The CNAF's Scoring Algorithm Under Attack for Discrimination and GDPR Violations

Fifteen associations, including La Quadrature du Net and Amnesty International France, have filed a petition with the Council of State against this tool designed to detect fraud.

On October 16, 2024, 15 organizations filed a petition with the Council of State against the scoring algorithm of the Caisse Nationale des Allocations Familiales (CNAF). According to them, its use induces discriminatory practices and violates the GDPR. Among these entities are La Quadrature du Net, Amnesty International France, the National Association of Social Service Assistants, and the Lawyers’ Union of France (SAF).

The CNAF uses this algorithm to assess the risk of an applicant engaging in fraud, relying on its conclusions to initiate audits. However, to generate these scores, the algorithm does not base its assessments on suspicious behaviors but rather on personal characteristics such as age or family situation. The 15 associations consider these practices to be discriminatory.

Two additional aspects of the algorithm lead them to believe it fails to comply with the GDPR. First, the amount of data collected is disproportionate to its intended purpose. The algorithm processes information on over 32 million people, yet only about 90,000 audits are conducted each year.

Furthermore, the scoring system would violate Article 22 of the GDPR, which prohibits “fully automated individual decision-making based on personal data processing.” The European Court of Justice also ruled on December 7, 2023, that a similar scoring system, used by a German credit company, was contrary to the GDPR.

Based on these shortcomings, La Quadrature du Net sent a request to the CNAF’s director in July 2024, seeking the abolition of this algorithm. The lack of response prompted the associations to take the matter to the Council of State, which will now rule on the case.