Quite a few interesting data sets published by CNIL as Opendata, incl. e.g.
- Contact information for Data Protection Authorities around the world
- Number of formal notices notified each year since 2014
- Number and type of sanctions notified each year since 2014
- Lists of declarative formalities completed with the CNIL (1979 – May 24, 2018)
- List of notifications of personal data breaches received by the CNIL
- List of formalities prior to the implementation of personal data processing sent to the CNIL since May 25, 2018
- Number of complaints received annually by the CNIL since 1981
When the creation of a database containing health data is envisaged, the controller must determine whether it will allow the subsequent completion of several treatments (“warehouse”) or if it is a research, study or ad hoc evaluation. Depending on this choice, the legal regime and the formalities to be performed are different.
Article by TwoBirds ” The CNIL published on 18 July 2019 a new standard concerning the processing of personal data for the purpose of vigilance in the health sector. ”
Quote: ” The standard is of great importance since according to the French Data Protection Act such processing activities are submitted to the CNIL’s prior authorization. The scope of the French prior authorization requirement is extraterritorial, and any organization worldwide doing product vigilance on individuals residing in France must obtain an authorization in order to be allowed to carry on their activities. But if their activities comply with the CNIL’s new standard, then they can now file a declaration of compliance with the CNIL, instead of filing a full request for authorization. “
Link to inofficial translation by TwoBirds at https://www.twobirds.com/~/media/pdfs/france/new-french-cnil-standard.pdf?la=en&hash=8AE9FA58104BDE6D234289328ACB6BBCE25DCBD2
TwoBird article on overall background at https://www.twobirds.com/en/news/articles/2019/france/processing-health-data-in-france-what-to-look-out-for-after-gdpr – incl. need for prior authorization and CNIL reference methods
Decision No. 2011-316 dated 6 October 2011 adopting a standard for delivering privacy seals in audit procedures covering the protection of persons with regard to the processing of personal data
(which could be read as a good way to deliver a privacy audit – or to expect one being done on you following this procedure)
This is *interesting*. I am not sure if it’s very usable – but certainly captures you.. I would be very interested to learn how many people actually use this tool.
There is also some background on it in English at https://linc.cnil.fr/fr/eng-gdpr-dataviz-making
I’m not sure how much “moderation”, you can read in this. – Also, have a look at how they addressed their “cookie notice” on the page.