Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
France: CNIL requests public comments on draft recommendation on multi-factor authentication
On March 28, 2024, the French data protection authority (CNIL) requested public comments on a draft recommendation on multi-factor authentication (MFA).
In particular, CNIL highlighted that the recommendation aims to address:
- the conditions under which the use of MFA is a legal obligation or just appropriate;
- compliance with principles of the General Data Protection Regulation (GDPR) regarding the use of MFA, such as the legal basis of processing, data minimization, retention periods, and data subject rights;
- relevant qualifications for actors providing MFA tools; and
- the methods for using MFA.
Notably, CNIL clarified that the recommendations are not intended to develop general processes related to identity and access management, but MFA more specifically, and contains practical examples related to MFA and integrating it with privacy by design.
Public comments may be submitted here until May 31, 2024.
You can read the press release, only available in French, here.