Joint Controllership | Breakfast Seminar

“From the GDPR to the French Data Protection Act 3 (la Loi Informatique & Libertés 3): What is the best means for processing joint controllership?”

Since its introduction by the European Directive of 24 October 1995, the concept of joint controllership for the processing of personal data has never really taken off in France.

With the entry into force of the GDPR the situation has been even more disrupted by recent decisions of the Court of Justice of the European Union. These decisions have been fundamental in determining the actors upon whom weigh the obligations of the Regulation. Joint controllership still has not been introduced into French law, despite the adoption of Law No. 2018-493 of 20 June 2018 modifying the Data Protection Act, now known as LIL 3.

The goal of our seminar is to offer more than simple identification of anticipated risks, but the tools to better master them. We will consider:

• the traditional reluctance to consider joint controllership in France
• the current identification methodology proposed by the Article 29 Group
• the impact of Court of Justice case law on this methodology
• the consequences under French law
• keys to understanding that may emerge

By registering for our event, we process your personal data for the purposes of your registration. Unless you object, you also allow us to use this information in accordance with the law firm’s legitimate interest in circulating our news, articles and invitations to other events. McDermott Will & Emery is the sole recipient of your personal data. It is not transmitted or made accessible to third parties, subject to our authorized personnel and its service providers solely for technical reasons. In this context, your data may be shared among our other offices located outside of the European Union, in particular, in the United States and China. It is specified that, in the event that the recipient does not ensure a level of data protection equivalent to that of the European Union, McDermott undertakes to take all necessary guarantees, either based upon an adequacy decision, or in the absence of such a decision, based upon appropriate safeguards, such as the standard contractual clauses adopted by the European Commission. Your data are kept during the period necessary for your registration; failing that, during a period of three years from our last contact. Beyond this, your data are kept only for evidentiary purposes during a period not to exceed the applicable legal limitation period. You have a right of access, rectification, deletion and, if necessary, limitation or portability of your personal data as well as a right to oppose their processing, if necessary, after communication of a copy of your identification. You may also define the directives relating to the fate of your personal data in the event of death. These rights may be exercised directly with our law firm at the following address: privacy@mwe.com. If necessary, you also have the right to initiate a claim with the competent authority for the protection of personal data.