The CNIL will step up its controls on data security in 2021

The Cnil (illustration).

-

Michel Spingler / AP / SIPA

While the announcements of data leaks multiply, the National Commission of Informatics and Freedoms (Cnil), guardian of the private life of the French, indicated that it would devote a good part of its controls in 2021 to the technical security of personal data entrusted to companies and institutions.

• Security of the most used French websites

The 2021 controls will target in particular "the level of security of the most used French websites in different sectors," said the CNIL.

"Attention will be paid more particularly to the forms for collecting personal data, the use of the HTTPS protocol (which secures browsing on Internet sites) and the compliance of stakeholders with the Cnil recommendation on passwords. She added.

• Securing health data

A second line of control will focus on the security of health data, while the sector is becoming more and more digital.

They will aim in particular "the management of access to the computerized patient file", "the platforms for making medical appointments online", "the management of personal data breaches in healthcare establishments", according to the Cnil.

The cybercrime section of the Paris prosecutor's office last week opened an investigation after the leak on the Internet of sensitive medical information from nearly 500,000 people in France.

Corporate ransomware attacks that have escalated since 2018 are increasingly accompanied by data theft and blackmail upon publication.

• Use of cookies by websites

The third and final axis of control announced by the CNIL concerns advertising targeting and profiling of Internet users.

In particular, the CNIL will verify compliance with the rules relating to the collection of Internet users' consent for the placement of cookies and other advertising tracers.

These rules derive from the European Data Protection Regulation (RGPD) in 2018, which the CNIL is responsible for enforcing in France.

On October 1, the CNIL set its interpretation doctrine for the GDPR with regard to cookies and targeted advertising.

It gave companies six months - so until April 1 - to comply.

High-Tech

What are the risks of leaking medical data from nearly 500,000 patients?

Media

Cookies: The Cnil imposes fines of 100 and 35 million euros on Google and Amazon

• By the Web

• Password

• Personal data

• security

• Internet

• Cybersecurity

• CNIL