The CNIL's actions in Europe and around the world
The CNIL participates in the work of the European Data Protection Board, and is also a member of several European and international bodies. It also takes part in numerous studies and conferences on the subject of personal data protection worldwide.
The CNIL on the European Data Protection Board
The European Data Protection Board (EDPB), a European Union body set up by the General Data Protection Regulation (GDPR), brings together EU data protection authorities to ensure consistent application of the GDPR. It can publish recommendations, guidelines, best practices and opinions designed to clarify the interpretation of the principles and support businesses, public authorities and individuals in implementing these texts.
The CNIL contributes to the drafting of these general support documents, in addition to its own reference frameworks which take into account the specific features of French law.
The CNIL also coordinates with its EU counterparts during sanction procedures concerning cross-border data processing, as part of the "one-stop shop" approach. The EDPB can adopt binding decisions to settle disputes between supervisory authorities.
Finally, the CNIL contributes to the approval of European compliance tools, such as binding corporate rules (BCR) or codes of conduct.
The CNIL and international data protection bodies
Data protection issues are becoming increasingly important on the international stage, as a result of the globalization of data exchanges. International and European cooperation is a particularly strategic issue, requiring the CNIL to invest in all the emerging initiatives.
For example, CNIL's actions led to the creation in 2007 of the Association francophone des autorités de protection des données personnelles (AFAPDP). It also participates in the Global Privacy Assembly and the G7 group of privacy protection authorities.
The CNIL and law enforcement
The European Union has set up a number of large-scale IT systems. National supervisory authorities play a key role in overseeing these systems, particularly as regards processing and operations at national level in each EU Member State.
This supervision is shared between the national supervisory authorities and the European Data Protection Supervisor (EDPS), mainly within the Coordinated Supervision Committee set up within the European Data Protection Board.
The CNIL participates in the supervision of various systems: Eurodac (fingerprints of asylum seekers), Europol (police cooperation), Eurojust (judicial cooperation), Schengen (border alerts), Customs, Visas.
CNIL’s European and International Affairs Department
Within the European Data Protection Board (EDPB), we explain and defend the CNIL's positions, and participate in the development of soft law in the field of data protection.
My work gives me the opportunity to follow the progress of documents from their conception to their adoption at the EDPB plenary meetings. Internally, I prepare CNIL's participation in these monthly meetings of all European data protection authorities. I also monitor new cases involving several countries, and regularly exchange views with our counterparts in the EDPB "cooperation" sub-group.
More generally, I contribute to publications on the CNIL website. I also organize the hosting of foreign delegations. For example, we had a visit from the Moldovan Authority in October 2023.
I appreciate the diversity of the subjects dealt with by our Department, the cross-disciplinary nature and the diplomatic aspect of my missions.
Tiphaine, Legal officer at the European and International Affairs Department