French data regulator sees 35% more privacy complaints

The European Union’s AI Act, age verification and keeping biometrics out of surveillance during the Paris Olympics were among the top topics for the French data privacy watchdog in 2023.

The agency, known as Commission Nationale de l’Informatique et des Libertés, or CNIL, published a report on its activity during the year, showing a 35 percent increase in public complaints related to data privacy.

The agency has been cracking down on more biometrics providers, including rifling through Worldcoin’s offices in Paris and issuing additional fines to Clearview. Overall, CNIF carried out 340 investigations in 2023, issuing twice as many sanctions as the previous year and collecting more than 89.1 million euros in fines.

Last year, CNIL also created a service for AI composed of lawyers, engineers and AI analysts focused on providing expertise to AI solution providers. Among the agency’s tasks was clarifying the legal framework related to AI applications, including the EU AI Act and GDPR.

“Our goal is to support this innovation. Not to slow it down but to support it from the outset with guarantees to the extent that AI consumes a considerable number of personal data,” CNIL President Marie-Laure Denis told tech news outlet FrenchWeb.

Denis added that CNIL will have to define a methodology to control AI technologies, including tools to audit AI systems.

The report notes CNIL’s consideration of including biometrics on the cards issued by the national health insurance program, and biometric proctoring for online exams, neither of which it recommends.

CNIL’s main challenge for 2024 will be ensuring the balance between high security and data privacy during the 2024 Olympic Games. The agency has been consulting with lawmakers on the Olympic Games Law brought in May 2023 and with security agencies on deploying the AI surveillance systems currently tested in Paris, after urging lawmakers not to allow facial recognition to be part of it. As part of the project, it also held consultations with 11 solution providers as well as computer vision researchers and the French National Agency for Information Systems Security (ANSSI).

Another area under the privacy watchdog’s gaze is age verification. CNIL has been working on developing its own age verification scheme alongside consulting with broadcast regulator ARCOM, the French authorities and its European counterparts on developing a regulatory framework for protecting minors online.

Article Topics

biometric identifiers  |  biometrics  |  CNIL  |  data privacy  |  data protection  |  facial recognition  |  France