Missions and powers

• To inform
• To guarantee the right of access
• To advise
• To keep an inventory of current processing operations
• To be vigilant
• To inspect
• To regulate

A mission of information and assistance for individuals in the exercise of their rights:

The CNIL receives claims and complaints from individuals and intervenes with the organisations concerned.

The CNIL ensures that the methods used to implement an individual’s statutory right to access his/her data on files do not impair the free exercising of that right. It holds the specific competence to access State security, defence and public security files, including those of the security branch of the police force and investigation police department, on behalf of citizens.

A mission of advice and consultation :

The CNIL responds to all the requests for advice it receives;
It adopts recommendations for a correct implementation of the law (28 recommendations to date on the most varied subjects: telephone auto-commutators, consumer credit, polls and surveys, CCTV, use of files for political communication purposes, medical research, health websites, diffusion of nominative judicial decisions on the Internet, etc.);
It promotes the adoption of professional rules of good conduct or codes of deontology in various professional sectors (direct marketing, call centres, mass marketing).

“Sensitive” data processings are subject to the CNIL’s authorisation. It issues an opinion on public processings using the national person identification number. It is only notified for all other categories of processings. Data controllers which fail to comply with those formal requirements may be liable to administrative or criminal sanctions.

The CNIL makes the “file of files” available to the public, i.e. a list of notified files and their main characteristics.

A mission of expertise and technological watch :

The CNIL keeps itself informed of the evolution of technical processes; it draws up reports which are submitted to public consultation (files for combating fraud in matters of consumer credit, advertising via email, biometric recognition technologies, the Internet and minors, cyber-surveillance in the workplace, etc.);
It proposes to the government all the necessary legislative or regulatory measures for adapting the protection of rights and liberties to the evolution in technologies.

The CNIL supervises compliance with the law, by inspecting IT systems and applications. The Commission uses its inspection and investigation powers to investigate complaints, improve its knowledge of some specific files, better appreciate the implications of using IT in some sectors, and following up on its deliberations.

The CNIL also monitors the security of information systems by checking that all precautions are taken to prevent the data from being distorted or disclosed to unauthorised parties.

The CNIL may pronounce different types of sanctions : warnings, injunctions, financial sanctions up to €300.000, orders to stop processing operations. The Chairman may also file a petition in court to order any necessary measure. He can, on behalf of the Commission, report breaches of the law to the Prosecutor.

No public file may be implemented without a favourable opinion of the CNIL:

if the decision is unfavourable, the file can only be implemented if the Council of State hands down a positive opinion ;
The CNIL can, on its own initiative or following a complaint by an individual, carry out an audits on the spot concerning any file (it carries out approximately fifty audits a year);
in case of offences, the CNIL may issue warnings to the persons responsible for the files or inform the Public Prosecutor of any offences it has knowledge of.