The National Commission for Information Technology and Civil Liberties, the CNIL, wishes to strengthen its policy during 2021. This body, created on 6 January 1978, is an independent administrative authority responsible for protecting citizens on the net. It ensures that their privacy, human identity and human rights are respected. It also carries out compliance checks on the General Data Protection Regulation (GDPR). These will be reinforced in 2021. But what are the expected evolutions?
The increase of the security of French websites
During the controls carried out over the last two years, the CNIL has noticed a large number of security deficiencies on the tested websites. These can lead to the violation of confidential data and to leaks. Therefore, to strengthen the security of the websites, the CNIL has indicated that it will use the HTTPS protocol and that more attention will be paid to the personal data forms .
In the same vein, it will check the compliance of actors, which it will test, with its recommendation on password security. All these measures should contribute to decrease the number of vulnerabilities related to the security of French websites .
Increased protection of health data
The health context that has been ongoing since March 2020 has led to questions about the use and processing of health data. Many voices have been raised to denounce the lack of respect for patients’ privacy. Whether it concerns information sold to private companies or the hacking of hospital information systems , the CNIL wishes to reinforce its controls in health care institutions. The idea is to raise the level of security in terms of protection of patients’ private lives.
The CNIL will also ensure, through a series of checks, that hospitals’ IT systems comply with its recommendations and procedures.
Application of the rules concerning cookies and tracers
Everyone is confronted with the omnipresence of cookies and tracers when surfing the web. Each time we connect to a new site, small boxes appear at the bottom of the screen and offer us a series of choices relating to the protection of personal data.
To avoid any form of abuse, the CNIL wants to make sure that these tracers comply with the rules on advertising targeting and determination of the Internet user’s profile. The independent authority will also ensure that the consent of users is respected. Indeed, some sites play on the confusion to divert the attention of the latter and collect data more easily. Similarly, the CNIL will pay particular attention to the sometimes abusive tracking practices of some of them.
A principle of “mutual assistance” should apply between the CNIL and its European partners on these thorny issues. This reinforced cooperation should allow a smoother treatment of certain files.