recommandation 6Mettre en œuvre sur l’ensemble du territoire le dispositif prévu par l’article 108 de la loi pour uneRépublique numérique, intégré à l’article L. 115-3 du code de l’action sociale et des familles, quiprévoit que toute personne ou famille éprouvant des difficultés particulières, au regard notammentde son patrimoine, de l’insuffisance de ses ressources ou de ses conditions d’existence, a droit à uneaide de la collectivité pour disposer de la fourniture d’un service de téléphonie fixe et d’un serviced’accès à internet.Suites données depuis trois ansCette aide était depuis 2016 en phase d’expérimentation dans trois départements : la Seine-Saint-Denis, la Haute-Saône et la Marne. Les modalités d’obtention de l’aide sont déterminées par lesconseils départementaux. Elles peuvent donc différer en fonction du lieu d’habitation. Les résultatsde cette expérimentation montrent que le dispositif a été très peu suivi car les travailleurs sociauxétaient peu informés et outillés pour le mobiliser. La généralisation n’est pas prévue à ce jour.

if the same controller or processor is processing data outside the EU without disclosing it to another controller or processor (e.g. where an employee of an EU controller travels abroad and has access to the data of that controller while being in a third country or in case of direct collection from individuals in the EU under Article 3(2) GDPR), the processing activity should not be regarded as a transfer under Chapter V of the GDPR

Example 9: A subsidiary (controller) in the EU shares data with its parent company (processor) in athird countryThe Irish Company X, which is a subsidiary of the parent Company Y in a third country, disclosespersonal data of its employees to Company Y to be stored in a centralised HR database by the parentcompany in the third country. In this case the Irish Company X processes (and discloses) the data in itscapacity of employer and hence as a controller, while the parent company is a processor. Company Xis subject to the GDPR pursuant to Article 3(1) for this processing and Company Y is situated in a thirdcountry. The disclosure therefore qualifies as a transfer to a third country within the meaning ofChapter V of the GDPR.

Example 8: Employee of a controller in the EU travels to a third country on a business tripGeorge, employee of A, a company based in Poland, travels to a third country for a meeting bringinghis laptop. During his stay abroad, George turns on his computer and accesses remotely personal dataon his company’s databases to finish a memo. This bringing of the laptop and remote access ofpersonal data from a third country, does not qualify as a transfer of personal data, since George is notanother controller, but an employee, and thus an integral part of the controller (A).19 Therefore, thetransmission is carried out within the same controller (A). The processing, including the remote accessand the processing activities carried out by George after the access, are performed by the Polishcompany, i.e. a controller established in the Union subject to Article 3(1) of the GDPR. It can, however,be noted that in case George, in his capacity as an employee of A, would send or make data availableto another controller or processor in the third country, the data flow in question would amount to atransfer under Chapter V; from the exporter (A) in the EU to such importer in the third country.

Example 6: Processor in the EU sends data back to its controller in a third countryXYZ Inc., a controller without an EU establishment, sends personal data of its employees/customers,all of them data subjects not located in the EU, to the processor ABC Ltd. for processing in the EU, onbehalf of XYZ. ABC re-transmits the data to XYZ. The processing performed by ABC, the processor, iscovered by the GDPR for processor specific obligations pursuant to Article 3(1), since ABC is establishedin the EU. Since XYZ is a controller in a third country, the disclosure of data from ABC to XYZ is regardedas a transfer of personal data and therefore Chapter V applies.

Example 3: Controller in a third country receives data directly from a data subject in the EU (but notunder Article 3(2) GDPR) and uses a processor outside the EU for some processing activitiesMaria, living in Italy, decides to book a room in a hotel in New York using a form on the hotel website.Personal data are collected directly by the hotel which does not target/monitor individuals in the EEA.In this case, no transfer takes place since data are passed directly by the data subject and directlycollected by the controller. Also, since no targeting or monitoring activities of individuals in the EEAare taking place by the hotel, the GDPR will not apply, including with regard to any processing activitiescarried out by non-EEA processors on behalf of the hote

le fonctionnement des institutions, services et établissements qui ont la charge des enfants et assurent leur protection soit conforme aux normes fixées par les autorités compétentes, particulièrement dans le domaine de la sécurité et de la santé et en ce qui concerne le nombre et la compétence de leur personnel ainsi que l’existence d’un contrôle approprié.

assurer à l’enfant la protection et les soins nécessaires à son bien-être,