FrEnCookies manager
  1. Home
  2. The CNIL’s Missions

The CNIL’s Missions

29 April 2025

Informating individuals & Protecting their rights

The CNIL responds to requests from individuals and professionals. It carries out communication actions towards the general public and professionals, through its networks, the press, its website, its presence on social media or by providing educational tools.

When receiving a complaint, the CNIL generally discusses the facts reported by the complainant with the controller or processor. In case of infringement, the CNIL asks the data controller to comply and respect the rights of individuals.

38,386
calls answered
16,130
requests by electronic means processed
11.6
million visits on CNIL's websites (cnil.fr and linc.cnil.fr)
15,639
complaints

 

Supporting compliance & Advising

In order to help private and public organizations to comply with the RGPD, the CNIL offers a complete toolbox adapted to their size and needs.

The CNIL ensures that they find solutions that allow them to pursue their legitimate objectives in strict compliance with the rights and freedoms of individuals.

103,602
organisations appointed a DPO
36,777
DPO appointed
16
parliamentary hearings
574
cases processed in health and research

Anticipating & Innovating

As part of its innovation and foresight activities, the CNIL maintains a dedicated watch in order to detect and analyse technologies or new uses that could have a significant impact on privacy. Its laboratory experiments innovative products or applications. Thus, the CNIL contributes to the development of technological solutions that protect privacy by advising companies as early as possible in the process (privacy by design).

CNIL is also involved in stimulating social debate on ethical issues surrounding data, and acts as a point of contact and dialogue with digital innovation ecosystems (researchers, startups, laboratories).

Privacy Research Day international conference
1,400
attendants

 

Investigations & sanctions

Investigations are effective means of intervention with data controllers and their data processors, allowing for the CNIL to verify the concrete implementation of the GDPR and the law.

The decision to carry out an investigation is made on the basis of complaints received by the CNIL, current events, and an annual programme regarding topics for which a data protection issue has been identified.

At the end of the investigations carried out by the departments, the Chair of the CNIL may decide, depending on the the seriousness of the breaches found, to close the case or issue a formal notice.

The Chair of the CNIL may also refer the matter to the CNIL’s restricted committee in order to issue a financial penalty on the organisation. Corrective measures may be published.

321
investigations
including 99 online, 166 on site, 44 document-based et 12 hearings.

The CNIL supports the development of new technologies on a daily basis and takes part in the construction of a digital ethic.

Beyond raising awareness and sharing information on data protection culture, the CNIL has an advisory power, an onsite and offsite investigatory power as well as an administrative sanctioning power.

It has established and coordinates the network of Data Protection Officers.

The CNIL analyses the consequences of new technologies on citizens’ private life.

Finally, it collaborates closely with its European and international counterparts.

A bit of History

Back in the seventies, the French Government announced a plan designed to identify each citizen with a specific number and, using that unique identifier, to interconnect all government records.

This plan, known as SAFARI, led to great controversy in the public opinion. It underlined the dangers inherent to certain uses of information technology and aroused fears that the entire French population would soon be recorded in files. This fear led the Government to set up a commission mandated to recommend concrete measures intended to guarantee that any developments in information technology would remain respectful of privacy, individual rights and public liberties.

After broad debates and public consultation, this “Commission on Information Technology and Liberties” recommended that an independent oversight authority be set up. Such was the purpose of the January 6, 1978 Act creating the “Commission Nationale de l’Informatique et des Libertés” (CNIL).

2024 Annual report

Awareness-raising, controls and sanctions, AI, new support tools, European and international cooperation: the CNIL is publishing its 2024 that highlights the highlights and the many achievements in protecting everyone's personal data.

Download the report

European and international strategy for 2025-2028

The CNIL’s European and international strategy on data protection has three key priorities: streamlining European cooperation, promoting high international standards of data protection and consolidating its network of influence.

Download the strategic plan

Document reference

Facts and figures

The CNIL in a nutshell 2025
[ PDF-656.61 KB ]
Practice Guide GDPR - Security of Personal data 2024
[ PDF-732.62 KB ]
Cybersecurity 2024 - GDPR: the best prevention against cyber risks
[ PDF-1.27 MB ]
Charter for the support of professionals
[ PDF-178.85 KB ]
Document reference

Speeches

Keynote speech by Marie-Laure Denis, President of the CNIL - The future of data protection: effective enforcement in the digital world
[ PDF-232.47 KB ]

This can also interest you ...

Status & Composition
29 April 2025
The CNIL
Michel COMBOT, CNIL's new Director of Technology and Innovation
16 September 2024
The CNIL
The CNIL's actions in Europe and around the world
The CNIL participates in the work of the European Data Protection Board, and is also a member of ...
30 April 2024
The CNIL