As we progress into 2025, the CNIL has outlined its focal areas for the year, zeroing in on the scrutiny of mobile applications, the cybersecurity measures of local authorities, and data processing by penitentiary administrations. This strategic focus underlines CNIL’s dedication to safeguarding personal data amid the evolving digital landscape.
Mobile Applications and Data Collection
The proliferation of mobile applications, with each French individual downloading approximately thirty apps annually, has made them a powerful vehicle for data collection. Sensitive information, from banking to geolocation data, is routinely processed through these platforms. In response, CNIL has committed to conducting a series of inspections on this ecosystem, scrutinizing app developers and software development kit (SDK) providers. The emphasis will be on the proper configuration of SDKs and the governance of data access permissions. Both private and public sector actors, especially those offering administrative services through mobile apps, will be under review.
Local Authorities and Cybersecurity
The increase in cyberattacks, including 5,629 data breach notifications in 2024 alone, underscores the urgency of robust cybersecurity frameworks. Local authorities, which handle extensive datasets including financial and civil status information, are particularly vulnerable. Recognizing this, CNIL’s inspections will focus on the cybersecurity measures employed by these entities to protect user data. This initiative aligns with preparing for the NIS-2 Directive, emphasizing enhanced cybersecurity competencies and standards.
Penitentiary Administration Data Practices
Handling data related to the currently 77,800 detainees in France, penitentiary administrations must ensure stringent security measures to protect this highly sensitive information. The CNIL will audit the digital systems maintaining records under the GENESIS system, evaluating data processing conditions and communication security protocols within penitentiary establishments.
Enforcing Data Erasure Rights
Complementing these efforts, a coordinated European enforcement action will evaluate compliance with data erasure rights, fostering consistency across data protection authorities within the EU.
These initiatives reflect CNIL’s proactive stance on reinforcing data protection regulations, adapting to new challenges, and ensuring the ongoing safety and privacy of personal data in an increasingly digital society.
Original source link: [CNIL.fr](https://www.cnil.fr/fr/les-controles-de-la-cnil-en-2025).