the French “increasingly sensitive to the protection of their data”, notes the president of the CNIL

The latest activity report from the CNIL reveals having received 16,433 complaints for the year 2023, a record number.

The number of complaints received by the National Commission for Information Technology and Liberties (Cnil) reached a record in 2023. 16,433 complaints were sent last year by the general public, a number up 35% compared to to 2022 (12,193 complaints were filed that year). This is what emerges from the 2023 activity report of the Cnil that Franceinfo reveals, Tuesday April 23. “Individuals are increasingly sensitive to the protection of their data”, notes Tuesday on franceinfo Marie-Laure Denis, president of the CNIL.

The areas in which users notice the most invasion of their privacy are mainly linked to the different uses of the Internet, their place of work or their commercial exchanges. In detail, more than a third of complaints (35%) are linked to the use of the Internet, almost one in five to work (18%) and as many to commercial relationships.

2,600 complaints related to the right of access to data

It is in particular because people are unable to exercise their rights that they contact the CNIL. The Commission has thus received more than 2,600 complaints related to the right of access to data and more than 2,500 related to the right to erasure of this data. In the world of work, some employees consider geolocation “as excessive” and denounces “permanent surveillance”. Besides, “the CNIL sanctioned Amazon France Logistics to the tune of 32 million euros in 2023 for what it considered excessive surveillance of its employees”underlined the president of the CNIL.

Video protection or video surveillance devices also raise fears on the part of people who alert the CNIL. This concerns more than 1,000 complaints. The majority of reports (60%) relate to systems deployed in the professional world, a third (35%) in individual or collective housing, and 5% in commercial spaces. The CNIL reminds device owners that the field of vision of the cameras must be limited to what is strictly necessary, such as not filming the interior of a home.

The CNIL report also shows that Internet users want to be asked for their consent during their internet searches. 1,400 complaints concern cookies placed on digital equipment. People point out in particular a lack of information about the deposit of these tracers or an absence of an option to refuse. And more than 500 plaintiffs are contesting registration by the banks. In certain cases, the CNIL points out that it must refuse the complaint, because the person does not provide evidence allowing action to be taken. Either the facts are too imprecise or they do not reveal a data protection violation. Thus, in 2023, more than 4,400 requests had to be rejected.

340 checks in 2023

More generally, the CNIL carried out 340 inspections in 2023, whether on the basis of complaints received (57% of inspections) or on its own initiative, depending on current events or priority themes defined over the year ( 37%). These controls gave rise to 42 sanctions last year (twice as many as in 2022), including 36 fines for a total amount of nearly 90 million euros (89,179,500 euros). These sanctions are linked to data security, the processing of health data, the rights and surveillance of employees, online commerce, cookie management and even commercial prospecting. They have targeted small businesses as well as multinationals, the private sector as well as the public sector.

For example, fines were imposed against an air freight transport company for 200,000 euros, a literary magazine for 10,000 euros, a pay television distributor (600,000 euros), or even a dental surgeon, municipalities, IT consulting companies, online games. Ministries also received calls to order. “Our goal is really that practices, when they are bad, are changed. This is what we are working towards, including in the handling of complaints,” explains president Marie-Laure Denis.

‘You just need to contact the company or the administration for these practices to change’

Marie-Laure Denis

at franceinfo

Beyond controls and sanctions, the CNIL recalls in its report that it acts for digital education and awareness of the general public. It thus carried out 81 interventions in 2023 in 9 French regions. She was able to meet nearly 1,500 young people and more than 1,700 teachers and mediators. A mission to raise awareness among the general public about computer rights and freedoms was also created last year. Its aim is to encourage the French to take control of their rights by relying on public organizations and the local associative fabric.

The arrival of Artificial Intelligence also brings complaints from Internet users: “We have some complaints, indeed, which may concern recent players, in any case in generative AI. The CNIL really seeks to support the development of technologies and support them so that innovation is virtuous and respectful of rights”, explained Marie-Laure Denis. The CNIL supported suppliers of the Paris Games with so-called augmented cameras to detect suspicious behavior.