Data Risk Intelligence
Automated Data Mapping
Do Not Sell/Do Not Share
Cookie Banner Solutions
Consent & Preferences
Data Rights RequestsCNIL Releases Developer Kit with Suggestions to Protect Personal Data
The French Data Protection Authority CNIL has launched a Developer Kit on its website to help programmers and other developers take measures to protect personal data. The guide offers six segments designed to cover all stages of development. The kit covers:
– Choosing work tools
– Preparing for development
– Best practices for code management
– Integration of Libraries, SDKs and third party tools
– Strengthening code quality
– Documentation
Among the suggestions:
– Audit all tools processing data. Think about the sensitivity of the data provided to online tools and whether a local instance in a controlled infrastructure would be more appropriate.
– Complete a Data Protection Impact Assessment (DPIA) before you start a project (even if it is not required).
– Start with a simple and secure system before adding complexity. Use proven language and technologies which have been audited to correct the most vulnerabilities.
– Audit the code of third-party components to understand what data is sent to them and who is receiving it. Limit the components of third-party services that are not needed. Make sure that the software is maintained and regularly updated.
– Document security dimensions in the user or developer documentation. Explain which settings are most secure.
The guide is still pretty lean at the moment but there is a lot to think about on the topic of developing software. We speak fairly frequently on the implications of the use of third-party tools in modern development practices. The resulting beacons, trackers, cookies and other third-party data sharing have been a hot topic both around user control and the importance of transparent disclosures over the past year. The Facebook – Cambridge-Analytica scandal really put this topic front and center over the past year and it does not seem to be slowing down.
Although we ordinarily discuss this topic in the context of beacons and trackers gathering information off a website, CNIL’s questioning of data sharing through development tools is another great example. Organizations also need to understand the tools their developers are using in order to have a complete picture of where the data is going.
If your organization faces difficulties understanding what data you are collecting and who you are sharing it with, contact us or call 1-888-252-5653 to get a demo of our enterprise privacy management software.
