France’s DPA says audits are a higher priority

France’s Data Protection Authority, the CNIL, said at the end of May that it intends to conduct 550 inspections in 2015. Of these, some 350 will be on-site or off-site inspections and the rest will be conducted online. The CNIL says that it will specifically concentrate on contactless payments, protection of employee data, and the monitoring and sharing of health data gathered via mobile apps and devices. In addition, the CNIL will inspect public sector databases such as the drivers’ licence register.

In 2014, the CNIL conducted 421 inspections of which 58 were online audits.
The CNIL received 11,000 complaints and enquiries in 2014. Since this April, it has introduced a new online service which provides individuals information about:

  • how to request removal of personal data from websites, blogs, forums, social networks or search engines;
  • how to deal with spam and marketing by mail, email or by phone; and
  • individual rights regarding employee monitoring. 

The CNIL has also set up a new regulatory tool “compliance packs” that include advice on good practice for different sectors. Packs have already been published for insurance and social housing, and are being developed for the banking sector.

See Programme des contrôles 2015 and the 2014 Annual Report can be seen at 

Isabelle Falque-Pierrotin, President, and Florence Raynal, Head of the Department of European and International Affairs, the CNIL, will both be speakers at Privacy in a Connected World, PL&B’s 28th Annual International Conference 6-8 July, at St. John’s College, Cambridge