|Commission nationale de l'informatique et des libertés|
|Name:||Commission nationale de l'informatique et des libertés|
|Secretary general:||Jean Lessi|
|Adress:||3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07|
|Fax:||+33 1 53 73 22 00|
|Phone:||+33 1 53 73 22 22|
|Twitter:||@CNIL and @CNIL_en|
|Translated Decisions:||Category:CNIL (France)|
The CNIL is the federal Data Protection Authority for France. The authority is established in Paris and is in charge of enforcing GDPR for France.
The CNIL was established in 1978 with the law "Informatique et Libertés". It is an independent administrative authority led by a college of 18 members and a contract staff team. Twelve out of eighteen members are elected or designated by the national authorites and courts to which they belong (i.e. Senate, National Parliament, Economic and Social Committee, Supreme Civil and Administrative Courts, Court of Auditors and the Commission of Access to Administrative Documents). The CNIL's president can freely recruit its other staff.
The CNIL issues orders and imposes fines within a restricted formation, meaning one president and five others elected members, pursuant to Article 9 of the Law "Informatique et Libertés". The CNIL's internal rules indicate that, unless otherwise justified, the pronunciation of fines is public. Anyone can ask for the agenda of the hearing and attend.
The composition, nomination and the organisational structure is laid down by Articles 9 to 18 of the Law "Informatique et Libertés".
You can find the organizational chart here.
Applicable Procedural Law
The CNIL operates under the law "Informatique et Libertés" under the conditions laid down by Articles 19 to 29.
Complaints Procedure under Art 77 GDPR
The Supreme administrative Court (the "Conseil d'Etat") is the first and last judicial intance before which the CNIL's decisions are challenged, pursuant to Article R 311-1 of the Code of Administrative Justice.
Any CNIL's decision can be challenged within the four months following the notification of the decision, with the conditions and limits provided for in Articles R 411-1 to R 421-7 and R 432-1 to R 441-1 of the Code of Administrative Justice.
You can find the provisions of the Code of Administrative Justice in French here.
Ex Officio Procedures under Art 57 GDPR
The CNIL can run ex officio procedures out of its own motion. Its powers are described under Article 8 of the law "Informatique et Libertés".
The CNIL provides an online service to submit a complaint (in French) here.
You can help us filling this section!
|EU/EEA Data Protection Authorities|
|Austria · Belgium · Bulgaria · Croatia · Cyprus · Czech Republic · Denmark · Estonia · Finland · France · Germany (Baden-Württemberg · Bavaria, private sector · Bavaria, public sector · Berlin · Brandenburg · Bremen · Hamburg · Hesse · Lower Saxony · Mecklenburg-Vorpommern · North Rhine-Westphalia · Rhineland-Palatinate · Saarland · Saxony · Saxony-Anhalt · Schleswig-Holstein · Thuringia ) · Greece · Hungary · Ireland · Italy · Latvia · Lithuania · Luxembourg · Malta · Netherlands · Poland · Portugal · Romania · Slovakia · Slovenia · Spain · Sweden|
|Iceland · Liechtenstein · Norway||EDPS · EDPB|
|Non-EU/EEA Data Protection Authorities|