CNIL 2020 inspection strategy concentrates on cookies, geolocation and health data

France’s Data Protection Authority, the CNIL, says that it will carry out more than 50 inspections this year in the fields of geolocation, cookies/other trackers, and health data.

The CNIL carries out thousands of inspections each year, and in particular, by investigating complaints. These three areas of priority were chosen based on topical issues and their impact on citizens’ everyday life.

The focus on cookies and the tracking of Internet users culminated, in 2019, on issuing guidelines on the placing of cookies. The CNIL wants to ensure that tracking through cookies or other trackers in the context of advertising and user profiling is done in line with the GDPR. Simply continuing to browse a website can no longer constitute valid user consent to the placing of cookies, it says.

Later this year, the regulator will issue a recommendation to guide organisations through the operational application of the new requirements. A draft recommendation was published for public consultation until 25 February.

App development, for example in the travel sector, raises concern over the use of geolocation data. Inspections will therefore focus on proportionality of the collected data, the defined retention periods, the information provided to individuals and the security measures implemented, the CNIL says.

On health data, the CNIL wants to focus on the security measures implemented by healthcare professionals.