The CNIL favors the revocation list of fraudulent passes, under certain conditions

The committee recalls several crucial points for the establishment of the revocation list. Among them, the information of the persons concerned, the protection of personal data, and the limits of this system.

The CNIL made this October 14 his opinion concerning the application of a revocation list, a system put in place by the government to fight against the use of fraudulent health passes.

The regulator, who has decreed the use of this list as “legitimate and proportionate”, however calls on the government to some vigilance measures. In particular, she insists on the importance of notifying people whose pass is included in the list.

Inform the people concerned

“The information must allow the persons concerned to generate, as soon as possible, a new certificate directly online or from authorized professionals. The objective is to limit the consequences for persons whose capacity to access and use digital tools remain limited (inability to access a health facility for scheduled care, refusal to access a means of transport, etc.), specifies the CNIL in his opinion.

The Commission also warns against the objectives and limits of such a device. In time, but also in its use. It thus invites the government “to specify in its decree that the use of the exclusion list must be limited to the revocation of health passes identified as fraudulent”.

Data security

Finally, the CNIL insisted on securing the personal data contained in the pass, something that government decree specifies explicitly. No personal or health data is therefore intended to be included.

As a reminder, the list in question, which will be integrated in TousAntiCovid and in the TousAntiCovid Verified control application, aims to identify the passes that are used fraudulently. When a pass is entered in this list, its use, that is to say having it scanned during an activity or at his place of work will trigger a signal. On the TousAntiCovid application, this results in a message specifying that this pass “seems to be used fraudulently”.

An upsurge in fraud

This Cnil opinion was issued, according to the words that she uses, “in a hurry […] given the seriousness of the health consequences it entails and the growing number of frauds. “

For example, last week a young man was arrested who presented Emmanuel Macron’s health pass. The QR code of the President of the Republic had indeed leaked online a month ago, shortly after that of his Prime Minister, Jean Castex.

If the number of fraudulent health passes circulating in nature is difficult to assess, the Health Insurance estimated it at at least 36,000 at the end of September.

Leave a Comment