French senators pursue their goal for an “enhanced” Data Protection Act

Following their report, Privacy in the Era of Digital Memory: For an Increased Trust Between Citizens and The Information Society, two senators filed a bill on November 10 to modify the French Data Protection Act.
The bill intends to introduce several changes to the law, including requirements such as:

• mandatory installation of a data protection officer for organizations with more than 50 employees;
• an obligation to notify the CNIL of data security breaches;
• an obligation for organizations‘ Web sites to enable individuals to exercise their data protection rights online;
• changing the existing right of objection to a right of deletion;
• changing the content of privacy notices to specify the data retention limit;
• publicizing the hearings of the CNIL litigation committee;
• increasing CNIL sanction powers to include fines of up to 300,000 euros and the option to publicize the sanctions, even against a “good faith” infringer, so that the CNIL enforcement powers will be more efficient.

The senators are also joining the efforts of the French Secretary of State for the digital economy to work on a “droit à l’oubli”—a sort of right “to oblivion” or, some would say right “to deletion,” a French cousin to the right “to be left alone.” At a November conference at SciencesPo, CNIL President Alex Türk disclosed very personal information about his youth and recruiters presented a code of conduct.