The Cnil, the authority responsible for protecting the data of French people, has pinned fifteen websites from the public and private sectors for failures in securing the data of their users, she said on Friday. The Cnil does not mention which websites are concerned.
In 2021, the CNIL made the security of French websites one of its priorities for action. It therefore carried out checks online – if necessary under an assumed identity – and on documents, on 21 sites.
In fifteen cases, the problems observed led the Cnil to send a letter of formal notice, which gives three months to the actors concerned to take corrective measures.
According to the findings of the Cnil, “many players allow non-secure access (HTTP) to their website”.
Others use “an outdated version of the protocol that should ensure the security of data in transit” or “non-compliant” cryptographic tools.
The Cnil also noted that certain user accounts were insufficiently protected, in particular because they do not provide for devices making it possible to trace abnormal connections.
In the remaining six cases, the Cnil contented itself with a letter alerting those responsible to the measures to be implemented to comply with European data legislation (GDPR).
This provides in particular that sites processing personal data must “implement appropriate technical and organizational measures to guarantee a level of security adapted to the risk”.
In 2021, the CNIL received 5,037 notifications of personal data breaches, up 79% on the previous year.
SEE ALSO – Matthias Houllier: “Camera data can make the city smarter”