CNIL News (France DPA)

EDPB Coordinated Enforcement Framework 2026 Transparency Action

The European Data Protection Board (EDPB) launched its 2026 Coordinated Enforcement Framework (CEF) action, focusing on compliance with GDPR transparency and information obligations under Articles 12, 13, and 14. Twenty-five Data Protection Authorities (DPAs) across Europe will conduct enforcement actions and fact-finding exercises targeting data controllers from various sectors throughout 2026, with findings to be consolidated in an EDPB report and followed by targeted enforcement at national and EU levels.

EDPB, EDPS Joint Opinion on European Biotech Act

The European Data Protection Board (EDPB) and European Data Protection Supervisor (EDPS) have issued a joint opinion on the proposed European Biotech Act. They support harmonizing clinical trials but call for specific safeguards for sensitive health data.

CNIL Consultation on Session Replay Draft Recommendation

The CNIL has launched a public consultation on its draft recommendation for session replay tools. The recommendation aims to guide tool developers and website operators on compliance with data protection rules, particularly concerning user behavior monitoring. The consultation period closes on April 22, 2026.

EDPB EDPS Joint Opinion on Digital Framework Simplification

The EDPB and EDPS have issued a joint opinion supporting simplification and competitiveness within the digital framework. The opinion addresses EU legislative proposals related to data privacy, artificial intelligence, and e-Privacy.

CNIL Closes Order Against KASPR Following GDPR Violations

The CNIL has closed an order against KASPR, originally issued on December 5, 2024, which included a €240,000 fine for GDPR violations related to data collection from LinkedIn. KASPR has demonstrated compliance with the corrective measures, leading to the closure of the order and the non-liquidation of a potential daily penalty.

France Travail fined €5 million for data security breach

The CNIL has fined FRANCE TRAVAIL (formerly Pôle Emploi) €5 million for failing to implement adequate security measures to protect job seeker data, following a hack in early 2024. The fine addresses inadequate technical and organizational measures, including weak authentication and logging.

CNIL Work Programme 2026-2028 on Data Economy

The CNIL has published its work programme for 2026-2028, focusing on understanding data-related business models and measuring the economic impact of its decisions. The programme aims to deepen expertise in data protection's economic implications and contribute to public debate on the data economy.

CNIL Annual Report: 2025 Fines and Sanctions

The CNIL reported imposing €486.8 million in fines and 83 sanctions in 2025, primarily for violations related to cookies, employee monitoring, and data security. The report details 143 compliance orders and 31 reminders of legal obligations issued during the year.