French Data Protection Authority Rules on Keylogger Software
Time 1 Minute Read
Categories: European Union, International, Online Privacy, Workplace Privacy

On March 20, 2013, the French Data Protection Authority (“CNIL”) issued (in French) guidance on keylogger software (the “Guidance”). Keylogger software enables an employer to monitor all the activities that take place on an employee’s computer (such as every key typed on the computer’s keyboard and every screen viewed by the employee), without the employee’s knowledge.

In France, employees are permitted to use their employer’s computers or other IT resources for limited private purposes. The data recorded via keylogger software could possibly include private emails sent or received by an employee, private bank card numbers or passwords.

According to the Guidance, the use of keylogger software leads to a constant and permanent monitoring of employees’ professional and private activities. Because of this, the CNIL stated that the use of keylogger software on an employees’ office computer is prohibited in the absence of a strong business justification (such as preventing the disclosure of trade secrets). The CNIL also discussed in the Guidance that it has served formal notice on a company to cease the processing of data via keylogger software.

Tags: CNIL, Employee Monitoring, France
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 2 Minute Read
CPPA and UK ICO Sign Declaration of Cooperation

On April 29, 2025, the UK Information Commissioner’s Office and the California Privacy Protection Agency signed a declaration of cooperation regarding international privacy and data protection coordination, formalizing their existing collaboration.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 3 Minute Read
CNIL Publishes 2024 Annual Activity Report

On April 29, 2025, the CNIL published its Annual Activity Report for 2024. The Report provides an overview of the CNIL’s activities in 2024, including enforcement activities and other new developments.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
Global Data Protection Authorities Issue Joint Statement on Artificial Intelligence

On February 11, 2025, the data protection authorities of the UK, Ireland, France, South Korea and Australia issued a joint statement on building trustworthy data governance frameworks to encourage development of innovative and privacy-protective artificial intelligence.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 10 Minute Read
CNIL Publishes Recommendations on AI and GDPR

On February 7, 2025, the French Data Protection Authority (“CNIL”) released two recommendations aimed at guiding organizations in the responsible development and deployment of artificial intelligence (“AI”) systems in compliance with the EU General Data Protection Regulation (“GDPR”). The first recommendation is titled “AI: Informing Data Subjects” (the “Recommendation on Informing Individuals”) and the second recommendation is titled “AI: Complying and Facilitating Individuals’ Rights” (the “Recommendation on Individual Rights”). The recommendations build on the CNIL’s four-pillar AI action plan announced in 2023.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page