Internet Sweep Day 2016: A Focus on the Internet of Things After a focus on websites (in particular those intended for children) and mobile applications, the French Data Protection Authority (“CNIL”) has decided, together with 29 other data protection authorities gathering in the Global Privacy Enforcement Network (“GPEN”), to audit and analyze the processing of personal data in relation to connected devices. Tests will be performed in May 2016 and will concentrate mainly on three categories of connected devices: • home devices, such as connected camera systems that can detect movements or measure air quality; • health connected devices, such as connected scales, tensiometers and glucometers that collect health-related data; • connected devices for well-being, such as connected watches and bracelets that can collect geolocation data, count the number of steps made per day and the calories burned, and analyze the quality of sleep. The CNIL announced that the audit will assess the quality of the information provided to users, the level of security of the data flows, and the degree of user's control over the use of his/her data (such as user’s consent, exercise of data protection rights, etc.). The results will be issued in Fall 2016. If the results reveal serious breaches of the Data Protection law, the CNIL may conduct more formal inspections and, as the case may be, launch enforcement proceedings. The audit is intended to raise users' awareness and promote some best practices for stakeholders of the internet of things. For more information, please contact Denise Lebeau-Marianna or Magalie Dansac.