The French Data Protection Authority unveils its 2012 targets for inspections

By Gabriel Voisin, Stephanie Lopes


The CNIL’s annual programme of inspections has been unveiled on 19 April. According to the CNIL, around 450 on-site inspections will be carried out on key themes of data protection and the protection of privacy. The CNIL will focus on the following issues during its investigations:

·         CCTV: According to the CNIL, 150 checks will be carried out on CCTV devices, notably on towns using CCTV to fine wrongdoers, and on premises which regularly receive lot of visitors.

·         Mobile operators and smartphones resellers/developers: The CNIL will be investigating the process of purchasing a smartphone as well as its use. They will look into the use of the Preventel database (i.e. French database of customers who have failed to pay their bills to member operators). The inspections will also focus on the treatment of data collected during use of a smartphone and download and use of applications.

·         Health data: Inspections will be carried out on medical research facilities, online health applications and companies hosting health data. Particular attention will be paid to issues linked to remote hosting of health data via Cloud solutions. The CNIL will also look at the processing of health data in major hospitals.

·         ISP procedures to address data breach requirements: The CNIL has published a practical guide on the security of personal data. The new requirement for ISPs to notify the data protection authority of data breaches has led to this being placed high on the CNIL’s agenda.

·         Sport: Checks have already been conducted in this sector. Further checks will now be carried out on (i) major French sports federations to investigate data processing in relation to members and spectators, (ii) stadiums hosting sports competitions, and (iii) anti-doping controls.

·         Police files: The CNIL will implement a series of controls on data processing in various national and local operational services. They will assess the daily use of personal data processing.

·         Facilities providers and motorway companies: Checks will be carried out in major companies providing facilities such as water or gas. Investigations will also be instigated into motorway companies that provide innovative services such as contactless payment of tolls, road safety and the fight against fraud.

The CNIL article (in French) can be found here. For more information on the above, please contact:

Ariane Mole  Partner

Nathalie Metallinos  Senior Associate

Gabriel Voisin  Associate

Lorraine Boche Associate