![Default Article Featured Image_laptop-newspaper-global-article-090623[95].jpg](https://images.contentstack.io/v3/assets/bltd4dd5b2d705252bc/blt61f52659e86e1227/64ff207a8606a815d1c86182/laptop-newspaper-global-article-090623[95].jpg?width=3840&quality=75&format=pjpg&auto=webp)
Video surveillance, the healthcare sector, smartphones, sports, data security, large data files—police, highways, gas, electricity—these are the targets selected this year by the French data protection authority (CNIL) as justifying specific attention in its enforcement programme.
The CNIL mission is to ensure compliance with the French data protection law of January 6, 1978. To this goal, it performs onsite investigations on the premises of businesses and government bodies in order to verify whether the personal data they handle about customers, employees, citizens, patients, etc., are duly processed in compliance with the rules of the law on the protection of privacy and personal data.
Many investigations are triggered by complaints or scandals revealed by the media. However, a large part of the controls operated by the CNIL are based on an annual programme which is set every year in the spring where the CNIL identifies objectives and priorities. The authority keeps intensifying its enforcement activity. Whereas in 2010, 318 investigations were made, the 2012 objective is 450 investigations.
This spring, the authority decided to pursue its vigilance effort on video surveillance activities, begun two years ago, which bring it regularly to publicize excessive surveillance practices over employees or within schools.
It recently sanctioned a host provider of health data for not having complied with its security commitments. The data was not encrypted. Host providers are on the CNIL’s radar screen in particular in light of the issues raised by cloud computing. More generally, health data and its security are a topic of concern and interest, as are health-related applications on the Internet, the patient medical record, the pharmaceutical record and clinical research.
The 2011 investigation programme included the topic “Internet tracking.” In 2012, the CNIL both refines and broadens the topic as it looks at all data processing carried out around smartphones: Who knows what about the subscriber, who subscribes to a smartphone offer and then makes use of all its functionalities, in particular by downloading apps.
Although Paris has not been selected to host the Olympics this year, the CNIL has decided to keep a place for sports and games in its investigation programme. It announces investigations of stadiums and sport organizations on data processing relating to attendants, licensees and a special interest for black lists and anti-doping.
A summary of the investigation programme is available in French on the CNIL
.
