Recently, a new consumer law was passed in France that gave the French Data Protection Authority, the CNIL, expanded powers to perform online compliance inspections. Previously, the CNIL’s powers of investigation were limited to on-site inspections, document reviews and hearings.
The CNIL is now authorised to carry out remote investigations on the internet to identify breaches of the French Data Protection Act, including non-compliance around:
- online privacy notices and cookie policies;
- data collection forms;
- consent collection mechanisms, including whether users’ prior consent is obtained before electronic marketing communications are sent and cookies placed.
The CNIL has confirmed that it will only be able to access publicly available information and that its new powers will not allow it to circumvent security measures and gain access to all information systems.
More information is available here.