CNIL defines its priority inspection themes for 2024!

Partagez cet article

Articles À la Une

As it does every year, the CNIL (the French data protection regulatory authority) will be carrying out a number of inspections in response to data breaches, complaints and current events. The CNIL also determines its priority inspection themes, and in 2024 it has decided to focus on:


# loyalty programs and digital sales receipts 

A great deal of data is collected as part of retailer loyalty programs. Data collected in this way is often reused for commercial prospecting or targeted advertising. Similarly, the digitalization of sales receipts leads to personal data being processed so that receipts can be sent by SMS or e-mail. As a result, the CNIL has decided to check that consumers have been informed and that consent has been obtained before any data is reused, particularly targeted advertising purposes. Loyalty programs are sometimes directly available on websites and applications, and so can be easily inspected by the CNIL. It is therefore prudent to manage customer loyalty in compliance with the GDPR.

# right of access for data subjects 

The CNIL and its European counterparts are to make checks on how rights of access are undertaken. The aim of this action is to harmonize how the GDPR is applied and coordinated between supervisory authorities. The European authorities will analyze the results in order to better understand this right and ensure follow-up at national and European level.

# online collection of minors’ data 

The presence of minors online can lead to large scale collection of their personal data, particularly concerning their identity, preferences and lifestyles. This can have a major impact on their privacy, psychological well-being and even their socio-professional future. The CNIL will therefore be monitoring the applications and websites most frequently visited by minors, to ensure that age checks are carried out, that security measures are in place, and that data is minimized.

# data collection for the Olympic and Paralympic Games 

Given that this event will bring together several million people (spectators and athletes), a number of data collection systems are being put in place (video surveillance and QR code access in particular). The CNIL will be paying particular attention to these processing operations, as well as to data processing linked to ticketing services.

Aurore BOIBESSOT / IP Lawyer