The General Data Protection Regulation (GDPR) gives data subjects rights over their own personal data, including the right of access to personal data processed by a controller (Article 15). In practice, the data subject can ask an organisation to access
CNIL – FR: Direct Marketing, Employee Monitoring and Cloud are the 2022 Audit Priorities
On 15 February 2022, the CNIL released its control programme for the year 2022. This year the priority themes are as follows:
Direct marketing ;
Employee’s monitoring in the context of remote working;
Google Analytics: The CNIL Asked a Website Operator to Stop Using Google Analytics
On 10 February 2022, the CNIL issued a formal notice to a website operator using Google Analytics cookies to comply with the GDPR and more specifically with the CJEU Schrems 2 ruling on the transfer of data to the US.
The CNIL considers that as long as the US authorities can access users’ data, the use of Google Analytics is not legal. The Authority has therefore asked the website operator to comply with the GDPR and if necessary, to stop using Google Analytics cookies.
Cookies and other Trackers : How to Comply
The CNIL reminds in its recommandations that it constitutes only examples which are neither prescriptive nor exhaustive and that although they are focused on the web and mobile environment, they can also be applied to other environments (connected TV etc.).
Google Analytics – GDPR : The EDPS & Austrian DPA Consider Data Transfers to Google LLC (US) Illegal
The European Data Protection Supervisor (“EDPS”) and the Austrian Data Protection Authority have both recently issued a decision ruling that the transfers of personal data to Google LLC (US) entailed by the use of Google Analytics tool on the European Parliament and by a company located in Austria (the “website operator”) websites, were not GDPR compliant.