CNIL Demands More Transparency: What You Need to Know!

The National Commission on Informatics and Liberty has recently issued a guideline on the use of mobile applications to enhance the protection of personal data of users, specifically targeting sensitive health information.

Toward a New Era of Oversight

This represents an initial step before a more stringent plan, a monitoring campaign slated for spring 2025, which might include financial penalties. The approach mirrors the acceptance (or rejection) of third-party cookies.

According to Marie-Laure Denis, president of the Commission, it seemed crucial to focus on the user journey in their interactions with mobile apps to foster awareness about data protection issues.

“The mobile environment poses greater risks than the web in terms of data privacy and security”

The Commission particularly scrutinizes permissions for access to the microphone (the little orange dot on iPhones) and contacts, which are often not clear enough, the processing of sensitive data, especially health-related, and the number of stakeholders involved in providing applications.

Read  iPhone 16 Plus: Unveiled! Pricing, Advanced Camera & Smart Features Revealed

The guideline aims to achieve two main objectives: remind everyone of the regulatory framework governing apps, particularly under the General Data Protection Regulation (GDPR) since 2018, and offer compliance advice.

Goals of the guideline:

1. Define and regulate the role of each stakeholder
2. Improve user information regarding their data usage
3. Ensure that consent is informed and voluntary

A Surge in Complaints!

To recap, the Commission recently released its 2023 report, marking five years since the implementation of the GDPR, characterized by a record number of complaints received and a completely revamped support policy.

We learn that the authority received 16,433 complaints in 2023 (up 35% from 2022) and reported 4,600 data breaches (+14%), more than half of which involved hacking via ransomware or phishing. Despite increased awareness and protection among companies, government agencies, and other organizations, cyberattacks remain frequent.

In more detail, the Commission announced in February that it had conducted 340 inspections, issued 168 formal notices, and imposed 42 penalties, totaling more than 89 million euros in fines (100 million euros in 2022).

4.1/5 - (19 votes)

Leave a Comment

Partages