Created in 1978, the CNIL is an independent administrative body that operates in accordance with the data protection legislation of the 6th January 1978 as amended on the 6th August 2004. The independence of the CNIL is guaranteed on account of its composition and organisation.
The seventeen members who make up the CNIL are for the most part elected at meetings or by the authority to which they belong. The CNIL elects a President from its members. The CNIL does not receive any instructions from any single authority.
The term of office of the commissioners is 5 years or, in the case of the parliamentarians, as long as their electoral mandate lasts.
The members of the CNIL meet at plenary sessions once a week to discuss an agenda drawn up by its President. An important part of these meetings is devoted to the examination of draft legislation and regulations which have been submitted to the CNIL for its opinion by the government. The CNIL also authorises extremely sensitive data processing, and included in this is processing that enlists the help of biometrics. The CNIL analyses the effects of new technology on one’s privacy.
Since the Act of the 6th August 2004, the CNIL select -committee, composed of 5 members and of a President who is separate from the President of the CNIL, may order various penalties to be imposed on those who are responsible for the processing of data that does not comply with the law. The financial penalty may come to 300,000 Euros. These financial penalties may be made public.
Back in the seventies, the French Government announced a plan designed to identify each citizen with a specific number and, using that unique identifier, to interconnect all government records.
This plan, known as SAFARI, led to great controversy in the public opinion. It underlined the dangers inherent to certain uses of information technology and aroused fears that the entire French population would soon be recorded in files. This fear led the Government to set up a commission mandated to recommend concrete measures intended to guarantee that any developments in information technology would remain respectful of privacy, individual rights and public liberties.
After broad debates and public consultation, this “Commission on Information Technology and Liberties” recommended that an independent oversight authority be set up. Such was the purpose of the January 6, 1978 Act creating the “Commission Nationale de l’Informatique et des Libertés” (CNIL).