May

"The CNIL, France 's data protection authority, published a new recommendation relating to the collection of credit card information, replacing an older 2003 recommendation. The new recommendation, which represents a de facto standard for online merchants and payment services providers who collect data from French consumers, is more prescriptive than the old, particularly regarding how online merchants should seek consent for the retention of credit card information. Under the CNIL 's analysis, the principle purpose for which consumers provide payment information to a merchant is to complete a given online transaction. If a merchant or service provider wants to retain card information to provide additional services, such as the ability to make subsequent purchases without having to enter credit card information a second time, the CNIL considers this as a separate ""purpose"" for which the online merchant must seek separate consent. The CNIL said that a user 's consent to the terms and conditions is not sufficient. There must be a separate check-the-box consent pursuant to which the consumer explicitly agrees that the online merchant may keep payment details in order to facilitate future transactions. The online merchant must then give users a visible and easy-to-use opt-out to later revoke their content."

"United States employers operating in France often face a dilemma. While they may be bound by the whistleblowing requirements of the Sarbanes-Oxley Act (SOX) and its Dodd-Frank amendments,they also are bound by the data privacy requirements of French law, which can be at odds with U.S. whistleblowing laws. The French data protection authority (La Commission Nationale de l'Informatique et des Libertas or CNIL) periodically issues guidelines that provide some clarity on how employers can resolve this conundrum.

On January 30, 2014, the CNIL finalized amendments to these guidelinesexpanding the scope of the topics that could be disclosed through an anonymous whistleblowing hotline. The amendments also clarify the conditions under which SOX-type anonymous whistleblowing is permitted under French law. The new guidelines attempt to balance the CNIL's interest in ensuring that employers establish a transparent whistleblowing system with its divergent interest in protecting the confidentiality of the report and the identity of the whistleblower. In particular, the guidelines require that a whistleblower self-identify, and that the corporate administrator managing the ""alerts"" treat that identification as confidential. The CNIL's guidance provides useful clarity for employers that have implemented, or plan to implement, a whistleblower scheme that is consistent with French law. "

Justice Minister, Heiko Maas, announced a draft Bill will allow consumer organisations to take businesses to court for non-compliance with Germany's Data Protection Act. Consumer rights organizations in Germany often pursue individual rights in terms of breaches of consumer protection legislation and unfair competition laws. The proposed amendment to the law will also strengthen consumer organisations' pursuit of claims under data protection law.

The Federation of German Consumer Organisations - Verbraucherzentrale Bundesverband (VZBV), a non-governmental organisation acting as an umbrella for 41 German consumer associations, welcomed the announcement resulting from the coalition agreement. VZBV stated that the new amendment would create a legal basis for consumer organizations to take legal action against data protection violations and seek a cease and desist order. This would be achieved by an amendment to the Injunctions Act (UKlaG) so that both data protection laws and consumer protection laws would come within the meaning of section 2, paragraph 2 UKlaG.

This new Bill is part of the coalition agreement of the newly elected government so it is highly likely that it will enter into force.