The CNIL’s facts and figures

the cnil in the nutshell 2019

Advising and regulating

  • 362 authorizations for medical research or medical practice assessments
  • 160 deliberations including 117 opinions on draft legislation
  • 33 parliamentary hearings

Accompanying compliance

  • 64,900 organisations appointed a data protection officer (DPO)
  • 21,000 data protection officers (DPO) appointed
  • 2,287 notifications of data breaches


Protecting data subjects

  • 11,077 complaints (+ % vs 2018)
  • 4,517 requirements of indirect right of access
  • 3,573 verifications carried out

Rendering orders and issuing sanctions

  • 42 orders rendered
  • 8 sanctions of which:
    • 7 financial public sanctions
    • 5 injunctions with periodic penalty payments
    • 2 sanction dismissed



300 investigations including:

  • 53 investigations online
  • 45 investigations on parts


  • 145,913 calls received
  • 17,302 online requests received by the “need help” platform
  • 8 millions visits to

The CNIL supports the development of new technologies on a daily basis and takes part in the construction of a digital ethic.

Beyond raising awareness and sharing information on data protection culture, the CNIL has an advisory power, an onsite and offsite investigatory power as well as an administrative sanctioning power.

It has established and coordinates the network of Data Protection Officers.

The CNIL analyses the consequences of new technologies on citizens’ private life.

Finally, it collaborates closely with its European and international counterparts.

What is personal data?

Personal data is any information concerning a natural person that can directly or indirectly, potentially identify by referencing an identification number (i.e., social security number) or one or more elements that only concern a single person (i.e., first and surname, date of birth, biometric elements, digital imprint, DNA, etc.).

A bit of History...

Back in the seventies, the French Government announced a plan designed to identify each citizen with a specific number and, using that unique identifier, to interconnect all government records.

This plan, known as SAFARI, led to great controversy in the public opinion. It underlined the dangers inherent to certain uses of information technology and aroused fears that the entire French population would soon be recorded in files. This fear led the Government to set up a commission mandated to recommend concrete measures intended to guarantee that any developments in information technology would remain respectful of privacy, individual rights and public liberties.

After broad debates and public consultation, this “Commission on Information Technology and Liberties” recommended that an independent oversight authority be set up. Such was the purpos of the January 6, 1978 Act creating the “Commission Nationale de l’Informatique et des Libertés” (CNIL).