The EU’s flagship data protection regulation, known as the GDPR, has stood the test of the COVID-19 health crisis, the president of French data watchdog CNIL said at the release of the body’s annual report for 2020 on Tuesday (18 May). EURACTIV France reports.
The CNIL’s 2020 activity report said that “the year 2020 has put the GDPR to the test, bringing to the fore in the public debate many points of tension likely to shift perceptions and concerns about personal data and privacy”.
The president of the regulatory authority, Marie-Laure Denis, said she was pleased that the GDPR, the General Data Protection Regulation, has been sufficiently flexible during the pandemic, adding that the “pandemic has been an accelerator of digital uses.”
Denis also welcomed the fact that citizens made 62.5% more complaints related to their digital rights compared to 2018, the year the GDPR – which sets a harmonised framework for personal data between all EU member states – was implemented.
According to the CNIL, 2020 was also marked by the issue of ‘digital sovereignty’.
As examples, the report cited the EU Court’s annulment of the Privacy Shield, which framed data transfers between the EU and the US, the controversy over the French Health Data Hub being hosted by Microsoft, as well as the European Commission’s upcoming legislative proposals like the Digital Services Act (DSA) or the Digital Markets Act (DMA).
“This exceptional context offers an unprecedented alignment of interests between data protection regulation and industrial recovery policy. It is our responsibility to seize this opportunity collectively to pursue an ambitious policy for European digital sovereignty,” the report states.
Three major projects for 2021
The CNIL has also identified the three main areas of work for 2021.
Firstly, the French data watchdog said it intends to strengthen controls to ensure online players comply with their cookie policies. There now has to be more transparency for users, but it must also “be as easy to withdraw consent as to give it”, the CNIL said.
Denis also noted that cybersecurity “has become a major issue”, and has put it high on the agenda for 2021. In 2020, the CNIL received 2,825 data breach notifications, an increase of 24% on the previous year.
“There can be no data protection without cybersecurity and we must continue to develop practices for a trusted digital society,” the report stressed.
The French authority also said it intends to participate in the national initiative for a “sovereign and trusted” cloud to host data and protect itself from extraterritorial risks. “This is the best protection against overly intrusive foreign legislation and this ambition is not limited to health data,” the CNIL wrote.
[Edited by Zoran Radosavljevic]