CNIL publiskes recommendation on data sharing with APIs
The French data protection authority, CNIL, has taken a proactive step towards safer data sharing practices. In light of the increasing trend of data sharing between administrations, private organizations, and individuals, the CNIL recognizes the value of application programming interfaces (APIs) in ensuring personal data protection. APIs, however, should be designed, deployed, and used considering certain best practices, which CNIL is keen to foster.
CNIL’s new recommendation aims to guide organizations in their use of APIs for data sharing. It covers all types of data sharing and organizations, both public and private. The recommendation identifies situations where APIs are recommended, and provides a list of risk factors for organizations to consider in their risk analysis. This will aid in aligning them with CNIL’s guidelines for data protection.
In the recommendation, CNIL identifies three key players in data sharing via APIs: data holders, API managers, and data reusers. Each of these actors has a part to play in ensuring the protection of personal data and respecting individuals’ rights from the design phase of the processing. Specific suggestions are provided for each category to help them achieve security and compliance with data protection principles.
The recommendation, which was developed after consultation and feedback from 24 organizations, is a comprehensive guide for all concerned players. CNIL encourages all to understand and implement the outlined measures to comply with legal obligations. The CNIL will soon publish additional content on its website to specify cases where the recommendations are applicable.
Source: The CNIL publishes a technical recommendation on data sharing by API
