Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

France: CNIL publishes GDPR compliance guide and self-assessment tool for AI systems

The French data protection authority ('CNIL') announced, on 5 April 2022, that it had published a set of dedicated resources on artificial intelligence ('AI'). In particular, CNIL highlighted that the publication of the new resources arrives in the context of the wider European-level strategy on AI and is intended to contribute to the development of a robust regulatory framework for AI based on human rights and fundamental values, ​​and thus the building of the trust of European citizens. Notably, the published content is directed at three distinct audiences: the general public; data controllers and processors; and AI specialists. 

In terms of guidance for data controllers and processors, CNIL notably published a guide on the main principles of Act No.78-17 of 6 January 1978 on Data Processing, Data Files and Individual Liberties and the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'), to be followed in the implementation of personal data processing based on AI systems, as well as CNIL's positions on more specific issues, including on the establishment of a suitable legal basis for processing, data retention period determination, protecting against risks associated with AI models, ensuring transparency and explainability, and the facilitation of data subject rights, among several others. In addition, CNIL published a Self-Assessment Guide for AI Systems, which offers an analysis grid to allow organisations to assess for themselves the maturity of their AI systems with regard to the GDPR, with linked best practice guidance provided to facilitate and guide such assessments.

You can read the press release here, the guide on AI and GDPR compliance here, and the self-assessment tool here, all only available in French.