The CNIL has been entrusted with the general duty to inform people of the rights that the data protection legislation allows them. It tries to reach out to the general public, either through the press, through its internet site, appearing on social network sites or by providing teaching tools.
Directly accessed by many organisations, companies or institutions to help them carry out training programmes and programmes to raise awareness of the data protection legislation, the CNIL is involved also in seminars, fairs and conferences to provide information and at the same time to obtain information. The public information and guidance section deals with requests from private individuals and professionals and records all the preliminary formality cases.
As a means of asserting its expert opinion, the CNIL suggests to the government legislative and regulatory measures that may adapt protection of freedoms and privacy to fit in with technological developments. The government consults the CNIL before passing on to Parliament draft legislation relating to data protection.The CNIL advises personal data controllers on their obligations, and it trains the data protection officers and offers them a special service, via a dedicated extranet.
Everyone can contact the CNIL when they find it difficult to exercise their rights. The CNIL will ensure that citizens can access in an effective way data contained in any data processing operations that may affect them.
The CNIL drafts and publishes, after receiving if applicable the proposals put forward by the representatives of the representative organisations, standards aimed at simplifying the disclosure requirement.
In the case of data processing or the most current and least dangerous personal data files, the CNIL will draft text frames to which personal data controllers must refer in order to complete the simplified reporting formalities or be exempt from them.
“Risky” or sensitive data processing is subject to approval from the CNIL or to CNIL’s view. The file managers who do not comply with these formalities are subject to administrative or criminal penalties.
The CNIL supervises compliance with the law, by inspecting IT systems and applications. The Commission uses its inspection and investigation powers to investigate complaints, improve its knowledge of some specific files, better appreciate the implications of using IT in some sectors, and following up on its deliberations.
The CNIL also monitors the security of information systems by checking that all precautions are taken to prevent the data from being distorted or disclosed to unauthorised parties.
After carrying out checks or complaints, the CNIL restricted-committee, composed of 5 members and a President who is separate from the CNIL President, may order various penalties:
Assuming that the CNIL President has beforehand issued a default notice and that the data processing controller has not complied with it, the restricted -committee may order, after hearing both parties:
Created in January 2011, the Research, Innovation and Long-term Forecasting Division was set up to develop a forward thinking approach within the CNIL. As the Resource Centre for forward looking and safeguarding for the whole of the Commission this Division, in liaison with the other Divisions and in particular the Expert’s Section, helps to identify and analyse the innovative uses of technology and its impact on privacy.