France - The CNIL issues its annual report

France - The CNIL issues its annual report's Tags

Tags related to this article

France - The CNIL issues its annual report

Published 22 junio 2017

On 28 March 2017, the French Data Protection Authority (“the CNIL”) published its annual activity report for 2016 (the “Report”) presenting its main accomplishments during the year and describing its objectives for the year to come. The Report lists the major highlights of the year 2016 including the adoption of the Digital Republic Bill dated 7 October 2016; the adoption of the (“GDPR”); and the entry into force of the Privacy Shield.

Complaints received by the CNIL in 2016

According to the Report 7,703 complaints have been received by the CNIL in 2016 (an amount similar to the year 2015 with 7,900 complaints) amongst which:

  • 33% concerned the dissemination of personal data on the Internet and particularly their erasure or rectification;
  • 33% concerned marketing issues and in particular direct marketing by email, telephone or regular mail; and
  • 34% concerned human resource issues, bank and credit issues, health and social sector.

According to the Report the CNIL received more than 400 complaints from individuals who have been refused a request for de-listing made to a search engine.

The complaints have also enabled the CNIL to identify new trends related to the Internet of Things, WIFI tracking or the increased use of video surveillance at work.

High number of controls, repressive actions and sanctions pronounced by the CNIL

During 2016, the CNIL has performed 430 controls, among which 100 online controls including 94 controls to ensure the compliance of CCTV devices. The controls were carried out on various areas including contactless payment, psychosocial risks in companies, the national driving licensing system, the national inter-insurance system of health insurance and data brokers.

As to the repressive actions, the CNIL has issued 82 formal notices, amongst which with respect to breaches related to cookies, online sales, job listings and charity associations.

According to the CNIL, the majority of the formal notices issued have been followed by data controller’s compliance, however 13 sanctions have been pronounced by the CNIL in 2016. Four monetary sanctions have been pronounced by the CNIL including a fine of €100 000 against Google for the failure to de-list the global extensions of the domain name of its search engine.

The future priorities of the CNIL

The CNIL’s main priority for the year 2017 will be preparing for the GDPR, the development of the necessary compliance tools, and the work on a new data protection law.

The CNIL announces that the controls of the year 2017 will focus in particular on the confidentiality of health data processed by the actors of insurance sector, information files relating to State Security and connected televisions (Smart TV).

Finally, the Report outlines some of the topics that the CNIL will further consider in the future years as the ethics of algorithms and artificial intelligence and the place of citizens in smart cities.

The Report can be found here (French).

Submitted by Thierry Dor, Partner and Dane Rimsevica, Associate of Gide Loyrette Nouel – Paris, France

Key Contacts

Rhiannon Webster

Rhiannon Webster

London - Walbrook

+44 (0)20 7894 6577

< Back to articles