The CNIL’s facts and figures

the cnil in the nutshell 2019

Advising and regulating

  • 322 authorizations to transfer data outside of the eu
  • 360 authorizations for medical research or medical practice assessments
  • 342 deliberations of which:
    • 120 opinions on draft law
    • 110 authorizations

Accompanying compliance

  • 39 500 organisations appointed a data protection officer (DPO)
  • 16 000 data protection officers (DPO) appointed
  • 1 170 notifications of data breaches


Protecting data subjects

  • 11 077 requirements + 32,5 %
  • 4 264 requirements of indirect right of access
  • 6 609 verifications carried out

Rendering orders and issuing sanctions

  • 48 orders rendered
  • 11 sanctions of which:
    • 9 financial public sanctions
    • 1 secret warning
    • 1 sanction dismissed



310 investigations of which:

  • 204 investigations on site
  • 51 investigations online
  • 51 investigations on parts
  • 4 auditions


  • 189 877 calls
  • 16 877 online requests received by the “need help” platform
  • 8 millions visits to

The CNIL supports the development of new technologies on a daily basis and takes part in the construction of a digital ethic.

Beyond raising awareness and sharing information on data protection culture, the CNIL has an advisory power, an onsite and offsite investigatory power as well as an administrative sanctioning power.

It has established and coordinates the network of Data Protection Officers (also known as the “ Correspondants Informatiques et Libertés”).

The CNIL analyses the consequences of new technologies on citizens’ private life.

Finally, it collaborates closely with its European and international counterparts.

What is personal data?

Personal data is any information concerning a natural person that can directly or indirectly, potentially identify by referencing an identification number (i.e., social security number) or one or more elements that only concern a single person (i.e., first and surname, date of birth, biometric elements, digital imprint, DNA, etc.).

A bit of History...

Back in the seventies, the French Government announced a plan designed to identify each citizen with a specific number and, using that unique identifier, to interconnect all government records.

This plan, known as SAFARI, led to great controversy in the public opinion. It underlined the dangers inherent to certain uses of information technology and aroused fears that the entire French population would soon be recorded in files. This fear led the Government to set up a commission mandated to recommend concrete measures intended to guarantee that any developments in information technology would remain respectful of privacy, individual rights and public liberties.

After broad debates and public consultation, this “Commission on Information Technology and Liberties” recommended that an independent oversight authority be set up. Such was the purpos of the January 6, 1978 Act creating the “Commission Nationale de l’Informatique et des Libertés” (CNIL).

Document reference

Download "The CNIL in a nutshell 2019"