France’s data protection authority, the Commission nationale de l'informatique et des libertés, published guidance and best practices for use of authentication by digital token. The CNIL warned access tokens made from hyperlinks can pose security risks because they can act as a “gateway” to allow for “continuous access to personal data on the internet." Without two-factor authentication, individual remote connection tokens create “increased risk in terms of security.” The CNIL’s recommendations include establishing a defined period for how long a token can be valid and use authentication links that do not contain personal data.
8 Sept. 2022
CNIL creates guidance for authentication by digital tokens
RELATED STORIES
Controllers, processors and subprocessors in chains
Notes from the IAPP Canada: Recommendations, calls to reform Privacy Act 'a good start'
A view from DC: Marriott and the minimum extent necessary
Retrospective: 2024 in state sectoral privacy law and AI law
Notes from the Asia-Pacific region: India's PM talks global governance for digital technology