The French Data Protection Authority, the CNIL, has published its annual investigation program for 2014. The CNIL anticipates carrying out a total of around 550 data breach investigations (350 on-site investigations and 200 online).  Priority topics will be:

  • Data breach notification by electronic communications operators
  • Online social dating networks
  • Online payment (particularly the fight against fraud and the issues around the retention of banking data).

Website cookies and mobile apps are also on the CNIL’s agenda for 2014. 


The CNIL confirmed that it would participate, together with 26 other data protection authorities, in the 2014 ‘Sweep Day on Mobile Privacy’ organised by the Global Privacy Enforcement Network. This would be a general review of website cookie compliance by organisations operating in France. The CNIL announced that this sweep is to be followed in October 2014 by in-depth investigations into individual compliance with cookie laws by organisations.The CNIL’s investigations will focus on which cookies are used and why, whether the cookie policy is visible, comprehensive and user friendly, how consents to cookies are obtained from users, how long the consent lasts for (which should be no more than 13 months), what happens if users refuse to consent and whether users are given the ability to opt-out at any time.

For more information on any aspect of French data protection law, please feel free to contact Stéphanie Faber.