CNIL commissioners hold plenary and sanction committee sessions once a week, on an agenda prepared by its Chairman.
A large number of meetings is dedicated to reviewing bills and decrees submitted to the CNIL by the Government.
The CNIL also authorizes the implementation of sensitive records, such as those containing biometric data.
Since the adoption of the August 6, 2004 Act, the commission’s Sanction Select Committee, comprising six members, may issue sanctions ranging from warnings to maximum fines of €300,000 against data controllers failing to comply with the law.
Back in the seventies, the French Government announced a plan designed to identify each citizen with a specific number and, using that unique identifier, to interconnect all government records.
This plan, known as SAFARI, led to great controversy in the public opinion. It underlined the dangers inherent to certain uses of information technology and aroused fears that the entire French population would soon be recorded in files. This fear led the Government to set up a commission mandated to recommend concrete measures intended to guarantee that any developments in information technology would remain respectful of privacy, individual rights and public liberties.
After broad debates and public consultation, this “Commission on Information Technology and Liberties” recommended that an independent oversight authority be set up. Such was the purpose of the January 6, 1978 Act creating the “Commission Nationale de l’Informatique et des Libertés” (CNIL).