 | You can helpexpand this article with text translated fromthe corresponding article in French. (June 2025)Click [show] for important translation instructions.
|
 | This articleneeds additional citations forverification. Please helpimprove this article byadding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "Commission nationale de l'informatique et des libertés" – news ·newspapers ·books ·scholar ·JSTOR(June 2025) (Learn how and when to remove this message) |
TheCommission nationale de l'informatique et des libertés (CNIL,French pronunciation:[knil]; English:National Commission on Informatics and Liberty) is an independentFrench administrative regulatory body whose mission is to ensure thatdata privacy law is applied to the collection, storage, and use ofpersonal data. It is thenational data protection authority for France. Its existence was established by the Frenchloi n° 78-17 on Information Technology, Data Files and Civil Liberty of 6 January 1978. From September 2011 to February 2019, the CNIL was chaired by Isabelle Falque-Pierrotin. Its chair is Marie-Laure Denis.
The CNIL was created partially in response to public outrage against theSAFARI program, which was an attempt by theFrench government to create a centralizeddatabase allowing French citizens to be personally identified by different government services. On 21 March 1974, an article in the newspaperLe Monde, "SAFARI ou la chasse aux Français" (SAFARI; or, Hunting Frenchmen) brought public attention to the project. Interior MinisterJacques Chirac, freshly appointed following the events ofMay 1968, had to face the public uproar. Chirac was the successor toRaymond Marcellin, who had been forced to resign in the end of February 1974 after having attempted to placewiretaps in the offices of the weekly newspaperLe Canard enchaîné. The massive popular rejection of the government's activities in this domain prompted the creation of the CNIL.[citation needed]
At the beginning of 1980, when the CNIL began its main activities, news anchormanPatrick Poivre d'Arvor announced that the CNIL had registered 125,000 files.[1] By the end of 1980, Poivre d'Arvor counted 250,000 files (public and private).[1]
The CNIL is composed of seventeen members from various government entities, four of whom are members of the French parliament (Assemblée nationale andSénat); twelve of these members are elected by their representative organisations in the CNIL.
The CNIL's status as an administrative regulatory body gives it total independence to choose its course of action. However, its power is limited and defined by law. The CNIL is financed by the budget of the French Republic.
| Presidents of the CNIL | Began | Ended |
|---|---|---|
| Pierre Bellet | 5 December 1978 | 27 November 1979 |
| Jacques Thyraud | 1979 | 1983 |
| Jean Rosenwald | 1983 | June 1984 |
| Jacques Fauvet | 14 June 1984 | 1999 |
| Michel Gentot | 3 February 1999 | 7 January 2004 |
| Alex Türk | 3 February 2004 | 21 September 2011 |
| Isabelle Falque-Pierrotin [fr] | 21 September 2011 | 2 February 2019 |
| Marie-Laure Denis [fr] | 2 February 2019 |
The CNIL registers the setup of information systems that process personal data on French territories. By September 2004, more than 800,000 declarations of such systems had been made. Additionally, CNIL checks the law to be applied in this domain as well as in about 50 annual "control missions". CNIL can warn organisations or people who are found to be non-compliant with the law, and also report them to theParquet.
The main principles for regulation of personal data processing are as follows (non-exhaustive list):
The archival ofsensitive information can result in a five-year prison term and a €300,000 fine.
Germany in 1971,Sweden in 1973, and France in 1978 were the first three states to vote for a "Computers and Liberty" law; these work with an independent control authority.
International, economic, and political structures have been created or assigned to apply CNIL directives. Amongst these are theOrganisation for Economic Co-operation and Development (OECD) in 1980, theCouncil of Europe in 1981 and theUnited Nations (UN) in 1990. In 1995, theEuropean Commission voted through a directive in this manner. As of 2004, 25 countries have applied this directive.
The CNIL is the target of various criticisms, alleging its lack of action and tendency to support governmental legislation, forgetting its original aims of protecting data privacy and citizens' rights.[1] It is regularly criticised for its lack of administering proper sanctions to dataprivacy violations.[2] It was criticized, for instance, for having authorized "ethnic statistics", forbidden inofficial demographic statistics.[3]
The CNIL has been criticized for attempting to enforceright to be forgotten rulings on search results globally. In 2016,Google appealed a CNIL right to be forgotten ruling on the grounds that it could set a precedent for abuse by "less open and democratic" governments.[4]
| International | |
|---|---|
| National | |
| Other | |
