The personal data policeman was particularly vigilant in 2023. Thanks to the adoption a simplified sanction procedurethe CNIL has singled out no fewer than 42 organizations and issued a barrage of fines.
The total amount is lower, but the number of fines has exploded. This is how we could summarize the last 12 months of the CNIL’s activity in relation to its 2022 results. If the personal data policeman has printed less money, he has still been particularly active in defending the privacy and data security rules.
An increase in the number of fines
In total, 16,000 complaints were received, 340 checks were carried out, 168 formal notices issued and 42 sanctions imposed. In terms of pure number of sanctions, the CNIL has therefore doubled its activity since its last annual report. This full-blown activity was made possible thanks to “an increase in complaints and European cooperation» and especially with “the so-called “simplified sanctions” procedure“.
Coming into force in 2021, this procedure allows the president of the restricted panel to impose sanctions of up to €20,000 with fewer administrative formalities than the so-called “classic” process. This allowed the CNIL to impose 24 of the 42 sanctions for the year, or 6 times more than in 2022. This procedure alone made it possible to collect a total of 229,500 euros in fines.
ChatGPT will have to face two new complaints, this time emanating from our country.
Read more
It is mainly the “lack of cooperation with the CNIL» which led to sanctions via simplified procedure. 15 of the organizations targeted by the European personal data watchdog have in fact neglected to respond to requests from the CNIL. 7 structures were singled out for having neglected the implementation of “all necessary measures to ensure data security» and 8 for “not having granted requests for opposition and access rights.»
Public and private
In summary, 1 in 3 sanctions involve a breach of data security, indicates the CNIL. A “record number of formal notices” was also issued in order to “bring organizations into compliance”. 39 municipalities were also targeted as part of the installation of automated license plate readers.
These are not the only public services singled out by the CNIL since two ministries were also called to order “for using the contact details of public officials to send them a message communicating the pension reform project“. The independent authority therefore does not hesitate to take issue with fraudulent uses of personal data, whether private or public.
Source : Cnil
10