France: CNIL publishes activity report for 2021
The French data protection authority ('CNIL') published, on 11 May 2022, its activity report for 2021. In particular, CNIL provided 121 opinions on draft laws and decrees and received 14,143 complaints, of which 1,436 related to the right of access, over 250 related to cookies, and 12,522 were closed. Furthermore, CNIL conducted 384 audits and issued 135 warnings of which 89 related to cookies, as well as 18 fines totalling €214 million. Additionally, CNIL focussed on risks related to unlawful access to stored personal data of EU citizens by U.S. authorities and initiated various audits on the basis of complaints it had received, in light of the Court of Justice of the European Union ruling in Data Protection Commissioner v. Facebook Ireland Limited, Maximillian Schrems (C-311/18). On matters relating to COVID-19, CNIL offered 15 opinions, conducted 29 audits, processed 576 authorisation applications related to health, and provided 54 authorisations of research projects.
Looking forward to 2022, CNIL highlighted that it will continue to consider the evolution of the education sector, most notably how digital technologies might be used in the context of learning analytics, EdTech, video calling, and, more widely, how the rights of children will be protected.