The decision of the Council of State, rendered on May 27, 2021, has three main interests.
First of all, contrary to what article 31 of law n ° 78-17 of January 6, 1978 indicates, the Council of State considers the decree regular although a period has elapsed between the publication of the decree and that of the opinion of the CNIL.
Then, to determine which rules are applicable in the event of the processing of sensitive data, the Council of State must first examine the question of the relationship between the GDPR and Directive (EU) 2016/680 of the European Parliament and of the Council of April 27, 2016, known as “Police-Justice”. The first of these texts is widely applicable when the second is only interested in treatments …
–
