16 September 2012


France's Commission nationale de l’informatique et des libertés (CNIL) - aka the French national Data Protection Authority - has released its glossy 82 page Activity Report for 2011.

Amid the almost kinetic promo in the report there are some interesting statistics and comments on preoccupations over the past year. CNIL identifies data breaches, the right to be forgotten, cctv  and abusive data collection as the focus of official and community attention in 2011.

 of 2011 and have remained dominant issues in 2012. 159 persons: the workforce of the CNIL notes that its staffing has doubled over the last seven years, to 159 officials. Further growth is expected because the organisation has been 'tasked' wioth supervision of street video-surveillance systems, ie cctv on highways and  streets, and because it is now overseeing the French data breach reporting regime (with mandatory reporting by the telecommunications sector since last year).

CNIL received 5,738 complaints (26%  filed online).  Complaints regarding the 'right to be forgotten'  increased by 42% on 2010, with complaints regarding cctv up by 30%.

The organisation undertook 385 public and private sector audits, 25% more than in 2010. The focus was on
  • security of health data (audits were conducted in health care establishments and health data providers)
  • debt collection agencies and private investigators
  • enterprises that transfer data outside of the European Union
  • enterprises handling consumer data, primarily e-commerce websites. 
The largest penalty was  100,000 euros (on Google for wireless data collection as part of its Street View initiative). There were 18 other decisions with sanctions, including 5 financial penalties (ie a lower rate than the Information Commissioner in the UK). CNIL Issues 65 formal 'notices to comply'.