CNIL: an “unprecedented” year 2021 for sanctions

The National Commission for Computing and Liberties (CNIL) presented its annual report on Wednesday. If the number of complaints seems to have reached a “high plateau” at more than 14,000, the year 2021 was “unprecedented” in terms of sanctions, “both in terms of the number of measures adopted (18 sanctions and 135 formal notices ) than by the cumulative amount of fines, which reaches more than 214 million euros” (+55%), she explains in her document. After giving companies time to adapt to the subject of “cookies”, these web tracers widely used by advertising giants, the CNIL was able this time to rely on European GDPR regulations, which provide for fines of up to to 4% of turnover. Thus, Google and Facebook were sanctioned in December to the tune of 150 and 60 million euros respectively, because “they did not allow millions of Internet users to refuse cookies as easily as to accept them”, recalled the president of the authority, Marie-Laure Denis. The two giants have since indicated that they have modified their interface, noted the CNIL. The regulator reiterated its warning on the traffic analysis tool Google Analytics, on which it announced 3 formal notices. “The recent announcement of an agreement in principle (on data transfers, editor’s note) between the EU and the United States is an important first step, but does not at this stage modify the legal framework for transfers. absence of a text which will not be ready for several months, the actors must take measures to ensure compliance with data protection”, declared Ms Denis. Without a response from the American company Clearview, put on notice to delete the images of people residing in France from its database used for facial recognition purposes, Ms. Denis said “seriously consider entering the CNIL’s restricted commission soon” to initiate a penalty procedure.

The CNIL has also observed a spectacular increase in reports of data breaches, more than 14 per day on average, linked to the awareness by companies of the obligation to report any leak of personal data, but also to the “very strong growth in computer attacks, in particular ransomware attacks” which primarily target companies, communities and public bodies, particularly in the health sector. Some 3,000 breaches, or 59% of reports, were the result of hacking, and more than 2,150 were related to ransomware, she found. Faced with this increasing activity and the prospect of obtaining new missions through the new European regulation on digital technology (DSA, DMA, Data Act, regulation on artificial intelligence, ePrivacy regulation), the CNIL wants to develop its practice. It intends to “take more small sanctions” based on a simplified procedure allowing the only president of its restricted formation to impose fines of a maximum amount of 20,000 euros, and penalties of 100 euros per day maximum. “When, for example, we sanction a dentist’s office, we have found that it makes it possible to bring an entire sector into compliance”, justified Marie-Laure Denis. “It is a real necessity to reinforce the means of the CNIL”, she continued. The institution will have 270 agents at the end of 2022 for a budget of some 22 million euros, still far from its British and German counterparts, which have nearly 1,000 agents.

cnil
cnil



We would love to thank the author of this write-up for this awesome content

CNIL: an “unprecedented” year 2021 for sanctions


You can find our social media profiles here and other pages related to them here.https://www.ai-magazine.com/related-pages/