Nothing to hide? Here are 5 good reasons to protect your data online anyway

“Data protection doesn’t concern me, I have nothing to hide.” Perhaps that’s what you think... yet you still lock the door of your home when you leave. Not protecting your data online would be like leaving that door wide open, giving individuals the opportunity to carry out all kinds of malicious acts. Here are a few everyday examples to help understand the importance of taking care of your data on the Web.

On the internet, it’s easy to track you... with cookies

When browsing online, almost every time you access a website, you see this type of cookie banner:

Over time, you may find them annoying… and end up accepting everything without thinking. Yet these windows help you keep control over the data you share.

Sure, a saved cart or ads matching your needs may seem useful. But cookies also have a darker side, as these trackers make it possible:

• To collect and cross-reference large amounts of information about you (habits, interests, geolocation…)
• Sometimes to resell your data to third parties — which may lead to spam.
• For companies to adapt their marketing strategies based on user behavior. A vulnerable person (for example, someone feeling depressed) who sees targeted ads may end up pressured into excessive purchases.

Laurent Naigeon, creator of Wysistat (a French audience measurement tool that aims to respect personal data), notes: “We observe a consent rate of 60 to 70% depending on the site and the design of the banners. So 30 to 40% of users refuse cookies. I think that even if this banner is quite intrusive, it has been one of the essential elements that brought data protection into public debate. Yes, it’s restrictive. But how else could we have made this issue unavoidable?”

What to do right now:

Systematically refuse cookies — especially third-party cookies, which reduce the user’s control over their data. It is also recommended to regularly clean your browser by accessing its settings (Chrome, Firefox, Edge, etc.) to:

• Reset default settings and remove unwanted extensions.
• Clear browsing data: history, cookies, cache, and autofill data. Clearing options are also accessible via the shortcut Ctrl+Shift+Delete.

“Let’s increase video surveillance, our city will be safer”

Cameras help protect people and make public spaces feel safer. However, it remains essential to regulate their use, especially with the rise of “augmented” cameras. Equipped with algorithms capable of analyzing and detecting situations, silhouettes, or moving objects in real time, they can, for instance, detect the beginning of a crowd movement.

During the Paris 2024 Olympic Games, the use of these cameras was strictly regulated by the law of May 19, 2023, which limited their use in time and space. The purposes for which these cameras can be used are listed in the law, with no possibility to deviate from them. To guarantee freedom of movement and collect only strictly necessary security data, facial recognition and mood analysis were excluded.

Currently, no use of “augmented” cameras is allowed without a specific legal framework. The CNIL insists on the need for strict, proportionate, and transparent regulation to avoid misuse. It has also published its position on various uses in public spaces, for example in tobacco shops to estimate age, or in supermarket self-checkout areas to prevent theft.

If current restrictions were bypassed, the risk is that these “augmented” cameras could be used for facial recognition or social scoring — leading to a total loss of control over our data and freedoms. Such a system of rewards and penalties for citizens based on their behavior already exists in China. Citizens are assigned points that evaluate their conduct, using surveillance tools online and in public spaces.

No one in France wants generalized and automated mass surveillance. Knowing you are constantly analyzed by cameras could lead to self-censorship, and fear of expressing yourself in public spaces for fear of being penalized.

Ultimately, “augmented” cameras raise democratic issues as well as concerns for privacy and citizens’ fundamental rights. Without having anything to hide, we all want to remain free in our actions. Data protection laws exist to ensure everyone retains control over their own life.

How to access images concerning me?

If you need to view video surveillance footage (after a theft or altercation, for example), you must act quickly: recordings are usually kept for a short time. First, file a complaint so that authorities can access the footage.

If you cannot do this immediately, the best option is to use your right to restriction of processing with the Data Controller (town hall, parking manager…). This will allow the images to be kept until authorities retrieve them. They will then be able to view the footage and continue their investigation.

My data leaked — so what?

Let’s illustrate the importance of data protection with current events full of cyberattacks and leaks: Free, Orange, Bouygues, SFR… Regardless of your mobile operator, today it is highly likely that many of your data are for sale on the darknet (an unindexed part of the internet where anonymity allows illegal activities such as drug sales, weapons trafficking, and identity theft resources).

Name, surname, email, date of birth… the resale of your data carries many risks. With your IBAN, someone can open a subscription in your name and make fraudulent withdrawals. By combining your leaked data with an operator invoice to prove your address, everything becomes possible.

What to do in case of a leak?

You realize — or are informed — that your data leaked? Check your bank account regularly and change your passwords.

And on social media?

Sometimes, a data leak is not even necessary to take control of someone’s information. Social media posts are also a goldmine for malicious individuals seeking to collect your data.

For example, when leaving on holiday, avoid telling social networks how long you’ll be away or posting a photo of your house. That would be like putting a sign saying “Welcome burglars” on your front door.

More seriously, photos of children posted on a social network can easily end up on child pornographic websites — or be reused to create fake identities.

Around 50% of photos shared on child pornographic sites are posted online by parents.

I protect myself on social platforms

Set who can see your posts, for example by choosing a private profile. Also ask yourself, before posting anything, whether these photos or information could be used maliciously. Prefer instant messaging, emails or SMS to social networks for sharing photos.

At the origin of data protection law: the will to protect French citizens

In the 1970s, the French government worked on the SAFARI project, aiming to interconnect administrative files to identify every citizen with a unique number (the NIR). The project leaked to the press, raising fears of mass surveillance and large-scale profiling — which ultimately led to its abandonment.

Realizing the importance of protecting citizens’ privacy against personal data collection, the government adopted the “Informatique et Libertés” law in 1978. Its first article states:

Information technology must serve every citizen. […] It must not infringe human identity, human rights, privacy, or individual or public freedoms.

Thus, personal data protection was born from the will to accompany technological progress while setting safeguards to preserve citizens’ fundamental freedoms.

Ultimately, the question is not whether one has something to hide. But to remember that any piece of information about you can be used maliciously — and, like a rumor spreading in a schoolyard, can reach the whole world.

Losing control of your personal data can have serious consequences for you and those around you: harassment, financial damage, identity theft… So starting now, take care of yourself by protecting your data!

References:

Texts of law:

• Law No. 78-17 of January 6, 1978 on information technology, files and civil liberties
• Law No. 2023-380 of May 19, 2023 relating to the 2024 Olympic and Paralympic Games and containing various other provisions

Augmented cameras:

• CNIL – “Augmented” or algorithmic cameras in public spaces
• CNIL – Augmented cameras at self-checkout counters: how to comply with the GDPR?
• CNIL – CNIL Strategic Plan 2025–2028
• CNIL – 2024 Olympic and Paralympic Games: CNIL publishes its opinion on the draft law
• CNIL – Augmented cameras at self-checkout counters: how to comply with the GDPR? – May 6, 2025
• CNIL – “Augmented” cameras for age estimation in tobacco shops: CNIL clarifies its position
• IRSEM – Camille Bertuzzi, The new Chinese social credit policy
• Radio France – China gives good and bad points to its citizens

Data breach:

• Cybermalveillance.gouv – Data breach at Bouygues Telecom
• Cybermalveillance.gouv – Data breach at FREE
• Cybermalveillance.gouv – How to react in case of a personal data leak or breach?
• Le Monde – A data breach at SFR exposes sensitive customer information, including IBANs
• Orange – Press release: “The Orange Group announces that it filed a complaint on Monday, July 28 for an intrusion into one of its information systems”
• CNIL – Data leak on the Internet and theft of your IBAN: how to protect yourself if you are affected?

Social networks:

• France Inter – Isabelle Debré: “50% of photos on child pornography sites are misappropriated photos”
• National Consumer Institute – Posting images of your children on social networks: what are the risks?

SAFARI Project:

• INA – 1970–1980: Citizen vigilance toward the State’s large databases
• Le Monde – The SAFARI Project, the scandal that led to the creation of the CNIL

[Cover photo: Urban Vintage]