We have to believe that the gendarme has calmed down in 2022. Against all expectations, and while the opposite trend was observed in previous years, the National Commission for Computing and Freedoms (Cnil) did not see its revenue increase thanks to the financial penalties imposed. Only 101 million euros in fines were pronounced by the administrative authority. But there is an explanation.
The amount of fines less than 2020…
In 2022, 21 sanctions were therefore imposed by the CNIL, 13 of which were made public, for an amount of €101,277,900. This is therefore less than the cumulative amount of fines in 2021, which had reached the record level of 214 million euros. In 2020, the amount was also higher, with 138 million euros raised.
The Cnil specifies that these sanctions include 19 fines and two decisions to liquidate a penalty payment, i.e. the payment of a sum due to non-compliance with an order given by the Cnil in its sanction decision. . “Among the most frequent shortcomings are the lack of information for people, the non-respect of their rights and the lack of cooperation with the Cnilindicates authority. Of these 21 sanctions, one third also includes a violation related to the security of personal data. Finally, four sanctions relate to poor management of cookies and other tracers and three contain breaches related to commercial prospecting..
… but a record number of formal notices
Although the amount of financial penalties is lower than in previous years, the CNIL indicates that its activity has mainly been “marked by a major reform of corrective procedures”and by “a record number of formal notices”. There were indeed 147 formal notices issued, compared to 135 in 2021 and around fifty in previous years.
These formal notices concerned various sectors and issues. In addition to the obligation to appoint a DPO (data protection officer), they also concerned commercial prospecting and the transmission of data to commercial partners, the transfer of data to the United States (in particular through of the Google Analytics tool) or on the security measures of websites. More generally, in terms of data security, half of the decisions adopted include at least one cybersecurity breach.
Finally, the CNIL prides itself on having become more efficient with simplified procedures. Thus, 13,000 files would have been processed while the authority received 12,000 complaints in 2022, meaning that it managed to catch up with some of the files still pending.
