Context: ******* ****** ***********
** ******, ***** ************************** ******* **** *********, *** **** was *** **** ********** *** ****. *** *******, ******* ***************** ******* ******* **** **** ****** property, **** * ******** ** ***** of ***** *** *****. ** *** workplace, ******** ************ ** ********* ** prohibited - *** **** ******* ****** by ******* ** *******:
***********:***, *** *** ******* ******** ******* in *** [******] ******* *** ******** purposes.**, ** ** ********* ** ******* employees ** **** *******.
Enforcement ***
*******, ****** *********** ** ***** ************ regulations ** ***, *** **** *** not ******* ***** *** **** *** passed. ** ****, **** *** ******* in *** ***** ******* *** ***** for ***** ************ ********** ***** ** employee ********** ** * ****** ******* her ****; *** **** *** *,*** euros ($*,***). *** * ****** ******* was ***** ** ****, *** **** the **** *** ******. **************, *** ****** ** **** ***** surveillance ******* ************** **** ******** **** 47 ** **, *** ****** ******* show.
************, **** ***** ************ ************** *** typically ***** ** **********, * ****** of**** *******************, ***** ***** *** **** ** not *********** ********** *** *** *****, integrators, ** ****** *** ******** **********.
Company **********
*** ******* **** *** ***** ** called*********, * *********** **** ***** ** Paris **** **** * *********. *** revenue ** **** *** ***** $* million *** ** **** ****** ** over $***,***, *** ******** ***********.
CNIL ***********
*** **** ********* **** ** ***** its ************* ***** ** ******** ********** about *********’* ************ ******: * ***** of *, ******** *** *** *** back ** ****. ** **** ******* letters ** ********* *** ******** ** response.
****’* ***** ****** ********** **** ***** in ******** ****, *******:
* ****** ****** *** ***** *** a ******… ********* **** ***** ******** notified
******* *** ****** *** ****** **** company ******
******** ** ***** ** ****** ******* information *** [*****] ******* *** *** ensure **** ******** *** *************** (********'* computers *** *** ******* ********* *** employees ****** * ****** ***** *******)
** ****, *** **** **** ********* two ****** ** *** *** ***** issues. ** *********, ********* ******* ** a ****** **** ** *** ********* them, *** * ****** **** ********** a ***** ***** ***** ****:
*** ****** ******* ********* *** **** doing ** ********** *** ******* ************ since *** ******* ********** ** ********
** *********** *** **** ******* ** the ********* ***** *** ***** ************, which ****** ************ **** *** ******* of *** **********, ******** ** *******, and ****** ********** *** ****
*** * ****** ******** ****** *** been *** ** ***** *** *** employee's ********* *** ** ******** **** been ***** ** ****** ************ ** [who ** *****] *** ***** *****
***** *** ****** **********, ********* ******* it *** ******** **** *** *** by ******* ******* **** ** *** security ******, ******* ** * ****, and ************ ******** ********. *******, *** CNIL ********** **** *** ****** *** still ******* *** ******** ****.
**********, *** **** ****** **** ******* Uniontrad *** *** ****** ********* ****** the *** ***** ****** ** ****, and *** ******* ************** ***** ** that, * *********/****** ******* ***** *****.
What **** ******** **** ********
************, *** **** ****** **** **** GDPR ******** **** ******** ** *********:
******* *, **:******** **** ***** ** ********, ******** and ******* ** **** ** ********* in ******** ** *** ******** *** which **** *** ********* (‘**** ************’). **** ******* ******** ** *** constant ***** ************ ** *********'* *********. French ******* **** (**** ***-****) ** not ****** ****, ****** *** **** the **** ***** "*********** *************", **** as ****** ********* ************, *** * translation ******* **** *** *******, *** CNIL ******. *** **** ***** ****** laws ** ********** ********** *********, *******'* ************ *** **** *********** * $*.* million **** ** * ****** *** "excessive ***** ************."
******* **:*********** ***********, ************* *** ********** *** the ******** ** *** ****** ** the **** *******". *.*. ********* *** *** *********** to *** ********* ***** *** ***** surveillance ****** *****.
******* **:*********** ** ** ******** ***** ******** data *** ********* **** *** **** subject.******* ** ******* **. ********* *** not *** ** * ******* ******* sign ********* ********* ** *** **** processing ****** *****, *** ****** ** contacted *** **** *******, ******* ********, etc. *** ****'***** *** ***** ************ ******** **** ***** **** **** ** information ****** ** *** ** ** such *****.
******* **:******** ** **********: *** ********* ***** implement *********** ********* *** ************** ******** to ****** * ***** ** ******** appropriate ** *** ****. **** ****** ** *********'* **** of ********* ** ******* *********, ***** CNIL ****** "*** *** ****** *** security ** ******** ****".
How *** **** *** **********
***** *******'* ******* **,* ******* **** ** ** ******* euros ($**.* *******) ** *% ** global ****** ******* ** *********, ********* is ******. ***** **** ** "effective, *************, *** **********".
*** **** ********* ********** * **** of **,*** ***** ($**,***). ****** **********'* ***** ***** ************ **** ****,*** **** *** *** ***** * breakdown ** *** **** **** ********* cost. *** **** ****** *** ******* attributed ** *** ******** ********** ***** Uniontrad ***** **** *** *** ******* to **** **** **** ************* ** fix *** ******, **** *** **** stating:
*** ******* - ******** ** **** it ****** - ***** ******** ************ with *** **** ***** *** ****** process *** ******* ***** ***.
*******, ********* **** **** * **** was "****************" ***** ******* ** *** to *** *******'* **** ********* *********. The **** ****** *** ******* ** fine ********* **,*** ***** (***** $**,***). Part ** *** ********** *** *** the **** ** ** **** ****** - **** ** *** * *** practice, ** *** ** **** **** this **** ********** **** *****.
Broader **** ************
*** ********* **** ********* *** ********** of **** **********. **,*** ***** *** a *****, *****-****** ******* ** * big *** *** ** *** ******* video ************ **** *** **** *** issued ***** ** ***** ****, ********* to ********* ******** ** *********.
*** **** **** ** **** ********** that ********* *** ******* ** ***** how *** *** *** ***** **** protection *********** * *** *** **** sophisticated ******* ** ****** ******* *********; prior ** *** ****, ***** ************ violations **** ******* ****** *************'* ***** **** ** *** *** personal *******.
*******, *** ****'* ******* ****** *** be *****. *********** ** *** **** stringent. ** ********* *******, **** ***** surveillance ***** **** **** *** **** the **** ******, *** *** ****** of ***** ************ ************** ******** ************* (47 ** **) **** **** ** 2018.
**** ***** *** **** ******** ** it *** ******** ** *** *********** of ***** ************ *********** *** ** the ****. **** **** ** - the **** ****** ****** ** *** GDPR (** *********** *****) ** *** maximum ********* **** ***** ****** ** 20 ******* ***** ** *% ** global ****** ******* - ********** * big ******, *** ********** *** ******* players, ********** ***** *** **** ****** mandates **** ***** ** "*************".
Comments (15)
Undisclosed Integrator #1
Ouch. I have been asked many times lately how likely it is that the US or Canada adopts something similar to GDPR. In my opinion under the current administration, this is unlikely. However, should the bar shift slightly toward the left in the next few years it is a possibility.
Another question that has come up that I do not have an answer for - if EU residents visit a corporate headquarters in the US does GDPR apply to that EU resident?
Create New Topic
Undisclosed Integrator #2
So a manager can stand and look at the desks but can't see it via video, can't see the difference. With 9 employees I would suggest something else must have been going on here like a vendetta of some kind.
Still even more odd is why would you not just disconnect it. Leaving it there. The employees think it's working and the CNIL are happy.
Create New Topic
Christophe Helies
GDPR does not apply to dummy camera, but in enterprise installation the local law apply (therefore the employees has the right to know if he's being watched or no.
So in this particular setting the efficiency of a dummy camera to make the employees think they are under surveillance is close to 0.
Create New Topic
Undisclosed #4
would this likely be another French GDPR violation?
(Not the cheating, which is a FIDE violation, but just the image).
Create New Topic