CNIL (France) - SAN-2021-016

From GDPRhub
Revision as of 15:06, 5 October 2021 by FA (talk | contribs) (Created page with "{{DPAdecisionBOX |Jurisdiction=France |DPA-BG-Color= |DPAlogo=LogoFR.png |DPA_Abbrevation=CNIL (France) |DPA_With_Country=CNIL (France) |Case_Number_Name=SAN-2021-016 |ECLI=...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
CNIL (France) - SAN-2021-016
LogoFR.png
Authority: CNIL (France)
Jurisdiction: France
Relevant Law:
Article 4 of the Loi Informatique et Libertés
Article 89 of the Loi Informatique et Libertés
Article 97 of the Loi Informatique et Libertés
Article 99 of the Loi Informatique et Libertés
Article 104 of the Loi Informatique et Libertés
Type: Investigation
Outcome: Violation Found
Started:
Decided: 24.09.2021
Published: 30.10.2021
Fine: None
Parties: Ministry of the Interior
National Case Number/Name: SAN-2021-016
European Case Law Identifier: n/a
Appeal: Unknown
Original Language(s): French
Original Source: legifrance.gouv.fr (in FR)
Initial Contributor: Frederick Antonovics

The French DPA held that a database containing over 6,000,000 fingerprints belonging to suspected or convicted offenders was mismanaged by the Ministry of the Interior.

English Summary

Facts

The FAED (‘ficher automatisé des empreintes digitales) is a database managed by the French police. It consists of digital copies of fingerprints belonging to people against whom criminal cases were brought and ‘traces’ of fingerprints collected at crime scenes. It allows law enforcement officers to link a person to several identities or aliases and to link that person to previous proceedings in which his or her prints have been taken. In December 2018 the CNIL launched a monitoring procedure against the Ministry of the Interior with the view of assessing its compliance with national data protection legislation. At the time, the database contained nearly 6,300,000 digital fingerprints belonging to identified persons suspected or convicted of having committed an offence, as well as 240,000 unidentified traces. In April 2021, the CNIL concluded its investigation and sent the Ministry of the Interior a report detailing various breaches.


Holding

First, the CNIL issued a call to order Second, it issued an injunction against the Ministry of the Interior, ordering it to bring its processing operation into line with the Loi Informatique et Liberté. In particular, it identified five key breaches to remedy: 1 2 4 5


Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the French original. Please refer to the French original for more details. 

ERROR while retrieving original source text, please copy text here
Retrieved from "https://gdprhub.eu/index.php?title=CNIL_(France)_-_SAN-2021-016&oldid=20621"
Creative Commons Attribution-NonCommercial-ShareAlike
Powered by MediaWiki