A stricter regime for profiling07 June 2016
EU Regulation: Article 29 Chief Criticizes Risk-Based Approach
Falque-Pierrotin likewise said that accountability should apply to all forms of processing, not just to "risky" ones. Obviously the level of resources and safeguards applied will depend on the level of the risk, but the principle of accountability, i.e. having a data protection governance structure in place, should remain constant.
Falque-Pierrotin recommended to the French parliamentary commission that the French constitution be revised to include specific reference to data protection. In theory, constitutional protection already exists in France via the European Charter on Fundamental Rights and the European Convention on Human Rights. However, thirteen European countries have put data protection in their constitution, and France's doing so would send a strong signal internationally. Falque-Pierrotisn also recommended changes to French law to reinforce individuals' right to control their own personal data. Falque-Pierrotin stressed that the right to control personal data is now distinct from the right to protection of an individual's private life. When asked by Hogan Lovells partner Winston Maxwell whether this new right to control personal data should be included in France's Civil Code, Falque-Pierrotin responded that the principle would more appropriately be put in the preamble of a law revising France's existing data protection act.
Other legislative changes recommended by Falque-Pierrotin include an express right for individuals to request the delisting of certain content on search engines, as recently confirmed by the European Court of Justice, and the right to data portability. When asked whether French lawmakers should await the adoption of the EU Regulation or on the contrary insert these provisions in the upcoming French digital law, Falque-Pierrotin simply mentioned that the CNIL had made legislative recommendations to the government relating to the new digital law and that those recommendations include a provision increasing the CNIL's sanctioning powers.
When asked about the tension between data protection principles and big data, Falque-Pierrotin insisted that data protection principles do not impede big data. She pointed to the recent compliance pack that the CNIL has developed for the insurance sector, as well as the one in development for the banking sector. The compliance pack for the insurance industry contains a roadmap to help insurance companies manage big data projects within their sector. The compliance packs will evolve over time so as to accompany market and technological developments, said Falque-Pierrotin. They represent a co-regulatory framework negotiated between a given industry sector and the CNIL. Falque-Pierrotin said that she puts a great deal of hope in these compliance packs as a dynamic co-regulatory tool to manage complex issues such as those posed by big data.
Hogan Lovells partner Winston Maxwell is a member of the French Parliament's Commission on Digital Rights.
The Regulation aims to strengthen the rights of individuals. It does so by retaining rights that already exist under the Data Protection Directive and introducing the new rights of data...06 June 2016
Grounds for processing03 June 2016