French CNIL Releases 2022 Enforcement Priorities
Time 2 Minute Read
Categories: European Union, International, Marketing

On February 15, 2022, the French Data Protection Authority (the “CNIL”) published its enforcement priority topics for 2022. Each year, the CNIL conducts numerous investigations in response to complaints, data breach notifications and ongoing events, or based on previously established enforcement priorities.

For 2022, the CNIL indicated that it will focus on three major strategic priorities:

  • Direct Marketing. The CNIL recently published a new reference framework on “commercial management,” which will be used to monitor unsolicited commercial prospecting practices and related GDPR compliance. The CNIL indicated that it will particularly monitor the practices of data brokers.
  • Monitoring Teleworking Employees. With teleworking becoming a norm during the COVID-19 pandemic, numerous employee monitoring tools have been developed. The CNIL urges companies to verify that such monitoring tools comply with data protection rules and ensure a fair balance between privacy at work and legitimate monitoring of employees.
  • Cloud Computing. The CNIL considers certain newer technologies, such as cloud computing, as likely to have data protection risks, particularly with respect to the international data transfers these technologies involve or the risks of data breaches they pose when incorrectly configured. Accordingly, the CNIL reports that it will look into cloud-related transfer issues and the contractual framework between data controllers and cloud solution providers. This priority also is part of the European Data Protection Board’s first coordinated enforcement framework, in which the CNIL will participate, along with other EU supervisory authorities, by investigating the use of cloud services by the public sector.

Read the CNIL’s press release.

Tags: Cloud, CNIL, Coronavirus/COVID-19, Data Controller, Data Protection Authority, European Data Protection Board, GDPR
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 2 Minute Read
Data Protection Authorities Globally Highlight Privacy Issues in AI Image Generation

On February 23, 2026, a Joint Statement on AI-Generated Imagery was published by 61 data protection authorities. The Joint Statement addresses concerns regarding AI systems capable of generating realistic images and videos depicting identifiable individuals without their knowledge or consent.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 1 Minute Read
Brazil and the European Union Reach Agreement to Recognize Mutual Adequacy in Personal Data Protection

On January 26, 2026, the Brazilian data protection authority (“ANPD”) announced that Brazil and the European Union agreed to mutually recognize the adequacy of each other’s data protection networks.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 3 Minute Read
EDPB and EDPS Issue Joint Opinion on EU AI Act Implementation

On January 21, 2026, the European Data Protection Board and the European Data Protection Supervisor issued a Joint Opinion in response to the European Commission’s Proposal for the Digital Omnibus on AI.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 1 Minute Read
European Commission Renews UK Data Adequacy Decisions

On December 19, 2025, the European Commission announced the renewal of the two UK adequacy decisions originally adopted in 2021, reaffirming that personal data may continue to move freely between the European Economic Area and the UK.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page