With 18 penalties and 135 formal notices in 2021, the Cnil, the French policeman of personal data has drawn up more than 214 million euros in fines, she announced this Friday, referring to
an “unprecedented” year.
In 2020, the cumulative amount of fines had reached more than 138 million euros, an increase of 55% over one year.
A breach in connection with the security of personal data
Among the most frequent shortcomings are “the lack of information of persons and excessive retention periods”, indicated the Cnil. Of these 18 sanctions, half involve a violation related to the safety of personal data.
For the French policeman of personal data, this report shows that “the security measures taken by the organizations often remain insufficient” and that the commission “systematically checks the security of the information systems when it carries out an inspection”.
Notices on cookies
A record number of formal notices – decision of the president of the CNIL ordering an organization to comply within a maximum period of 6 months – was also reached in 2021, with 135 decisions pronounced. Two of them have been made public, against the American facial recognition technology start-up Clearview and the company Francetest.
A significant proportion of these formal notices related to the priority theme of “cookies” with 89 decisions involving a breach in connection with the use of these digital tracers. The CNIL also announced that it had closed 123 files, following in particular “the examination of the actions taken by the organizations” to bring themselves into compliance.