The CNIL’s Missions

16 April 2024

Informating individuals & Protecting their rights

The CNIL responds to requests from individuals and professionals. It carries out communication actions towards the general public and professionals, through its networks, the press, its website, its presence on social media or by providing educational tools.

When receiving a complaint, the CNIL generally discusses the facts reported by the complainant with the controller or processor. In case of infringement, the CNIL asks the data controller to comply and respect the rights of individuals.

47,111
calls answered
15,388
requests by electronic means processed
11.8
million visits on CNIL's websites (cnil.fr and linc.cnil.fr)
16,433
complaints

 

Supporting compliance & Advising

In order to help private and public organizations to comply with the RGPD, the CNIL offers a complete toolbox adapted to their size and needs.

The CNIL ensures that they find solutions that allow them to pursue their legitimate objectives in strict compliance with the rights and freedoms of individuals.

96,097
organisations appointed a DPO
34,250
DPO appointed
31
parliamentary hearings
520
cases processed in health and research

Anticipating & Innovating

As part of its innovation and foresight activities, the CNIL maintains a dedicated watch in order to detect and analyse technologies or new uses that could have a significant impact on privacy. Its laboratory experiments innovative products or applications. Thus, the CNIL contributes to the development of technological solutions that protect privacy by advising companies as early as possible in the process (privacy by design).

CNIL is also involved in stimulating social debate on ethical issues surrounding data, and acts as a point of contact and dialogue with digital innovation ecosystems (researchers, startups, laboratories).

Privacy Research Day international conference
76
contributions received
4,439
attendants (on site and online)

 

Investigations & sanctions

Investigations are effective means of intervention with data controllers and their data processors, allowing for the CNIL to verify the concrete implementation of the GDPR and the law.

The decision to carry out an investigation is made on the basis of complaints received by the CNIL, current events, and an annual programme regarding topics for which a data protection issue has been identified.

At the end of the investigations carried out by the departments, the Chair of the CNIL may decide, depending on the the seriousness of the breaches found, to close the case or issue a formal notice.

The Chair of the CNIL may also refer the matter to the CNIL’s restricted committee in order to issue a financial penalty on the organisation. Corrective measures may be published.

340
investigations
including 128 online, 157 on site, 38 document-based et 31 hearings.

The CNIL supports the development of new technologies on a daily basis and takes part in the construction of a digital ethic.

Beyond raising awareness and sharing information on data protection culture, the CNIL has an advisory power, an onsite and offsite investigatory power as well as an administrative sanctioning power.

It has established and coordinates the network of Data Protection Officers.

The CNIL analyses the consequences of new technologies on citizens’ private life.

Finally, it collaborates closely with its European and international counterparts.

A bit of History

Back in the seventies, the French Government announced a plan designed to identify each citizen with a specific number and, using that unique identifier, to interconnect all government records.

This plan, known as SAFARI, led to great controversy in the public opinion. It underlined the dangers inherent to certain uses of information technology and aroused fears that the entire French population would soon be recorded in files. This fear led the Government to set up a commission mandated to recommend concrete measures intended to guarantee that any developments in information technology would remain respectful of privacy, individual rights and public liberties.

After broad debates and public consultation, this “Commission on Information Technology and Liberties” recommended that an independent oversight authority be set up. Such was the purpose of the January 6, 1978 Act creating the “Commission Nationale de l’Informatique et des Libertés” (CNIL).

2023 Annual report

General information and protection of individual’s rights, compliance support and advising, anticipation and innovation, investigations and sanctions: five years after the GDPR entered into application, the CNIL reviews the highlights of 2023, marked by a record number of complaints received and a rethought support policy.

Download the report

2022-2024 strategic plan

The CNIL is structuring its new 2022-2024 strategic plan around three key themes for a trusted digital society: promoting respect for rights, promoting the GDPR as an asset and targeting regulation for high-stake issues.

Download the strategic plan