has weighed in on CCTV surveillance in schools.

CNIL received 25 complaints regarding systematic surveillance of students throughout their day, whether during their recess, during their lunch in the canteen or even during their class time. These cameras also made it possible to film almost constantly a part of the

In a statement of its priorities over the next year, French data privacy regulator CNIL emphasizes the importance of a balanced approach to data protection regulation.

Key Takeaways:

The CNIL’s enforcement actions have gained added momentum with enactment of the GDPR, and the CNIL must commit itself fully in this respect.

“At the same time,

The French Competition Authority has announced it imposed a sanction of €150 million on Google for abusing its dominant position in search advertising.

The authority also ordered Google to:

  • clarify the drafting of the rules for its Google Ads advertising platform and review the information procedures concerning changes to the rules (individual notification two months

The French Data Protection Authority,  CNIL, has prohibited the use of facial recognition to control entry into a school as disproportionate saying that alternative less intrusive means are available, such as badge control.

Key takeaways:

  • Processing of biometric data is of particular sensitivity, justifying enhanced protection of individuals.
  • Facial recognition devices are particularly intrusive and

Cookies in the spotlight in France:

Actual consent – in.

Continued browsing – out.

The French Data Protection Authority, CNIL, repealed its 2013 guidelines on cookies consent and announced upcoming cookies guidance will be published later this month (July).  Per the new guidance, continued browsing of a website will not suffice to indicate consent to

Spotlight on adequate/reasonable protections to personal information – Part 1 – France.

CNIL fined a real estate company 400,000 EUR for failure to implement adequate protections to personal data in violation of GDPR.

In this case, the URLs on the company’s website were the problem. By changing a character, you could gain access to documents