The CNIL alerts « unprecedented » leaks in 2024 – Liberation

The National Commission for Data Protection (CNIL) made its balance sheet of 2024 on Tuesday, April 29. The protective authority of the French privacy reveals that last year was not spared from data violations. On the contrary. They were « Not only more numerous but also of greater magnitude, leading to the theft of data for millions of French people »deplores the CNIL.

In total, 5,629 data violations notifications were recorded in 2024, 20 % more than the previous year. The organization is concerned that the successful attacks have passed « From about twenty to forty » in one year. Among the organizations that have been victims, there are France work, free, or Auchan. « There have been scandals, do not hesitate to say it, on the exploitation of sensitive data without the consent of users »says Marie-Laure Denis, president of the institution.

The CNIL recorded 17,772 complaints received in 2024, for a total amount of 55.2 million euros in fines. Among the companies sanctioned: the Orange telephone operator, which received a fine of 50 million euros in December for not granted advertisements. The total amount of tickets amounted to 89 million euros in 2023. The CNIL had then sanctioned the French advertising giant Criteo, a fine of 40 million euros, and Amazon France logistics of a penalty of 32 million euros.

The first quarter of 2025 is already marked by a substantial figure of personal data violations: more than 2,500. It is almost half of what the CNIL recorded on all 2024. Marie-Laure Denis estimates that with a double authentication system, « 80 % of major data violations ” recorded last year, « Could have been avoided » Companies and public organizations with databases of more than two million people will have to force this system, more reliable than a single password.

The regulator set a new objective in 2025: conduct a control campaign aimed at mobile applications to verify the use they make of personal data. « Each Frenchman downloads around 30 applications per year » On her phone, notes the president. In the Parisianshe completes that the laptop has become central, and that we « Find all our private life ». Yet,, « These mobile applications trace our habits and sometimes our privacy, Recovering our journeys, menstrual cycles, sexual orientation, data relating to pregnancy, etc. ”

In parallel, the CNIL also placed generative artificial intelligence, like Chatgpt, at the center of its concerns. « We work a lot with AI players to try to see which technologies implement so that there is for example a filter at the time of data regurgitation »explains Marie-Laure Denis. A filter that would help that part of the data « May be erased ».