Privacy & Information Security Law Blog

On January 16, 2025, the French Data Protection Authority (“CNIL”) unveiled its strategic plan for 2025-2028, highlighting its priorities for the coming years. Summarized below are the four key focus areas outlined in the CNIL’s strategic plan:

• Artificial Intelligence (“AI”): With respect to AI, the CNIL commits to: (1) collaborating with European and international partners to promote harmonized AI governance; (2) providing guidance to stakeholders, clarifying applicable rules and implementing effective and balanced regulation of AI; (3) raising public awareness of the challenges raised by AI and the importance of exercising individuals’ rights; and (4) ensuring AI systems comply with applicable rules, including by creating a methodology and tools allowing such monitoring throughout the lifecycle of an AI system, and collaborating with other data protection authorities on EU-wide monitoring actions.
• Protection of Minors: Recognizing the vulnerabilities of children in digital environments, the CNIL will prioritize safeguarding their personal data. Key actions include: (1) strengthening requirements for online platforms to ensure age-appropriate protections; (2) promoting tools and resources to enhance children’s understanding of their digital rights; (3) allowing minors to effectively exercise their rights; and (4) engaging with educators, parents, and industry stakeholders to create safer digital spaces for minors.
• Cybersecurity and Resilience: With increasing cyber threats targeting organizations and individuals, the CNIL will focus on: (1) strengthening cooperation with all cybersecurity stakeholders; (2) supporting businesses and individuals in enhancing their data security practices and with facing cyber risks; (3) advocating for privacy-by-design approaches to mitigate cybersecurity risks; and (4) conducting investigations and enforcing sanctions to reinforce compliance with data breach notification requirements under the EU General Data Protection Regulation.
• Everyday Digital Life: Apps and Online Identity: To address the pervasive role of technology in daily life, the CNIL commits to: (1) continuing the implementation of its apps strategy to protect individuals’ privacy, including by raising public awareness of the importance of privacy, monitoring the compliance of apps with applicable rules, and updating its guidelines for professionals working with apps; and (2) monitoring the development of apps and encouraging companies to adopt user-centric approaches that respect privacy.

Read the CNIL’s press release and strategic plan (in French).