The increasing digitization of economic and social life, and the advent of the pandemic, have heightened the risks to privacy, and the omnipresence of major digital services is raising new regulatory issues. In this context, personal data is, more than ever, the common thread running through our daily digital lives.
Given these facts, it is essential that the GDPRThrough European cooperation between authorities, the CNIL is fully playing its role as an offensive lever for compliance, enabling effective respect for the rights of individuals and equal competition between economic players. The CNIL's new strategic orientations for the period 2022 to 2024 are part of this dynamic.
This plan breaks down the CNIL's strategic orientations into 3 areas, themselves broken down into objectives.
Axis 1The aim is to promote the control and rights of people in the field through 4 objectives :
The CNIL intends to improve its communication and make tools available to facilitate the exercise of rights, which could potentially lead to an increase in the number of requests for the exercise of rights, and therefore an increased risk for companies that do not comply.
This will involve adapting its control, formal notice and sanction procedures. The investigation of complaints is a priority, as is the reduction of investigation times. This was recently reflected in the launch of a call for tenders for the outsourcing of complaint management for the "simplest" cases (i.e. those that do not raise any new legal issues, and which are not handled by state bodies).
The aim is to increase the efficiency of the one-stop shop and relations between supervisory authorities. This concerns cross-border processing (art 4.23 RGPD), companies established in the EU, through a single interlocutor (lead authority) for controllers or processors established in several European countries. This 'single interlocutor' is defined with regard to the location of the company's main establishment, according to art 4.16 of the RGPD.
Prioritize actions to protect everyday uses, by making citizens more aware of digital tools, the stakes in terms of freedom and privacy, and the associated risks, while providing them with practical tools.
A large proportion of these formal notices concerned the priority issue of cookies: 89 decisions included a breach relating to the use of tracers (including 84 are fully dedicated to this issue).
Axis 2 promotes the RGPD as a confidence-building asset for data controllers (RT) through 5 objectives:
This implies a clarification of the legislation (doctrine) adapted to the challenges faced by companies, to help them better understand data protection.
Enabling RTs to manage their own compliance in a way that is adapted to their business. This involves simplifying tools and strengthening relations with compliance partners (code of conduct holders and certification bodies).
The CNIL is strengthening its role in the public authorities' response to cyber risks, and its prevention and advisory role, both regulatory and technical.
to meet RTs' needs for transparent, accessible tools tailored to their challenges, to help them better understand data protection.
By taking into account companies' business models and the economic impact of CNIL.
Axis 3 highlights the CNIL's priorities in the face of intensifying use of personal data:
This raises issues of large-scale surveillance of individuals. Actions are planned, involving both government services and commercial activities, with support phases in the implementation of such systems to prevent their excessive and disproportionate nature.
The ongoing deployment of Cloud solutions is creating security and compliance risks, particularly with major digital players. The aim is to secure transfers of personal data to countries outside the EU on the basis of the "Schrems II" ruling.
In view of the opacity and heterogeneity of practices observed in this area, the CNIL wants to improve the visibility of data flows and reinforce the compliance of mobile applications.
My Data Solution is hosted, designed, and developed in France
