On April 16, 2015, the French Data Protection Authority (the “CNIL”) published its Annual Activity Report for 2014 (the “Report”) highlighting its main accomplishments in 2014 and outlining some of the topics it will consider further in 2015.
Topics the CNIL will examine further in 2015 include connected vehicles and the role of personal data in the cultural and entertainment content market.
Other key highlights from the Report include:
- In 2014, the CNIL received 5,825 complaints (a slight increase of 3% compared to 2013). 39% of these complaints (which is a plurality of the complaints) concerned the Internet sector and were related to e-reputation issues, such as deleting text, photographs, videos, contact information, comments, fake online profiles, and the reuse of publicly available data on the Internet. 16% of the complaints concerned marketing issues, such as de-listing from advertising registers, objections to receiving marketing emails, and the retention of banking data. 14% of the complaints were filed by employees or trade unions in relation to HR issues, such as video or cyber surveillance, geolocation, and access to an employee’s professional file. In all sectors, the main causes for complaints were the objection to appearing in a register and the difficulties individuals faced in obtaining a copy of their personal data. The number of complaints is likely to grow in 2015 because, since April 2015, the CNIL has extended the possibility for individuals to file their complaints online (such as those that deal with the difficulty of having their personal data deleted from websites, blogs, forums, social networks or search engines, or in the case of employee monitoring).
- In 2014, the CNIL conducted 421 inspections of organizations, including 58 online inspections. Only 18 proposed penalties were examined by the CNIL (compared to 14 proposed penalties in 2013) and eight fines were imposed since, in most cases, organizations decided to comply with French data protection law following a complaint or an inspection.
Finally, the Report also discusses further developments at the national and international levels, including the implementation of the right to be de-listed from search results and the slight progress made on the Proposed EU General Data Protection Regulation.