French regulators HAS and CNIL have launched a public consultation on a draft guide for AI implementation in healthcare settings. The guide clarifies legal obligations, governance requirements, and best practices for healthcare AI systems, addressing compliance with data protection and healthcare regulations.
No articles specifically tagged for France yet. Check our blog for general compliance coverage.
The French data protection authority (CNIL) has released the 2026 update of its 'Tables Informatique et Libertés,' a comprehensive reference document compiling key jurisprudence and decision-making practices for GDPR and French data protection law. This update provides essential guidance for consistent application of data protection standards, reflecting evolving legal interpretations and enforcement trends that organizations must consider in their compliance programs.
The French data protection authority (CNIL) and partners have launched Project PANAME to develop an open-source library for auditing AI models' privacy and GDPR compliance, focusing on data extraction and re-identification risks. This initiative signals increased regulatory scrutiny of AI governance under GDPR and provides a practical tool for organizations to assess compliance. An open call invites organizations to test the tool, with feedback aimed at enhancing its effectiveness.
The French data protection authority (CNIL) has launched a public consultation on draft recommendations for session replay tools, which record user online behavior. The consultation targets both tool providers and website/app publishers, focusing on compliance with data minimization, user information, and consent requirements under privacy regulations like GDPR.
The French data protection authority CNIL has fined Conde Nast €750,000 for violating cookie consent requirements on its Vanity Fair website. This enforcement action demonstrates ongoing regulatory scrutiny of cookie compliance under GDPR and ePrivacy Directive requirements, with significant penalties being imposed across Europe for similar violations.
The French Data Protection Authority (CNIL) will review multiple data privacy items in its February 12, 2026 plenary session, including sector-specific guidance for gambling, approval of a national code of conduct, opinion on retention periods for family benefit organizations, and authorization for health data processing. These actions represent ongoing regulatory oversight and potential new compliance requirements in data protection.
The French data protection authority (CNIL) conducted an audit of company VIZZIA regarding its use of automated image capture and analysis tools for combating illegal dumping. This enforcement action signals increased regulatory scrutiny of AI-powered surveillance technologies in public spaces under data protection laws.
The French data protection authority CNIL has conducted on-site inspections as part of a coordinated European enforcement action focusing on GDPR right to erasure compliance. Key findings reveal persistent issues with internal procedures and data subject information, with CNIL already issuing two formal notices and potential further corrective measures. This signals increased regulatory scrutiny and the need for organizations to review their erasure request handling processes.
The French data protection authority (CNIL) has released its 2025 enforcement report, detailing 83 sanctions with total fines of €486.8 million. The report highlights increased enforcement focus on cookie/tracking violations (including two major fines of €325M and €150M) and employee video surveillance, signaling heightened regulatory scrutiny under GDPR.
The French Data Protection Authority (CNIL) is reviewing several draft decrees that will impact data processing in key sectors. These include automated background checks for caregivers, body-worn cameras for prison staff, and obligations for platform operators under the Social Security Code. These regulatory developments require organizations to prepare for enhanced data privacy compliance in social care, law enforcement, and digital platform operations.