It’s around five in the afternoon. on Thursday, October 23, when Prime Minister Sébastien Lecornu holds a press conference in Romainville, after a visit to the headquarters of the National Directorate of Tax Investigations and the Directorate of National and International Audits. On site he met with the agents mobilized in the fight against tax fraud and, more broadly, against all frauds to public finances.
This trip comes after the presentation, the previous week, of a bill aimed at strengthening the fight against social and tax fraud, estimated at “20 billion euros detected by State services”, according to Matignon. The executive demands the creation of “an unprecedented and more dissuasive legal arsenal” and intends to recover “an additional 2.5 billion euros” starting next year, for the benefit of the State and social organizations.
This stroke of financial luck comes at the right time when the Government seeks to close the budget and keep the public deficit below 5% of GDP between now and 2026. To achieve this, the strategy is based on three axes: “detect, sanction and recover.” The current priority is detection, with greater data exchange between administrations, greater access to fiscal and social information and the introduction of geolocation to better control certain medical transports.
Only this is not the first time that politicians are interested in grouping certain files together in the name of the fight against fraud. With greater or lesser success.
In fact, French law does not outright prohibit the pooling or cross-referencing of large data files, but frames it under strict principles: the Data Protection Law (1978, since revised) and the GDPR (General Data Protection Regulation) require that any processing, including cross-linking or centralization of databases, public or private, be limited to precise, legitimate and proportionate purposes.
Several parliamentary speakers, as well as members of the Senate joint committee, also supported legislative measures that allow the crossing of files and the automated exchange of data to improve the fight against fraud. But the National Commission for Information Technologies and Freedoms (CNIL) is often pointed out as a possible obstacle to the implementation of some of these measures.
The CNIL, a false culprit?
A publication by the Foundation for Research on Administrations and Public Policies (Ifrap) is particularly critical of the role of the CNIL. “In May 2023, the government presented its plan to combat social fraud, in particular by creating a Tax and Social Fraud Evaluation Council starting in the summer and investing one billion euros to modernize information systems. The problem is that two of the key measures of the plan, the merging of the identity document and the vital card and the consultation of air passenger files, are blocked by the CNIL,” launches the foundation.
Before adding: “This is not the first time that the CNIL has blocked anti-fraud reforms in the name of data protection: an attitude that raises questions, while other European countries, Belgium and Portugal in particular, have managed to validate these projects while respecting European data protection legislation (GDPR).” Contacted by Tech & Co, Ifrap did not respond to our emails.
But then, is the CNIL really an obstacle to the fight against tax fraud? Although some political and media actors sometimes present it as an obstacle, the institution itself firmly questions this vision. According to her, her role is not to block control systems, but to ensure that they respect the legal framework and the protection of personal data.
“Sometimes we hear that the CNIL blocks the fight against fraud, but this is false. The CNIL is not Parliament, it does not approve laws. It gives opinions on draft texts, but it cannot prohibit or impede a system. At best, it alerts, advises or requests adjustments, for example, to better inform people or reduce the volume of data collected,” Thomas Dautieu, director of legal support at the CNIL, explains to Tech & Co.
Balance between efficiency and respect for privacy
“When we hear: ‘the CNIL is against it’, it is often an abuse of language. In reality, it is the texts that do not allow it. But it is easier to say ‘the CNIL blocks it’ than to explain that a certain article of the Tax Code or the Monetary and Financial Code does not allow it,” he adds. For the commission, it is above all about ensuring a balance between effectiveness in the fight against fraud and respect for the fundamental rights of citizens.
“If this balance is not respected, we can make serious mistakes, for example unfairly depriving someone of a social benefit,” complains Thomas Dautieu. An example that doesn’t seem so far away. In the Netherlands in 2013, public services implemented an algorithmic system to detect errors and fraud in child benefit applications.
Aided by this algorithm, the Dutch tax administration has plunged tens of thousands of families into misery, particularly mothers of foreign origin, unfairly demanding astronomical sums from them. The Netherlands was then unable to repair the damage caused. “This is usually the type of drift we should avoid.”
Data at the center of the game
In addition to this issue raised, the issue of hacking of tax data is also raised. “The more files are merged or crossed, the more tempting the target becomes for attackers, because there is more precise data on more people,” explains Thomas Dautieu.
However, the idea of a “single large file” that centralizes all this information is far from realistic. “Saying ‘we are going to create a single large archive and everyone will benefit from it’ is contrary to the logic of the GDPR. Each administration has its own needs. And, honestly, not even administrations ask for such an archive: it would be unmanageable, risky and ineffective,” concludes Thomas Dautieu.
The proposed solution would therefore be ineffective, risky from a security point of view and dangerous for our freedoms, which the CNIL defends and which our representatives should defend… So why do politicians continue to wave the name of the CNIL like a scarecrow?
Source: BFM TV
