28-03-2018
Participation as a jury and intervention by Maître Carole COUSON-WARLOP
lawyer in intellectual property law, in the National Intellectual Property Pleading Competition. The Cabinet ARTLEX supports the competition ...
23-03-2018
The limitation of liability clause survives the cancellation of the contract
By a judgment of February 7, 2018 (Cass. Com., February 7, 2018, appeal no. 16-20352), the Court of Cassation operates a reversal of case law regarding the fate_cc781905-5cde-3194 -bb3b-136bad5cf58d_clauses...
NEWS
05-03-2018
GDPR - Adoption of the bill relating to the protection
personal data
On February 13, 2017, the National Assembly adopted the draft law on the protection of personal data of December 13, 2017.
The purpose of this bill is to bring national law into line with the " European data protection package " adopted by the European Parliament and the Council on 27 April 2016. This " european package " is composed of Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data. personal nature and the free movement of such data (hereinafter " RGPD "), applicable from May 25, 2018, as well as the Directive (EU ) 2016/680 relating to the processing carried out for the purposes of prevention, investigation and prosecution of criminal offenses or the execution of criminal penalties, which must be transposed into national law by 6 May 201 8.
This bill aims to modify the law n ° 78-17 of January 6, 1978 relating to data processing, files and freedoms, known as "Loi Informatique et Libertés_cc781905-5cde-3194-bb3b- 136bad5cf58d_”. However, it only includes the only changes that are essential to bring national law into line with European law, the rewriting of the entire law of January 6, 1978 being deferred to a later ordinance.
This bill includes :
-
a title I relating to the common provisions of the GDPR and the Directive ;
-
a title II which deals with the different room for maneuver left by the GDPR to the Member States ;
-
Title III which concerns the provisions transposing Directive ;
-
Title IV, the purpose of which is to provide authorization to improve the intelligibility of the legislation applicable to data protection ;
-
a Title V containing miscellaneous provisions.
More specifically, Title I provides for the framework for the intervention of agents and members of the National Commission for Computing and Liberties (hereinafter " CNIL ”) in the event of control of the implementation of processing. In particular, it is plannedthe possibility for the CNIL to use an assumed identity during the control.In addition, the cooperation procedure between the CNIL and the other supervisory authorities of the other States of the European Union is specified. The bill also recognizesexpanding the scope of sensitive dataoperated by the GDPR by adding genetic, biometric and sexual orientation data.
Title II governs many points for which the GDPR has left States some leeway. The CNIL welcomed this judicious use of the room for maneuver left to the States.
-
Thus, details are provided onthe age from which a minor can consent to the processing of personal data, which is set at 15 years.
-
In addition, the scope of the category of data controllers who can process data relating to offenses and criminal convictions is widened.
-
With regard to the abolition of formalities prior to processing, the bill specifies that these will be maintained for processing requiring the use of a person's registration number in the national identification directory of natural persons (NIR), plus commonly calledsocial Security number.
-
In addition, special provisions for processing for the purposes of research, study or evaluation in the field of health are provided for.
-
The bill provides that the group action provided for by the GDPR may be exercised either with a view to the cessation of the breach(es) (which is already possible since the law on the modernization of justice of November 18, 2016), or in seen fromthe liability of the person who caused the damage in order to obtain compensation for the material and moral damage suffered,which is a novelty.
-
A new means of appeal from the CNIL is also introduced regarding the validity of decisions of the European Commission authorizing the transfer of data to non-member States of the European Union. In the event of a question on this point, the CNIL may seize the Council of State which will have to seize the Court of Justice of the European Union (hereinafter " CJUE_cc781905-5cde-3194- bb3b-136bad5cf58d_”) for a preliminary ruling on this question. This provision follows the judgment of the CJEU of October 6, 2015 C362-14 by which the Court invalidated the decision " Safe Harbor " of the European Commission .
The next step is to review theMarch 20next by the Senate of this bill.
The CNIL approved the approach taken by the government in this bill which carried out the harmonization required by the new " Paquet européen " on personal data and maintained national derogations only when these were really justified.
However, it deplores the late adoption of this bill and underlines " the real risk of non-compliance with the deadlines for the implementation of the " paquet européen_cc781905-5cde -3194-bb3b-136bad5cf58d_»» [Deliberation no. 2017-299 of November 30, 2017 providing an opinion on a bill to adapt European Union law to law no. 78-17 of January 6, 1978]. It also denounces the choice made by the government to make only the essential modifications, postponing the overall rewriting of the Data Protection Act to a subsequent ordinance which, according to it, generates a lack of readability of the current state of the law. . Finally, she regrets that the bill did not take advantage of this opportunity to go into certain detail on the rights of individuals.
A few weeks before the entry into force of the GDPR, many questions relating to the conditions of application of the provisions of the GDPR still remain unanswered (interpretation of the notions of " grande scale_cc781905-5cde-3194- bb3b-136bad5cf58d_", of " risques Hautes ", list of cases of compulsory use of impact studies, etc.) and hinder the actors in their work of compliance.
Particularly in view of the delay in the adoption of national texts integrating the new European regulations into French law, theCNIL has announced that it will be flexible in the first weeks following the entry into force of the GDPR.This flexibility will certainly apply to the implementation of the new features introduced by the GDPR, such as the right to portability. However, it is important to emphasize that this flexibility will probably not be appropriate with regard to the rules and principles which should already be respected under the aegis of the current regulations and to which the GDPR does not make any changes.
Carole Couson-Warlop, lawyer, ARTLEX, Nantes
Florence Fekom, lawyer, ARTLEX Nantes
Bill of 13 December 2017, Personal data law, digital law, RGPD, GDPR, Compliance, European regulations, Regulation (EU) 2016/679 on the protection of natural persons with regard to data processing data and the free movement of such data, Personal data, Personal data, legal news, legal monitoring