Elysee and CNIL sites do not comply with GDP … so what?

Some observers who specialize in self-flagging did not miss the opportunity to observe that the Americans Kafam, the Chinese Boutiques and the Europeans invented GDPR … after forgetting to cross a few unicorns and hundreds of European SMEs.

The guardian of the temple is the gender, in France, the National Commission for Information Technology and Freedom, echoes the RGBT as the new schedule of law. CNIL has now pointed out the weaknesses of Health Pass’s digital architecture and advised against the use of teams and zoom in higher education.

Well, in the game of sprayed sprayer, here’s one of the most fantastic: Elysee and CNIL websites do not comply with GDP.

In fact, we were interested in submitting to the services of the best known providers in terms of compliance ratings, the protector of compliance with these two identical public sites, ELC and CNIL, GDPR: Cookiebot or User Centrix. The results of the analysis are clear: “The site does not comply”. The result is editing!

So both are not fully GDPR compliant.

Should we worry about that? Should all businesses be shut down and the IT departments of these two companies work day and night until their site is fully compatible? This would be interesting as an example. But does it matter?

Unlike the IT service providers that provide you every day to bring your website GDPR, audit and GDPR certification compliance, IDP (Institute of Practical Law), Opinion International’s partner, provides advice and training to companies on: Distinguishing essentials from subsidiaries in order to provide companies with guidelines for determining their strategy according to risk / cost ratio. It would be more effective than provoking fears by stamping out millions of euros in fines imposed by the texts. This is because the CNIL, and even more so the judge, takes into account the context, the purpose of the controller, the severity of the error and its consequences.

In theory, GDPR follows a logic of duty obligation: everything must be done in accordance with procedures and protocols, but if something goes wrong (data leakage), we are not responsible.

In practice, most of the penalties imposed by CNIL follow data leaks, the origin of which is found in computer security vulnerabilities. So we are close to the obligation of decision: no problem with data = no problem with CNIL.

However, this equation does not mean that compliance is unnecessary, just as ELC and CNIL sites do not comply with GDPR. But it does not always have to be wholesome and complete, firstly, the process can come at a significant cost, especially to SMEs and to the detriment of very small businesses or its economic interests, all for a small legal risk. Then, with the exception of error or gross negligence, CNIL will notify the Company to correct its deficiencies and will only allow it if it does not comply.

It should also be remembered that GDP, if not above all else, is a tool aimed at countering the exclusion of US law. The United States dictates to itself the right to condemn foreign companies that do not respect Uncle Sam’s laws or his policies (for example, to condemn those who had trade relations with Iran). Therefore, in order to protect ourselves from our best friend, GDPR makes it possible to allow American companies to illegally process European data. Unfortunately, if we draw the practical consequences of the judgment July 16, 2020 Court of EU In the name of the Cloud Act, GDPR is powerless to prevent the transfer of data from Europeans to US public companies, and in theory we should no longer use US cloud sites and services (especially GAFAM). The task is impossible!

With this in mind, we will not file a complaint with CNIL against CNIL and Elysee for non-compliance with GDPR … We hope it would be good to promote the following theory through these two identification cases. : GDPR first and foremost protects the data of end users by training them in good IT security practices and informs them of the legal consequences of potential negligence. As safety experts say, the weak point is always between the seat and the keyboard! We have no doubt that all ELC and CNIL employees are already aware of these good practices … otherwise the IDPs will be honored to train 800 Republican presidential officers and some hundreds of CNIL staff. . ..

Michael Dube and Raymond Dube, Editor-in-Chief and Director of Concept International IDP – Practical Law Firm