Regulations & Frameworks

Commission Nationale de l'Informatique et des Libertés (CNIL)

The CNIL was put in place in 1978. In the case of the constant updating of technology, France wanted a committee to serve in the protection of personal data.

It's an independent French advisory authority whose sole purpose is to ensure that the processing of personal data is done in a way that protects the user and their personal interests. They apply regulations on the collection, processing, and storage of personal data.

Fines for infringements on personal data are based on the size and severity of the infringement. The independent body registers the setup of information systems within any French territories to track and warn organizations if any infringements occur.

Last Updated: April 1, 2020


What is CNIL?

The Commission nationale de l’informatique et des libertes (CNIL) is an independent French administrative body that focuses on regulating data privacy laws in France and ensuring it is applied to the collection, storage, and use of personal data. There are 17 elected members who form the commission. It was created in 1978 and functions in accordance with the French Data Protection Act 


What is the mission of CNIL?

The mission of CNIL is to: 

  • Inform individuals of their rights 
  • Protect the rights of citizens 
  • Regulate and advise 
  • Propose and enact certifications and corporate rules that create conformity for an entire professional branch 
  • Takupcoming new technologies into consideration for the upcoming uses of data 
  • Inspect and intervene when data controllers may be acting outside of the law 

Additionally, it is the administrative body that responds to requests made by individuals and companies about their rights. They track regulations and warn organizations who are non-compliant. They have total authority over choosing the course of action when they encounter someone who is not adhering to data protection regulations. 


How to Comply with CNIL

The CNIL looks for organizations to follow some of these main principles: 

  • Illegal forms of data collection and processing are forbidden 
  • People need to be informed that their data is being collected and also must be told the purpose behind the collection of the data at or before the point of collection. 
  • Perhaps the most important is the requirement that no decision is made for the user by a computer. 

It’s important for organizations to adhere to these and maintain open communication between them and their consumers. Much of the CNIL can be adhered to by maintaining similar restrictions to data processing as those outlined in the GDPR.