anonym.legal

By · Last updated 2026-06-05

Rudi kwa BlogGDPR & Ufuatiliaji

CNIL Ufaransa: Utiifu wa Kiufundi wa GDPR

CNIL ilishughulikia malalamiko 16,433 mwaka 2023 na ilitoa faini za €150M+ tangu 2019. Mwongozo wake wa AI unaamrisha kutokujulikana kwa hati kwa data ya mafunzo.

June 5, 20267 dakika kusoma
CNIL FranceFrench GDPRAI anonymizationFrench data protectionprivacy by design

CNIL Ufaransa: Utiifu wa Kiufundi wa GDPR

Mdhibiti Mkali Zaidi wa Faragha wa Ufaransa

chombo cha data cha Ufaransa ni CNIL. Huweka sheria za faragha za kina zaidi za EU. Wadhibiti wengi wa EU huandika mwongozo mpana. CNIL huzidi zaidi. Huchapisha maelezo halisi ya kiufundi yanayoitwa recommandations. Hizi hufafanua utiifu wa kweli wa GDPR unavyoonekana vipi.

Wadhibiti wengine wa EU mara nyingi huiga kazi ya CNIL. Maandishi muhimu yanajumuisha Guide pratique de l'anonymisation ya 2023 na mwongozo wa AI wa 2024.

Nambari zinaonyesha wakala ni amilifu. Ilishughulikia malalamiko 16,433 mwaka 2023. Hilo ni ongezeko la 43% kuliko 2022. Imetoa takriban €150 milioni katika faini za GDPR tangu utekelezaji ulianza.

Mafunzo ya AI: Aina Sita za Rekodi za Kusafisha

Mwongozo wa AI wa CNIL wa 2024 unafaa kwa upana. Unafunika kikundi chochote kinachofunza AI kwenye rekodi za kibinafsi za Kifaransa. Pia unafaa kwa wanaohudumia watumiaji wa Kifaransa kwa zana za AI.

Wakala unaorodhesha aina sita za rekodi zinazohitaji kusafishwa kabla ya mafunzo ya AI:

  1. Identifiants directs (vitambulisho vya moja kwa moja): Majina, anwani, nambari za kitambulisho. Viondoe au vibadilishe kabla ya mafunzo.
  2. Identifiants quasi-directs (vitambulisho vya karibu vya moja kwa moja): Makundi ya sifa zinazokuruhusu kutambuliwa upya. Tumia ukaguzi wa k-kutokujulikana.
  3. Données sensibles (aina maalum): Rekodi za afya, bayomikrobiolojia, kisiasa, na imani. Tenga na vidhibiti vilivyoongezwa.
  4. Données comportementales (rekodi za matumizi): Historia ya kuvinjari na mifumo ya matumizi. Unganisha au funika hizi.
  5. Données inférées (sifa zilizochimbua): Ishara zilizotokana na AI kutoka matumizi. Tumia vikwazo vya madhumuni.
  6. Données relatives aux mineurs (rekodi za watoto): Rekodi zozote zinazohusiana na watu chini ya miaka 15. Fanya ukaguzi wa umri na tumia usafishaji imara.

Unatumia LLM zilizofunzwa kwenye maudhui yaliyokwanguliwa? Unahitaji uthibitisho uliondikwa. Onyesha kwamba rekodi zako za mafunzo zilipitiwa na kusafishwa. Angalia mwongozo wetu wa utiifu wa GDPR kwa maelezo ya upeo.

Mwongozo wa Kutokujulikana: Kanuni za Msingi

Mwongozo wa 2023 ndio maandishi ya kina zaidi ya EU kuhusu mada hii. Huweka kiwango cha kile kinachohesabiwa kwa kweli bila jina.

Mbinu zilizoidhinishwa:

  • k-kutokujulikana — kila rekodi inafanana na angalau k-1 nyingine
  • l-utofauti — sifa nyeti zinatofautiana ndani ya kila kikundi
  • Faragha tofauti — kelele zinaongezwa kwenye takwimu za matokeo
  • Pseudonymization — hatua ya kupunguza hatari, si kutokujulikana halisi

Rekodi zinazohitajika:

Kwa kila shughuli inayotumia usafishaji, CNIL inategemea fiche d'anonymisation (rekodi ya kutokujulikana). Lazima ijumuishe:

  • Mbinu iliyotumiwa na mipangilio yake muhimu (thamani ya k, thamani ya epsilon)
  • Matokeo ya ukaguzi wa hatari ya kutambuliwa upya
  • Njia ya uthibitishaji (majaribio au mapitio ya nje)
  • Mtu anayehusika na tarehe ya mapitio

Ukaguzi wa hatari ya kutambuliwa upya:

Kabla ya kuweka alama kwa rekodi kama bila jina, fanya ukaguzi rasmi. Uliza: je, mtu mwenye msukumo anaweza kutambua upya hili? Angalia ni seti gani za data za ziada zilizopo. Fikiria muktadha kamili.

PII ya Kifaransa: Zana Zako Lazima Zipate Nini

Sheria za Kifaransa zinahitaji mfumo wa PII wa lugha ya Kifaransa. Zana zako lazima zitambue aina za vitambulisho maalum vya Kifaransa.

Vitambulisho muhimu vya kufunika:

  • NIR: Tarakimu 15 (msingi 13 + ufunguo wa tarakimu 2). Hii ni Nambari ya Usalama wa Jamii ya Kifaransa.
  • Nambari ya carte vitale: Kitambulisho cha kadi ya bima ya afya.
  • SIRET/SIREN: Vitambulisho vya biashara vinavyopatikana katika faili za kibinafsi.
  • Numéro d'ordre professionnel: Nambari za daftari kwa madaktari, mawakili, na wahasibu.
  • CNI (Carte nationale d'identité): Nambari ya kadi ya kitambulisho cha kitaifa cha Kifaransa.

Modeli za NER za Kifaransa lazima zishughulikie mifumo ya majina ya Kifaransa. Hizi zinajumuisha majina ya pamoja (Jean-Pierre), chembe (de, du, des), na majina ya familia yenye kistari. Angalia mwongozo wetu wa utambuzi wa PII wa lugha nyingi jinsi ya kufunika maeneo yote.

Utekelezaji: Kinachopata Faini

Faini za wakala hufuata mfumo wazi. Hulenga vidhibiti vya kiufundi vilivyokosekana. Mchakato mbaya peke yake mara chache ndiyo tatizo kuu.

Clearview AI — Faini ya €20M (2022): Kampuni ilisindika rekodi za bayomikrobiolojia za watu wa Kifaransa bila msingi wa kisheria. Rekodi zilikwanguliwa kutoka vyanzo vya umma vya wavuti. Kesi hiyo ilithibitisha: ukwanguaji mkubwa wa wavuti kwa mafunzo ya AI unahitaji msingi halisi wa kisheria.

TikTok — uchunguzi ulioanzishwa 2024: Ulilenga mifumo inayoweza kuchimbua aina nyeti kutoka ishara za matumizi. Njia hii sasa ni rejeleo la EU kwa ukaguzi wa AI.

Mapitio ya AI ya kizazi (2024-2025): Wakala ulipitiwa wauzaji wa LLM nchini Ufaransa. Ulilenga asili ya maudhui ya mafunzo. Wauzaji wasio na rekodi sahihi walilazimika kuongeza vidhibiti.

Hatua Nne za Utiifu wa CNIL

Unashughulikia rekodi za kibinafsi za Kifaransa? Unahitaji mambo manne yaliyopo.

1. Rekodi ya kutokujulikana kwa kila shughuli

Kila shughuli inayotumia usafishaji inahitaji rekodi yake. Kumbuka mbinu, mipangilio yake, matokeo ya hatari, na tarehe ya mapitio.

2. Kumbukumbu za usindikaji wa awali kwa AI

Kumbukumbu ni zana gani ya utambuzi wa PII uliyotumia. Kumbuka ni aina gani za viumbe ilizipata. Rekodi kilichoondolewa au kufunikwa. Weka kumbukumbu hizi tayari kwa ukaguzi.

3. Mfumo wa PII wa lugha ya Kifaransa

Hakikisha zana yako inapata nambari za NIR, carte vitale, na CNI. Jaribu modeli yako ya Kifaransa ya NER kwenye majina halisi ya Kifaransa. Kumbuka mapengo yoyote. Rekodi vidhibiti ulivyoviweka kuvisuluhisha.

4. Rekodi za asili kwa maudhui ya mafunzo

Kwa maudhui yaliyokwanguliwa: hifadhi ukaguzi wa usafishaji wa chanzo. Kwa rekodi za mtumiaji: hifadhi mchakato wa usafishaji wa mtumiaji. Muhtasari wetu wa utiifu wa usalama unaonyesha jinsi hii inavyoingia katika mkano mpana wa ulinzi.

Makundi yenye rekodi nzuri huendelea kupitia ukaguzi haraka. Jenga faili yako sasa. Usisubiri ukaguzi kuanza.

Vyanzo

Makala Zinazohusiana

GDPR & Ufuatiliaji

Japan My Number: Verhoeff & APPI

63% of generic tools fail My Number detection in Japanese documents. My Number uses Verhoeff algorithm — the most complex national ID checksum in Asia.

GDPR & Ufuatiliaji

HDPA Greece: AFM & AMKA Detection

Greek AFM detected with 52% accuracy by generic tools. HDPA issued 89 decisions in 2024 — up 162% from 2022. Tourism and maritime sectors face distinct.

GDPR & Ufuatiliaji

NAIH Hungary: TAJ-Szám and Adóazonosító Jel

Hungarian NER accuracy is 67% vs. EU average 82% — NAIH's 2024 assessment. TAJ-szám weighted checksum and adóazonosító jel detection gaps.

Tayari kulinda data yako?

Anza kuanonymisha PII na aina 285+ za vitu katika lugha 48.

Anza Jaribio la BureTazama Vipengele

About this page

We update this page when our platform or the law changes.

Read our founder note for how we work.

Each change shows up in the timestamp at the top.

Related reading

We follow these rules

  • GDPR (EU 2016/679).
  • ISO/IEC 27001:2022.
  • NIS2 (EU 2022/2555).
  • HIPAA safe harbor under 45 CFR § 164.514(b)(2).

Our promise

We do not sell your data.

We do not train models on your text.

We store your files in Germany.

You can delete your account at any time.

You own your work.

Where we run

Our servers live in Falkenstein, Germany.

We use Hetzner. They hold ISO 27001 certification.

All data stays in the EU.

Backups run every day.

Need help?

Email support@anonym.legal.

We reply within one business day.

How we test

We run a full check suite on every release.

Each surface gets its own sweep script and report.

Human reviewers spot-check the output each week.

We track recall and precision on a labelled set.

Bad runs block the deploy.

What we never do

  • We never sell your information to third parties.
  • We never train models on what you upload.
  • We never keep your work after you delete it.
  • We never share keys with any outside firm.
  • We never run ads inside the product.

Plans in plain words

We sell credits, not seats.

One credit covers one short job.

Long jobs use a few credits each.

You can top up at any time.

Unused credits roll over each month.

Read the plans page for current rates.

Who built this

A small team of engineers and lawyers built this.

We ship from Europe and work in the open.

Our founder note spells out why we started.

Where to start

How the parts fit

A browser add-on cleans text inside Chrome.

A Word plug-in handles drafts in Office.

A small desktop tool works on whole folders.

An agent protocol link feeds large models safely.

All four share one core engine and one rule set.

Words from our team

We started this work after a lunch about cookies.

One friend kept getting odd ads on her phone.

We asked why a court file leaked through a draft.

We sketched the first build on a napkin that week.

By month three we had a tiny demo for a friend.

She used it on her first case the next day.

Common questions we hear

Can the tool read scanned PDFs? Yes, with OCR.

Does it work on long files? Yes, in small chunks.

Can I roll my own rule set? Yes, save it as a preset.

Does it run offline? The desktop build runs offline.

Do you keep my files? No, the cloud build wipes after each run.

Will it learn from my work? No, we never train on inputs.

A short tour of the workflow

Upload a file or paste a snippet of prose.

Pick the entities you want gone from the draft.

Choose a method: replace, mask, hash, encrypt, or redact.

Press run and watch the side panel show each hit.

Skim the result and tweak any rule that misfired.

Save the cleaned file or send it to a teammate.