France – Clarification on the "must carry" obligation and framing in the case of the neighbouring rights of an audiovisual communication company by the Cour de Cassation
On 4 July 2019, in the case opposing the company Playmédia to the company France Télévisions, the Cour de Cassation specified the conditions for the application of Article 34-2 of Law No. 86-1067 of 30 September 1986 relating to the "must carry" obligation i.e. the obligation that audiovisual communication services distributors have to broadcast public channels transmitted by terrestrial frequencies.
On the one hand, the Cour de Cassation approves the Appeal Court for having ruled that Playmédia could not benefit from the abovementioned obligation as there was neither a contractual relationship between the distributor and the editor of audiovisual communication services nor a subscription system to access Playmédia's services, a diffusion, first unrestricted then conditioned to an anonymous registration not being sufficient.
In parallel, on 24 July 2019, the Conseil d'Etat cancelled a decision of the Audiovisual Council ordering France Télévisions not to oppose the diffusion of its content by Playmédia, on the ground that the latter's services are offered without subscription.
On the other hand, the Cour de Cassation states that framing (i.e. dividing a page from a website into multiple windows and display in one of them an element from another website while hiding the environment to which it belongs) used by Playmédia to present its content constitutes a communication to the public which France Télévisions has the exclusive right to prohibit on the basis of its neighbouring rights as an audiovisual communication company.
- Data Protection
France – CNIL Publishes a Reference Framework for "Health Risk Monitoring"
The French Data Protection Authority ("CNIL") adopted a Reference Framework for Health Risk Monitoring (vigilances sanitaires) on 9 May 2019. It was subsequently published in the Official Journal on 18 July 2019. Aimed at manufacturers, companies, operators and other entities involved in the placing on the market of pharmaceutical products and medical devices, the text establishes a standard framework for processing personal data when conducting health risk monitoring activities.
If the processing of personal data complies with all the requirements laid down in the Reference Framework, the entities in question only need to make a declaration of conformity online before carrying out the data processing. On the other hand, if these entities wish to deviate from the requirements laid out in the Reference Framework, they will have to submit an application for authorisation before the CNIL.
France – CNIL's New Guidelines on Cookies and Other Tracking Devices
On 19 July 2019, the French Data Protection Authority ("CNIL") published new Guidelines on Cookies and Other Tracking Devices. These guidelines replace the recommendations relating to cookies and other tracking devices adopted by the CNIL in 2013.
The main novelties are twofold. Firstly, scrolling down or swiping through a website can no longer be viewed as a valid expression of consent for the storage of cookies. Secondly, operators using cookies and other tracking devices must be able to prove that they have obtained consent.
Without waiting for the future ePrivacy Regulation, which is currently under discussion at the European level, the CNIL has decided to update is framework for cookies in the interest of internet users. These guidelines will be supplemented in the beginning of 2020 by a new recommendation that will inform operators about practical techniques for obtaining valid consent. The CNIL has indicated a grace period, which will end six months after the publication of the upcoming recommendation.
European Union – European Parliament Publishes a Study on Blockchain and GDPR
On 24 July 2019, the European Parliament published a study on blockchain and the GDPR. The study underlines a number of points of tension that have emerged between blockchain technology and the GDPR in the past few years.
In particular, the study takes note of the difficulty involved in applying GDPR principles (e.g. data minimisation principle) to blockchain technology. A further complicating factor, according to the study, is the difficulty involved in defining which entities qualify as (joint-) controllers, especially in the light of recent developments in case law.
However, the study finds that despite these obstacles, blockchain technology can still be used as a tool to achieve GDPR's underlying objectives, such as by providing data subjects with more control over their personal data.
To read the full article, please click here.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.