employee monitoring, offensive cookies and ransomware

There have never been so many data leaks. In its activity report released on Wednesday, May 11, the National Commission on Computing and Liberties (CNIL) counted 5,037 of them last year, a 79% increase in the number of notifications the organization received compared to the previous year. They are associated with “very strong growth in computer attacks, in particular ransomware attacks”according to the document, which are primarily aimed at business, communities and government bodies.

Ransomware is malware that blocks a user’s or organization’s data in order to extort money from them. In fact, 69% of these attacks target SMEs and micro-enterprises. “Less armed than large companies, in the face of this threat, they are prime targets for attackers.”indicates CNIL. “All areas of activity are affected”, but science and health professionals were particularly hard hit, with complaints up 191% and 195% respectively from the previous year.

Offensive cookies

In 2021, CNIL has also stepped up its efforts with respect to cookies, files that store personalized information about you after you visit a website and are widely used by advertising giants. They are the source of over 200 complaints. “Three series of online checks were carried out in 2021, targeting 92 high-traffic websites, to ensure, inter alia, that no cookies were placed on the Internet user’s terminal prior to any agreement and compliance with the obligation to obtain free consent .the commission explains.

As a reminder, the General Data Protection Regulation (GDPR) since 2019 requires all websites to explicitly ask for user consent when they first connect. But not everyone follows this principle yet. Thus, in December 2021, the commission sanctioned Google up to 150 million euros and Facebook up to 60 million euros because they did not allow opting out of cookies as easily as accepting them.

Read also: CNIL imposes heavy fines on Google and Facebook for their cookies

Finally, the organization received more complaints about surveillance of employees by employers: 83% of those received concerned video surveillance devices at work, through cameras in the company, but also through webcams with the advent of telecommuting, explained CNIL President Marie-Laure Denis, guest of France Info morning. These complaints come mainly from companies “small in size and have neither a legal department nor the support of a data protection officer”. The President reminded “Basic principle: proportionality. We cannot do everything and have constant control over the employee..

214 million euro fine

Faced with such a massive increase in the number of complaints received in various sectors, CNIL responded “a sharp increase in repressive activity”. 18 sanctions were adopted and 135 official notifications sent, totaling more than 214 million euros, an increase of 55%. Half of the adopted sanctions concern “poor data security”considered with protective measures “often not enough” by CNIL.

But private companies are not the only ones targeted. In 2021, the Ministry of the Interior was also called to order twice. “illegal use of drones equipped with cameras to monitor compliance with the self-isolation regime” and, secondly, for storing data recorded in an automated fingerprint file for longer than the period established by law.

Read also Ransomware: “Hackers are interested in the victim recovering his data”