On May 13, 2009, the French Data Protection Authority (“CNIL”) published its Annual Activity Report. The Report highlights increasing enforcement activity, noting a record number of investigations, formal notifications and fines. Having recently celebrated its thirtieth anniversary, the CNIL stated that it seeks to constantly evolve and meet the challenges of modern society by pursuing three key points: (i) diversifying its sources of financing; (ii) increasing the number of personnel; and (iii) including data protection and privacy rights in the French constitution in the near future.
The CNIL is increasingly engaged in assisting companies to ensure individuals’ privacy rights as part of diverse technology projects like Streetview, Bluetooth advertising and implementation of an electronic pharmaceutical database. As a natural extension of these efforts, the CNIL also has positioned itself to be a key player in the field of data protection certification through its participation in the “European Privacy Seal” labeling project and recent membership in the AFNOR Groupe (an organization for certification and security standardization).
Other key initiatives include reconciling e-discovery rules and the European data protection framework (an issue the CNIL has influenced at both a national and European level) and data security (on which point the CNIL has noted business enterprises’ lack of strong security measures). The CNIL has signaled its intention to issue recommendations on both issues, and plans to contribute to the development of security standards in order to enhance data security awareness.