Commission Nationale de l'Informatique et des Libertés (CNIL)

What is CNIL?

The Commission nationale de l’informatique et des libertes (CNIL) is an independent French administrative body that focuses on regulating data privacy laws in France and ensuring it is applied to the collection, storage, and use of personal data. There are 17 elected members who form the commission. It was created in 1978 and functions in accordance with the French Data Protection Act.  

What is the mission of CNIL?

The mission of CNIL is to: 

• Inform individuals of their rights 
• Protect the rights of citizens 
• Regulate and advise 
• Propose and enact certifications and corporate rules that create conformity for an entire professional branch 
• Take upcoming new technologies into consideration for the upcoming uses of data 
• Inspect and intervene when data controllers may be acting outside of the law 

Additionally, it is the administrative body that responds to requests made by individuals and companies about their rights. They track regulations and warn organizations who are non-compliant. They have total authority over choosing the course of action when they encounter someone who is not adhering to data protection regulations. 

How to Comply with CNIL

The CNIL looks for organizations to follow some of these main principles: 

• Illegal forms of data collection and processing are forbidden 
• People need to be informed that their data is being collected and also must be told the purpose behind the collection of the data at or before the point of collection. 

• Perhaps the most important is the requirement that no decision is made for the user by a computer. 

It’s important for organizations to adhere to these and maintain open communication between them and their consumers. Much of the CNIL can be adhered to by maintaining similar restrictions to data processing as those outlined in the GDPR.