Editing CE - N° 432656

From GDPRhub

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.

Latest revision Your text
Line 95: Line 95:
 
On the lawfulness of the consent, the court pointed out that [[Article 9 GDPR#2#a|article 9(2)(a)]] allowed the processing of sensitive data based on consent and that recital 42 GDPR states that to be freely given, a consent must be based on a real choice where data subject can opt to refuse the processing without negative consequences. According to the court the fact that Alicem is part of a greater authentication system (FranceConnect) allowing authentication by other means ensures that consent is freely given.
 
On the lawfulness of the consent, the court pointed out that [[Article 9 GDPR#2#a|article 9(2)(a)]] allowed the processing of sensitive data based on consent and that recital 42 GDPR states that to be freely given, a consent must be based on a real choice where data subject can opt to refuse the processing without negative consequences. According to the court the fact that Alicem is part of a greater authentication system (FranceConnect) allowing authentication by other means ensures that consent is freely given.
  
On the proportionality of the data collection, the Conseil d'Etat stated that to this date, there is no existing authentication system offering the same level of guarantee without the use of biometric data. Furthermore, [https://www.legifrance.gouv.fr/jorf/article_jo/JORFARTI000038475500 article 7] of the decree allowed the collection of a limited set of data, namely data relating to the user's identification, the biometric credential identification, the  terminal equipment of the user and the transaction history associated with the user's account. [https://www.legifrance.gouv.fr/jorf/article_jo/JORFARTI000038475502 Article 9] of the decree adds that the latter cannot be transferred to the service provider of which the user is attempting to login.
+
On the proportionality of the data collection, the Conseil d'Etat stated that to this date, there is no existing authentication system offering the same level of guarantee without the use of biometric data. Furthermore, [https://www.legifrance.gouv.fr/jorf/article_jo/JORFARTI000038475500 article 7] of the decree allowed the collection of a limited set of data, namely data relating to the user's identification, the biometric credential identification, the  terminal equipment of the user and the transaction history associated with the user's account,. [https://www.legifrance.gouv.fr/jorf/article_jo/JORFARTI000038475502 Article 9] of the decree adds that the latter cannot be transferred to the service provider of which the user is attempting to login.
  
 
Therefore, according to the Conseil d'Etat the collection and processing of sensitive data is necessary and proportionate to the purpose of this processing.
 
Therefore, according to the Conseil d'Etat the collection and processing of sensitive data is necessary and proportionate to the purpose of this processing.

Please note that all contributions to GDPRhub are considered to be released under the Creative Commons Attribution-NonCommercial-ShareAlike (see GDPRhub:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To edit this page, please answer the question that appears below (more info):

Cancel Editing help (opens in new window)

Template used on this page: