Court cases related to personal data have increased from 138 in 2020 to double in 2021. This increase confirms a trend recorded since 2019, the year in which the Presidency of the Public Prosecutor’s Office and the National Commission for the Control of Personal Data Protection (CNDP) signed a cooperation agreement. The prosecution received 60 cases since 2019, including ten in 2021, specifies its president. Hassan Daki refers to it in his latest activity report. The justice department can also intervene on its own initiative or investigate on the basis of a complaint.
Law number 09-08 on the protection of personal data allows this. The law also provides for cooperation between the justice system and the CNDP.
What are the main lines of that law?
The sworn agents of this body in charge of the protection of privacy are accompanied by judicial police officers during inspections. “Their reports are sent to the King’s prosecutor (of the court of First Instance - Lower court - ) within 5 days following the operations of research and findings of offences”, specifies article 66. The CNDP transfers its minutes to prosecutors and also informs them beforehand of the programming of an inspection mission. The public prosecutor thus makes judicial police officers (BNPJ) available to the CNDP. The latter are under the authority of this judicial institution.
Two remarks concerning protecting the privacy of 36 million citizens need to be made. First, judicial statistics do not detail the nature of the breaches of the law on personal data, nor the age, nor the gender, nor the place of residence, and even less the profession of the 275 people prosecuted in 2021. Being implicated by justice does not necessarily induce a final sentence being handed down on the person being scrutinized by the justice department. A person can thus be exonerated. This data is also missing. It provides information on the sequence of the legal process from start to finish. From accusation to conviction. Out of 234 cases, around 30 were closed in 2021. What about the other cases?
In addition, the CNDP has not yet communicated information on the legal proceedings initiated since 2019. The body in charge of privacy protection has not published an activity report since 2016.
“ (CNDP) plans to do so shortly. We are going to report on our results for the past four years (2019-2022)”, indicates one of its members on condition of anonymity.
A second remark concerning these judicial figures. Criminal law distinguishes between breaches of personal data and other offenses also committed by computer means. Breaches of personal data are governed by a special law, in particular to regulate the use of technologies, namely mailing, software, applications, databases, digital register, clocking system, facial recognition, video surveillance, and the like. Thus, the processing of private information requires prior notification or authorization from CNDP. This measure is not always respected by data controllers, in particular by the Ministry of Higher Education and the Schengen visa service provider, namely TLS Contact (see L’Economiste n°6420 of December 28, 2022).
There are also other crimes being committed electronically, in the first place, ordinary law offenses committed through the internet: there were 623 of them in 2021. Examples: falsification, fraud, theft, blackmail, sexual harassment…
Secondly, violations of the automated data processing system punishable by articles 607-3 to 607-10 of the Penal Code. These violations are related to computer crime, and consist in illegal access, tampering, deletion, or falsification of data in the information system of an administration or a company.
Faiçal FAQUIHI
