CNIL: 5 resolutions to strengthen personal data protection

The world's CNILs regularly exchange views under the aegis of the Global Privacy Assembly (GPA), and have just adopted 5 resolutions, the most important of which is aimed at regulating government access to personal data held by private companies, with the aim of establishing a foundation of guarantees at international level. Here's a closer look at how this protection is being strengthened.


Regulating access to data held by the private sector

At its 43rd annual meeting, held in Mexico from October 18 to 23, 2021, the World Privacy Assembly adopted five important resolutions:

  1. Resolution on the strategic direction of the 2021-23 assembly
  2. Resolution on data sharing for the public good
  3. Resolution on children's digital rights
  4. Resolution on government access to data, privacy and the rule of law: principles for government access to personal data held by the private sector for national security and public safety purposes
  5. Resolution on the future of the Conference and the Secretariat

Regulating government access to personal data belonging to the private sector is the first resolution passed by the GPA, of which CNIL is a co-author, alongside the Canadian authority (OPC) and the Japanese authority (PPC).

This international text lays down the principles for respecting privacy when the government accesses personal data for reasons of national security or public safety.

Protecting children's digital rights

The resolution on children's digital rights recalls the importance of developing policies focused on protecting minors, a particularly vulnerable population with a strong presence on the Internet.

The CNIL, co-author of this text with the Italian authority (the Garante), suggests the introduction of appropriate regulations, awareness and education campaigns, dedicated tools such as interfaces adapted to informing minors, and devices ensuring the safety of children according to their age.

Work on data sharing for the common good

The Assembly also discussed data sharing between countries, a subject that has become essential since the Covid-19 pandemic. The implementation of this resolution should enable us to better monitor the evolution of SARS-CoV-2 and adapt our health response.

A working group, whose first results will be published at the end of 2022, has been appointed to find the most balanced approach between data sharing and privacy protection.

Strengthening the Assembly's role in international debates

The CNILs agreed on two other resolutions aimed at reinforcing the role of the World Privacy Assembly as a key body in international debates.

These include the adoption of a strategic plan for monitoring technologies from 2021 to 2023, and the creation of an independent secretariat funded by contributions from its members.

Global Privacy and Data Protection Awards 2021

Each year, the GPA rewards the best projects developed by data protection authorities in several categories, including education, dispute resolution and law enforcement, innovation and accountability.

This year, the CNIL won in the "Innovation" category thanks to its software, Cookieviz 2.0, which enables the general public to visualize the impact of cookies during their own browsing. In concrete terms, the tool analyzes the interactions between a browser, remote sites and servers, and makes it possible to find out to which other actors the visited site sends information.