The French Data Protection Authority, La Commission Nationale de l'Informatique et des Libertés will do more inspections of companies and organizations in order to ensure that the transfer of data internationally complies with French and European Union data privacy regulations—and specifically of U.S. companies enrolled in the U.S.-E.U. Safe Harbor Program.
“CNIL wants to ensure that U.S. companies that have joined Safe Harbor respect the principles of data protection for data transfers from the European Union,” said the independent administrative authority in a statement (in French) from April 26.
CNIL hopes to complete at least 400 inspections this year, a third more than it attempted in 2010, according to the document. Aimed at protecting the privacy rights of French nationals, these checks will focus on telemedicine, storage of health data, consulting firms' use of data from the Program of Medicalization
of Information Systems, records that include personal data and that are used for monitoring the health of the population, as well as treatments given in the context of medical research. CNIL is also expanding its level of oversight over corporate video surveillance this year.
“This announcement is the most recent reflection of a European commitment to promote data privacy,” according to a notice published by the law firm Gibson Dunn on May 11. “France in particular has sought to limit the transfer of private information.”
CNIL has “the legal authority to impose a wide range of sanctions for violations of French data privacy laws, including warnings, legal injunctions, or financial sanctions,” according to the firm's document. Companies and individuals should therefore “exercise caution” when transferring data in and out of France and other European countries.