{"id":2437,"date":"2017-05-05T10:39:43","date_gmt":"2017-05-05T09:39:43","guid":{"rendered":"http:\/\/mouillere.com\/universconvergents\/?p=2437"},"modified":"2017-05-31T11:10:05","modified_gmt":"2017-05-31T10:10:05","slug":"la-cnil-sanctionne-allocab","status":"publish","type":"post","link":"https:\/\/mouillere.com\/universconvergents\/2017\/05\/05\/la-cnil-sanctionne-allocab\/","title":{"rendered":"La CNIL sanctionne Allocab"},"content":{"rendered":"<div class=\"row\">\n<div class=\"article-titre col-xs-12 col-sm-10 col-md-10 col-lg-10\">\n<p>Par d\u00e9lib\u00e9ration de la formation restreinte de la Commission Nationale de l\u2019Informatique et des Libert\u00e9s (CNIL) du 13 avril 2017, la soci\u00e9t\u00e9 Allocab a \u00e9t\u00e9\u00a0sanctionn\u00e9e pour manquement \u00e0 ses obligations en sa qualit\u00e9 de responsable de traitement.<\/p>\n<blockquote><p>Article 34<\/p>\n<p><i>\u00ab Le responsable du traitement est tenu de prendre toutes pr\u00e9cautions utiles, au regard de la nature des donn\u00e9es et des risques pr\u00e9sent\u00e9s par le traitement, pour pr\u00e9server la s\u00e9curit\u00e9 des donn\u00e9es et, notamment, emp\u00eacher qu\u2019elles soient d\u00e9form\u00e9es, endommag\u00e9es, ou que des tiers non autoris\u00e9s y aient acc\u00e8s\u00a0\u00bb<\/i><\/p><\/blockquote>\n<\/div>\n<\/div>\n<p><!--more--><\/p>\n<div class=\"article-encart-logo col-xs-12 col-sm-4 col-md-4 col-lg-4 encart_auteur\">\n<div class=\"article-pictos edito edito-auteur\">\n<p>La plainte fut adress\u00e9e \u00e0 la CNIL par l\u2019un de ses clients qui donna lieu, en mars 2015, \u00e0 un contr\u00f4le de la CNIL qui a\u00a0constat\u00e9\u00a0:<\/p>\n<\/div>\n<\/div>\n<div class=\"article-texte add-mg-top-20\">\n<ul class=\"spip\">\n<li>absence de d\u00e9termination de dur\u00e9es de conservation des donn\u00e9es bancaires;<\/li>\n<li>mesures de s\u00e9curit\u00e9 inad\u00e9quates, notamment en mati\u00e8re de gestion des mots de passe.<\/li>\n<\/ul>\n<p>Allocab disposait d\u2019un d\u00e9lai de 3 mois pour se conformer. La\u00a0CNIL diligenta un nouveau contr\u00f4le en d\u00e9cembre 2016et constata des manquements. Ce n\u2019est qu\u2019\u00e0 compter du 13 f\u00e9vrier 2017 qu\u2019Allocab sera pleinement en conformit\u00e9, en int\u00e9grant :<\/p>\n<ul class=\"spip\">\n<li>mise en place d\u2019une purge automatique des donn\u00e9es pour tous les comptes inactifs depuis 15 mois ou plus\u00a0;<\/li>\n<li>cessation de la conservation des cryptogrammes de carte de paiement en collaboration avec son prestataire de paiement;<\/li>\n<li>cessation de l\u2019envoi en clair de mots de passe (notamment dans le courrier \u00e9lectronique de confirmation de cr\u00e9ation de compte)\u00a0;<\/li>\n<li>mise en place d\u2019une politique de gestion des mots de passe (les clients sont forc\u00e9s de s\u00e9lectionner un mot de passe suffisamment robuste lors de sa cr\u00e9ation, stockage encrypt\u00e9, etc.).<\/li>\n<\/ul>\n<p>Allocab\u00a0sera sanctionn\u00e9e d\u2019une amende de 15 000 euros.<\/p>\n<\/div>\n<p><a href=\"http:\/\/www.village-justice.com\/articles\/CNIL-epingle-societe-Allocab-souhaitant-sensibiliser-les-responsables,24915.html\">http:\/\/www.village-justice.com\/articles\/CNIL-epingle-societe-Allocab-souhaitant-sensibiliser-les-responsables,24915.html<\/a><\/p>\n<iframe src=\"\/\/docs.google.com\/viewer?url=https%3A%2F%2Fmouillere.com%2Funiversconvergents%2Fwp-content%2Fuploads%2F2017%2F05%2FD%C3%A9lib%C3%A9ration-CNIL-du-13-avril-2017-.pdf&hl=fr&embedded=true\" class=\"gde-frame\" style=\"width:100%; height:500px; border: none;\" scrolling=\"no\"><\/iframe>\n<p class=\"gde-text\"><a href=\"https:\/\/mouillere.com\/universconvergents\/wp-content\/uploads\/2017\/05\/D\u00e9lib\u00e9ration-CNIL-du-13-avril-2017-.pdf\" class=\"gde-link\">T\u00e9l\u00e9charger (PDF, 79KB)<\/a><\/p>\n<iframe src=\"\/\/docs.google.com\/viewer?url=https%3A%2F%2Fmouillere.com%2Funiversconvergents%2Fwp-content%2Fuploads%2F2017%2F05%2FD%C3%A9lib%C3%A9ration-du-19-janvier-2017-recommandation-mots-de-passe.pdf&hl=fr&embedded=true\" class=\"gde-frame\" style=\"width:100%; height:500px; border: none;\" scrolling=\"no\"><\/iframe>\n<p class=\"gde-text\"><a href=\"https:\/\/mouillere.com\/universconvergents\/wp-content\/uploads\/2017\/05\/D\u00e9lib\u00e9ration-du-19-janvier-2017-recommandation-mots-de-passe.pdf\" class=\"gde-link\">T\u00e9l\u00e9charger (PDF, 69KB)<\/a><\/p>\n<iframe src=\"\/\/docs.google.com\/viewer?url=https%3A%2F%2Fmouillere.com%2Funiversconvergents%2Fwp-content%2Fuploads%2F2017%2F05%2FD%C3%A9lib%C3%A9ration-CNIL-du-14-novembre-2013-Recommandation-CB.pdf&hl=fr&embedded=true\" class=\"gde-frame\" style=\"width:100%; height:500px; border: none;\" scrolling=\"no\"><\/iframe>\n<p class=\"gde-text\"><a href=\"https:\/\/mouillere.com\/universconvergents\/wp-content\/uploads\/2017\/05\/D\u00e9lib\u00e9ration-CNIL-du-14-novembre-2013-Recommandation-CB.pdf\" class=\"gde-link\">T\u00e9l\u00e9charger (PDF, 77KB)<\/a><\/p>\n<iframe src=\"\/\/docs.google.com\/viewer?url=https%3A%2F%2Fmouillere.com%2Funiversconvergents%2Fwp-content%2Fuploads%2F2017%2F05%2FLoi-n%C2%B0-78-17-du-6-janvier-1978.pdf&hl=fr&embedded=true\" class=\"gde-frame\" style=\"width:100%; height:500px; border: none;\" scrolling=\"no\"><\/iframe>\n<p class=\"gde-text\"><a href=\"https:\/\/mouillere.com\/universconvergents\/wp-content\/uploads\/2017\/05\/Loi-n\u00b0-78-17-du-6-janvier-1978.pdf\" class=\"gde-link\">T\u00e9l\u00e9charger (PDF, 294KB)<\/a><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Par d\u00e9lib\u00e9ration de la formation restreinte de la Commission Nationale de l\u2019Informatique et des Libert\u00e9s (CNIL) du 13 avril 2017, la soci\u00e9t\u00e9 Allocab a \u00e9t\u00e9\u00a0sanctionn\u00e9e pour manquement \u00e0 ses obligations&hellip; <\/p>\n","protected":false},"author":1,"featured_media":126,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[2,16],"tags":[48],"class_list":["post-2437","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-big-data","category-donnees-personnelles","tag-cnil"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2015\/06\/6640564215_b3dc3f033d.jpg?fit=450%2C287&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6jw1p-Dj","jetpack-related-posts":[{"id":658,"url":"https:\/\/mouillere.com\/universconvergents\/2015\/07\/08\/etude-dimpacts-sur-la-vie-privee-nouvelle-methode-de-la-cnil\/","url_meta":{"origin":2437,"position":0},"title":"Etude d&#8217;impacts sur la vie priv\u00e9e : nouvelle m\u00e9thode de la CNIL","author":"Fred","date":"8 juillet 2015","format":false,"excerpt":"La Commission a publi\u00e9 il y a peu sa m\u00e9thode pour mener des PIA (Privacy Impact Assessment) pour aider les responsables de traitements dans leur d\u00e9marche de mise en conformit\u00e9 et les fournisseurs dans la prise en compte de la vie priv\u00e9e d\u00e8s la conception de leurs produits. La Loi\u2026","rel":"","context":"Dans &quot;Cybers\u00e9curit\u00e9&quot;","block_context":{"text":"Cybers\u00e9curit\u00e9","link":"https:\/\/mouillere.com\/universconvergents\/category\/it\/cybersecurite\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2015\/06\/6640564215_b3dc3f033d.jpg?fit=450%2C287&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":2388,"url":"https:\/\/mouillere.com\/universconvergents\/2017\/05\/18\/le-nouveau-data-protection-officer-dpo\/","url_meta":{"origin":2437,"position":1},"title":"Le nouveau Data Protection Officer (DPO)","author":"Fred","date":"18 mai 2017","format":false,"excerpt":"Le\u00a0R\u00e8glement du 27 avril 2016 relatif \u00e0 la protection des personnes physiques \u00e0 l\u2019\u00e9gard du traitement des donn\u00e9es \u00e0 caract\u00e8re personnel et \u00e0 la libre circulation de ces donn\u00e9es (\u00ab RGDP \u00bb) a cr\u00e9\u00e9 le DPO charg\u00e9\u00a0d'assurer un r\u00f4le d\u2019interm\u00e9diaire entre\u00a0les\u00a0entreprises et la CNIL. Le DPO va devenir obligatoire d'ici\u2026","rel":"","context":"Dans &quot;Donn\u00e9es personnelles&quot;","block_context":{"text":"Donn\u00e9es personnelles","link":"https:\/\/mouillere.com\/universconvergents\/category\/it\/donnees-personnelles\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2017\/05\/GDPR-en.png?fit=1101%2C560&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2017\/05\/GDPR-en.png?fit=1101%2C560&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2017\/05\/GDPR-en.png?fit=1101%2C560&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2017\/05\/GDPR-en.png?fit=1101%2C560&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2017\/05\/GDPR-en.png?fit=1101%2C560&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":2761,"url":"https:\/\/mouillere.com\/universconvergents\/2018\/03\/24\/des-membres-de-la-quadrature-du-net-portent-plainte-aupres-de-la-cnil-pour-violation-du-droit-dacces-par-leurs-operateurs-de-telephonie-mobile\/","url_meta":{"origin":2437,"position":2},"title":"Des membres de la Quadrature du Net portent plainte aupr\u00e8s de la CNIL pour violation du droit d&#8217;acc\u00e8s par leurs op\u00e9rateurs de t\u00e9l\u00e9phonie mobile","author":"Fred","date":"24 mars 2018","format":false,"excerpt":"Des membres de la Quadrature du Net ont demand\u00e9 \u00e0 leurs op\u00e9rateurs de t\u00e9l\u00e9phonie mobile (Free Mobile, Orange, Bouygues Telecom, SFR) d'acc\u00e9der aux donn\u00e9es personnelles. N'ayant pas re\u00e7u de r\u00e9ponse satisfaisante dans le d\u00e9lai de 2 mois, ils ont d\u00e9pos\u00e9 plainte contre ces op\u00e9rateurs aupr\u00e8s de la CNIL. Le code\u2026","rel":"","context":"Dans &quot;Donn\u00e9es personnelles&quot;","block_context":{"text":"Donn\u00e9es personnelles","link":"https:\/\/mouillere.com\/universconvergents\/category\/it\/donnees-personnelles\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2015\/06\/6640564215_b3dc3f033d.jpg?fit=450%2C287&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":2864,"url":"https:\/\/mouillere.com\/universconvergents\/2018\/11\/06\/liste-des-traitements-pour-lesquels-une-analyse-dimpact-relative-a-la-protection-des-donnees-aipd-est-requise\/","url_meta":{"origin":2437,"position":3},"title":"Liste des traitements pour lesquels une Analyse d\u2019Impact relative \u00e0 la Protection des Donn\u00e9es (AIPD) est requise","author":"Fred","date":"6 novembre 2018","format":false,"excerpt":"L\u2019article 35 du RGPD pr\u00e9voit la conduite d\u2019une analyse d\u2019impact relative \u00e0 la protection des donn\u00e9es (AIPD - Data Protection Impact Assessment ou PIA - Privacy Impact Assessment), lorsqu\u2019un traitement de donn\u00e9es personnelles est susceptible d'engendrer un risque \u00e9lev\u00e9 pour les droits et libert\u00e9s des personnes concern\u00e9es. Une AIPD doit\u2026","rel":"","context":"Dans &quot;Donn\u00e9es personnelles&quot;","block_context":{"text":"Donn\u00e9es personnelles","link":"https:\/\/mouillere.com\/universconvergents\/category\/it\/donnees-personnelles\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2018\/11\/171002_fiche_risque_fr_screen_rgb.jpg?fit=1200%2C848&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2018\/11\/171002_fiche_risque_fr_screen_rgb.jpg?fit=1200%2C848&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2018\/11\/171002_fiche_risque_fr_screen_rgb.jpg?fit=1200%2C848&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2018\/11\/171002_fiche_risque_fr_screen_rgb.jpg?fit=1200%2C848&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2018\/11\/171002_fiche_risque_fr_screen_rgb.jpg?fit=1200%2C848&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":4736,"url":"https:\/\/mouillere.com\/universconvergents\/2020\/07\/09\/cnil-non-competente-pour-interdire-la-pratique-des-cookies-wall\/","url_meta":{"origin":2437,"position":4},"title":"CNIL non comp\u00e9tente pour interdire la pratique des Cookie Walls","author":"Fred","date":"9 juillet 2020","format":false,"excerpt":"Saisi par plusieurs associations et syndicats d'\u00e9diteurs et de publicitaires (GESTE, IAB, etc.), le Conseil d\u2019\u00c9tat a jug\u00e9 que la CNIL n'\u00e9tait pas comp\u00e9tente pour interdire la pratique des Cookie Walls. \u00a0 \"In order for consent to be freely given, access to services and functionalities must not be made conditional\u2026","rel":"","context":"Dans &quot;Donn\u00e9es personnelles&quot;","block_context":{"text":"Donn\u00e9es personnelles","link":"https:\/\/mouillere.com\/universconvergents\/category\/it\/donnees-personnelles\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2020\/07\/Cookie-wall.png?fit=783%2C333&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2020\/07\/Cookie-wall.png?fit=783%2C333&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2020\/07\/Cookie-wall.png?fit=783%2C333&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2020\/07\/Cookie-wall.png?fit=783%2C333&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":2529,"url":"https:\/\/mouillere.com\/universconvergents\/2017\/06\/10\/data-privacy-officer-dpo\/","url_meta":{"origin":2437,"position":5},"title":"Data Privacy Officer (DPO)","author":"Fred","date":"10 juin 2017","format":false,"excerpt":"L\u2019article 37 du r\u00e8glement europ\u00e9en 2016\/679 du 27 avril 2016 (RGDP) contraint certains responsables de traitement de d\u00e9signer un D\u00e9l\u00e9gu\u00e9 \u00e0 la protection des donn\u00e9es (DPO) aupr\u00e8s des autorit\u00e9s de contr\u00f4le (la CNIL en France).\u00a0Les responsables de traitement et les sous-traitants devront d\u00e9signer un DPO s\u2019ils appartiennent au secteur public,\u2026","rel":"","context":"Dans &quot;Donn\u00e9es personnelles&quot;","block_context":{"text":"Donn\u00e9es personnelles","link":"https:\/\/mouillere.com\/universconvergents\/category\/it\/donnees-personnelles\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2017\/06\/role-of-the-data-protection-officer-18-638.jpg?fit=638%2C479&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2017\/06\/role-of-the-data-protection-officer-18-638.jpg?fit=638%2C479&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/mouillere.com\/universconvergents\/wp-content\/uploads\/2017\/06\/role-of-the-data-protection-officer-18-638.jpg?fit=638%2C479&ssl=1&resize=525%2C300 1.5x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/mouillere.com\/universconvergents\/wp-json\/wp\/v2\/posts\/2437","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mouillere.com\/universconvergents\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mouillere.com\/universconvergents\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mouillere.com\/universconvergents\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mouillere.com\/universconvergents\/wp-json\/wp\/v2\/comments?post=2437"}],"version-history":[{"count":2,"href":"https:\/\/mouillere.com\/universconvergents\/wp-json\/wp\/v2\/posts\/2437\/revisions"}],"predecessor-version":[{"id":2443,"href":"https:\/\/mouillere.com\/universconvergents\/wp-json\/wp\/v2\/posts\/2437\/revisions\/2443"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mouillere.com\/universconvergents\/wp-json\/wp\/v2\/media\/126"}],"wp:attachment":[{"href":"https:\/\/mouillere.com\/universconvergents\/wp-json\/wp\/v2\/media?parent=2437"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mouillere.com\/universconvergents\/wp-json\/wp\/v2\/categories?post=2437"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mouillere.com\/universconvergents\/wp-json\/wp\/v2\/tags?post=2437"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}