Author: Maëliss Vincent-Moreau
Connected toys – CNIL’s advice on security
As every year as Christmas approaches, the CNIL recalls a few tips on connected toys and in particular their security.
The CNIL recommends in particular to:
– check that the toy does not allow anyone to connect to it (check that its pairing with a smartphone or on the Internet requires a physical access button to the toy or the use of a password);
– change the default setting of the toy (password, PIN code, etc.);
– secure access to the online account attached to the toy with a strong password different from your other accounts;
– check that the object has a light when it is listening or transmitting information on the Internet;
– say as little as possible at the time of registration: for example, give a random date of birth if the system needs to determine an age;
– create a specific email address for the toys used by the child;
– use pseudonyms as much as possible instead of the child’s name / first name.
All of the CNIL’s advice can be found below:
https://www.cnil.fr/fr/jouets-connectes-quels-conseils-pour-les-securiser
Invalidity of a bailiff’s statement of purchase where such purchase is made by an intern with the law firm of the applicant
In a case opposing CHRISTIAN DIOR COUTURE to ZARA (copyright and design infringement), the Court of Appeal of Paris ruled that the statement of purchase of sunglasses (claimed to be counterfeiting) drawn up by a bailiff is invalid where such purchase was done by an intern with the law firm of the applicant and the statement does not mention it.
The Court ruled that it violates the principle of loyalty in relation to the rules of evidence.
Cour d’appel de Paris, Pôle 5 – chambre 2, 18 octobre 2019, n° 18/08962
Brexit and transfer of personal data to UK
European Data Protection Board (EDPB) has adopted on 12 February 2019 an information note on data transfers under the GDPR in the event of a no-deal Brexit.
EDPB confirms that as of 30 March 2019, unless an adequacy decision is adopted by the European Commission by then, data transfers must be based either on:
- standard data protection clauses,
- binding corporate rules
- codes of conduct
- derogations (strictly interpreted).
It is therefore recommended to:
- identify the data processing which imply a data transfer to the UK,
- amend the contract with appropriate clauses,
- update internal documentation (register of processing operations),
- update privacy notice.
Le contrat du coursier Anglais
Preuve de l’usage Anglais
Parasitisme Anglais
IONIS 361
MVM Avocats is a Partner of the incubator Ionis 361
Pépinière 27
MVM Avocats is a partner of the business incubator Pépinière 27