November 29, 2022

Volume XII, Number 333

Advertisement

November 29, 2022

Subscribe to Latest Legal News and Analysis

November 28, 2022

Subscribe to Latest Legal News and Analysis

CNIL Unveils 2021 Annual Activity Report

On May 11, 2022, the French Data Protection Authority (the “CNIL”) published its Annual Activity Report for 2021 (the “Report”). The Report provides an overview of the CNIL’s enforcement activities in 2021. The report notably shows a significant increase in the CNIL’s activity.

In particular, the Report revealed that:

  • The CNIL received 14,143 complaints in 2021 (+4% compared to 2020) and closed 12,522. The CNIL carried out 384 controls, issued 135 letters of formal notice, and imposed 18 sanctions for a cumulative amount of more than €214 million.

  • One of the CNIL’s priorities in 2021 was to verify companies’ compliance with the new cookies rules. The CNIL received more than 250 complaints concerning non-compliant cookies practices, which resulted in the issuance of 89 letters of formal notice and four sanctions.

  • The CNIL continued focusing on the security of health data, particularly in relation to processing activities related to the COVID-19 pandemic and conducted 30 new control missions aimed at medical testing laboratories, hospitals, health data brokers, and service providers. Some of these investigations remain ongoing to date.

  • The CNIL also focused its activities on the topic of cybersecurity. The Report indicates that the CNIL received 5,037 data breach notifications in 2021, amounting to an increase of approximately 79% in comparison to 2020.

In addition to its investigatory and sanctioning power, the CNIL continued collaborating closely with other European and international supervisory authorities on various topics, including:

  • The CNIL participated in work aimed at strengthening EU digital sovereignty. As part of this effort, the CNIL contributed to the efforts of the European Data Protection Board regarding the EU Data Governance Act, the Digital Services Act, Digital Market Act, and the Artificial Intelligence Regulation (the “AI Regulation”).

  • The CNIL continued its efforts regarding the Schrems II judgment by the Court of Justice of the European Union.

  • The CNIL also took part in the 43rd annual meeting of the Global Privacy Assembly. During the meeting, five important resolutions were adopted, two of which the CNIL co-authored: one on the regulation of government access to data held by private sector entities and another on the protection of minors’ digital rights.

According to CNIL President Marie-Laure Denis, in 2022, the CNIL will focus on continuing its collaborative regulation strategy and coordinating its efforts with stakeholders involved in the privacy field.

Download a copy of the Report (only available in French).

Copyright © 2022, Hunton Andrews Kurth LLP. All Rights Reserved.National Law Review, Volume XII, Number 153
Advertisement
Advertisement
Advertisement

About this Author

In today’s digital economy, companies face unprecedented challenges in managing privacy and cybersecurity risks associated with the collection, use and disclosure of personal information about their customers and employees. The complex framework of global legal requirements impacting the collection, use and disclosure of personal information makes it imperative that modern businesses have a sophisticated understanding of the issues if they want to effectively compete in today’s economy.

Hunton Andrews Kurth LLP’s privacy and cybersecurity practice helps companies manage data and...

212 309 1223 direct
Advertisement
Advertisement
Advertisement