How to guarantee the security of the data of the “notebooks” of the restaurants?

0
3
How to guarantee the security of the data of the


Video: European justice update on massive collection of connection data (Euronews)

Focus of the European justice system on the massive collection of connection data

NEXT VIDEO

NEXT VIDEO



To facilitate the search for contact cases of Covid-19, restaurateurs located in the maximum alert zone must install a "reminder notebook" to list the customers who eat in the establishment. A tool that can take several forms but questions the protection of personal data. The CNIL published a guide to good practices on Wednesday.


© Christophe ARCHAMBAULT / AFP
To facilitate the search for contact cases of Covid-19, restaurateurs located in the maximum alert zone must install a “reminder book” to list the customers who eat in the establishment. A tool that can take several forms but questions the protection of personal data. The CNIL published a guide to good practices on Wednesday.

Since Monday, in Paris, Marseille and in all the other cities of the six departments on maximum alert, restaurateurs are required to install a “reminder book”. This tool, which can take several forms (notebook, form, software) allows customers to enter their name and phone number in order to be called back in the event of a case of Covid being detected. Necessary to combat the spread of coronavirus, however, this “reminder book” poses a concern for the management of personal data. The CNIL, guarantor of the application of the General Data Protection Regulation, has established safeguards.

>> Find Europe Matin in replay and podcast here

Favor an individual form rather than a notebook

In a note, the National Commission for Informatics and Liberties draws up a list of instructions to be followed for restaurateurs in order to guarantee the security of data provided by customers. First, they must be “informed of the purpose of this collection and the rights they have regarding their data”. As the obligation is only valid in the maximum alert zone, not all establishments are concerned, hence the need for a reminder when customers arrive, either orally by the manager or the manager. server, or via a poster.

Concerning the notebook itself, the Cnil asks to avoid the free-access notebook, where everyone writes their name and telephone number themselves… and can in the process see those of previous customers. Instead, she recommends an individual form to be completed at her table, or that the restaurateur himself completes upon arrival (a model is available on the Cnil website). Form which must then “be kept in a secure place and not be left in sight of all customers”. For establishments that have opted for a digital system (software, QR Code), the data must be protected with a “robust” password and especially not stored on a USB key.

Data for strictly health purposes

The census of customers is also supervised by the Cnil on the merits. “The data to be collected must be limited to the identity of the person (surname / first name) as well as to a single means of contact (telephone number): it is forbidden to collect any further data”, she writes on her site. The restaurateur must note the time of arrival and departure. On the other hand, he is not entitled to claim an identity document, it is up to the customer to show honesty. In addition, contact information should only be kept for 14 days. Beyond that, they must be removed or destroyed.

Finally, the data provided by customers can only be used in a health setting, when they are requested by health authorities for the purpose of tracing contact cases. Restaurant owners are prohibited from using it to formulate promotional offers or for personal purposes. In the event of abuse, customers are invited to contact the Cnil.

LEAVE A REPLY

Please enter your comment!
Please enter your name here