CNIL News (France DPA)

EDPB EDPS Joint Opinion on Digital Framework Simplification

The EDPB and EDPS have issued a joint opinion supporting simplification and competitiveness within the digital framework. The opinion addresses EU legislative proposals related to data privacy, artificial intelligence, and e-Privacy.

CNIL Consultation on Session Replay Draft Recommendation

The CNIL has launched a public consultation on its draft recommendation for session replay tools. The recommendation aims to guide tool developers and website operators on compliance with data protection rules, particularly concerning user behavior monitoring. The consultation period closes on April 22, 2026.

EDPB, EDPS Joint Opinion on European Biotech Act

The European Data Protection Board (EDPB) and European Data Protection Supervisor (EDPS) have issued a joint opinion on the proposed European Biotech Act. They support harmonizing clinical trials but call for specific safeguards for sensitive health data.

CNIL Closes Order Against KASPR Following GDPR Violations

The CNIL has closed an order against KASPR, originally issued on December 5, 2024, which included a €240,000 fine for GDPR violations related to data collection from LinkedIn. KASPR has demonstrated compliance with the corrective measures, leading to the closure of the order and the non-liquidation of a potential daily penalty.

France Travail fined €5 million for data security breach

The CNIL has fined FRANCE TRAVAIL (formerly Pôle Emploi) €5 million for failing to implement adequate security measures to protect job seeker data, following a hack in early 2024. The fine addresses inadequate technical and organizational measures, including weak authentication and logging.

CNIL Work Programme 2026-2028 on Data Economy

The CNIL has published its work programme for 2026-2028, focusing on understanding data-related business models and measuring the economic impact of its decisions. The programme aims to deepen expertise in data protection's economic implications and contribute to public debate on the data economy.

CNIL Annual Report: 2025 Fines and Sanctions

The CNIL reported imposing €486.8 million in fines and 83 sanctions in 2025, primarily for violations related to cookies, employee monitoring, and data security. The report details 143 compliance orders and 31 reminders of legal obligations issued during the year.