"To protect personal data, support innovation, preserve individual liberties"


Role and responsibilities

To inform, to advise, to educate

The CNIL has been entrusted with the general duty to inform people of the rights that the data protection legislation allows them. It tries to reach out to the general public, either through the press, through its internet site, appearing on social network sites or by providing teaching tools.

Directly accessed by many organisations, companies or institutions to help them carry out training programmes and programmes to raise awareness of the data protection legislation, the CNIL is involved also in seminars, fairs and conferences to provide information and at the same time to obtain information. The public information and guidance section deals with requests from private individuals and professionals and records all the preliminary formality cases.

As a means of asserting its expert opinion, the CNIL suggests to the government legislative and regulatory measures that may adapt protection of freedoms and privacy to fit in with technological developments. The government consults the CNIL before passing on to Parliament draft legislation relating to data protection.The CNIL advises personal data controllers on their obligations, and it trains the data protection officers and offers them a special service, via a dedicated extranet.

To protect

Everyone can contact the CNIL when they find it difficult to exercise their rights. The CNIL will ensure that citizens can access in an effective way data contained in any data processing operations that may affect them.

To regulate and control

The CNIL drafts and publishes, after receiving if applicable the proposals put forward by the representatives of the representative organisations, standards aimed at simplifying the disclosure requirement. 

In the case of data processing or the most current and least dangerous personal data files, the CNIL will draft text frames to which personal data controllers must refer in order to complete the simplified reporting formalities or be exempt from them. 

“Risky” or sensitive data processing is subject to approval from the CNIL or to CNIL’s view. The file managers who do not comply with these formalities are subject to administrative or criminal penalties. 

To inspect and impose penalties

The CNIL supervises compliance with the law, by inspecting IT systems and applications. The Commission uses its inspection and investigation powers to investigate complaints, improve its knowledge of some specific files, better appreciate the implications of using IT in some sectors, and following up on its deliberations.

The CNIL also monitors the security of information systems by checking that all precautions are taken to prevent the data from being distorted or disclosed to unauthorised parties.

Assuming that the CNIL President has beforehand issued an order and that the data controller has not complied with it, the restricted -committee may order, after hearing both parties :

  • a financial penalty (except in the case of government data processing) of a maximum amount of 150,000 Euros and where similar previous offences have been committed, an amount of up to 300,000 Euros. This penalty may be made public; the administrative claims section committee may also order that its decision be included in the press, with the cost of this being met by the organisation that has incurred the penalty.The fines are collected by the Treasury and not by the CNIL.
  • an injunction to stop processing
    withdrawal of the authorisation granted by the CNIL
  • In the case of a serious and immediate violation of rights and freedoms, the president of the CNIL may ask, through an urgent court hearing, that the competent court order any necessary security measure.
  • He can also report to the Public Prosecutor of the Republic violations of the French data protection legislation.

To look ahead

Created in January 2011, the Research, Innovation and Long-term Forecasting Division was set up to develop a forward thinking approach within the CNIL. As the Resource Centre for forward looking and safeguarding for the whole of the Commission this Division, in liaison with the other Divisions and in particular the Expert’s Section, helps to identify and analyse the innovative uses of technology and its impact on privacy.

Chargement en cours...