The National Commission for Computing and Liberties (CNIL) unveiled its favorite themes for the year 2023 on March 15. A rich and topical program, including the question of the use of smart cameras by public actors, the tracking of mobile applications, the use by banks of Banque de France files and, a classic, the use of computerized patient files.
The Olympics puts the question of cameras on the top of the pile
If the CNIL ensures that it launches its controls, 345 in 2022, mainly on the basis of complaints, the institution recalls that it sets priority themes, ” in order to orient its control policy on subjects with high stakes for the public and to assess the compliance of the selected sectors “, explains the communicated.
“Augmented” cameras are a particularly topical issue at the start of 2023. The bill relating to the 2024 Olympic and Paralympic Games examined by Parliament, introduced via its article 7, the use of these devices to the major festive events to come, the Olympic Games and the 2023 Rugby World Cup.
Augmented cameras, not to be confused with facial recognition cameras, use image processing software to identify suspicious crowd movements in particular. Their use gives rise to important political debates. Its opponents, including La Quadrature du Net, fear that the law is a roundabout way of expanding their use.
The CNIL has made it a focus of its strategic plan 2022-2024 and launched a public consultation on the subject before taking a position. It judges the devices lawful if and only if they are authorized by the public authorities via a regulatory or legislative text. The priority theme status for its inspections in 2023 “ will make it possible to verify compliance with the legal framework by public actors “.
Tracing, banking and health data, the other concerns of the CNIL
Among its other top issues is tracking users through mobile apps. Phones have their own cookies, provided by manufacturers to application publishers. They allow users to be tracked for advertising, statistical or technical purposes.
Systematically used, the CNIL was able to observe in the context of previous checks that the use of these tools by publishers ” is often carried out without the information or the consent of the users. »
The Commission’s third annual theme concerns the Banque de France’s personal credit incident file. This file is used by banks, it identifies payment incidents related to different reasons, overdrafts, credits, over-indebtedness.
Highly sensitive information that represents “ a particularly strong issue “. The accuracy of the file, the updating after regularization is essential not to hinder access to the banking service of people who have had difficulties in the past. The CNIL will also look into the storage time and the management by the banks of the information in this file.
The last point comes up regularly in the priorities of the CNIL, access to health data. This information is particularly prized on the black market, which is even more expensive than credit cards. It’s a ” recurring question ” for the commission, to which is submitted ” a large number of files on their illegitimate consultation, not only after a hack, but in health establishments.
It concerns in particular access to the computerized patient file. The CNIL reports that its choice makes “ in particular following complaints received by the CNIL denouncing access by unauthorized third parties to PII within health establishments. This work is the extension of verifications undertaken in 2022. Another busy year for the French personal data protection authority.