French privacy watchdog includes digital ID, AI and minor protection in strategic plan

Digital identity, artificial intelligence, cybersecurity and protecting minors online will be the main areas of focus for the French privacy watchdog in the coming years, according to its recently published strategic program.

The National Commission for Information Technology and Civil Liberties (CNIL) 2025-2028 plan will also include increasing the number of penalties for data protection law violators and more communication with the public on vital issues.

When it comes to digital IDs and mobile applications, the agency’s main task will be ensuring user privacy.  Digital IDs are an opportunity for businesses and public authorities to introduce secure user identification and authentication and increase trust in the digital economy, says the agency. This is why it has published privacy recommendations aimed at app developers.

The watchdog pledges to work with European authorities on implementing the eIDAS Regulation and the European Digital Identity (EUDI) Wallet and contribute to the development and use of privacy-friendly online identity and age verification solutions.

CNIL stops short of arguing for measures such as age restrictions on social media, which are becoming more popular in some countries. Its strategy for ensuring the safety of minors online, however, includes stricter controls on platforms used by minors, including social networks, educational applications, video games and EdTech).

The agency promises to pay particular attention to whether platforms are collecting consent from minors and ensuring compliance with advertising rules.

Last year, the French government introduced the SREN law which enables the Regulatory Authority for Audiovisual and Digital Communication – Arcom to block pornographic sites that do not prevent minors from accessing their content. As part of the law, Arcom laid out minimum technical requirements for age verification systems which was approved by CNIL in October.

The final two areas of focus, AI and cybersecurity, also received a list of initiatives in the strategic plan. The rise of generative AI and the spread of content such as deepfake carry significant privacy risks, says CNIL. The agency plans to continue clarifying the legal frameworks on AI and develop new audit capabilities.

In December, CNIL concluded an investigation into police use of Briefcam’s AI video surveillance, issuing six formal notices to municipal police over regulatory breaches.

Regarding cybersecurity, the watchdog plans to collaborate with the French Cybersecurity Agency (ANSSI) and the government platform Cybermalveillance to raise awareness and boost protective measures against online threats. It also aims to contribute to developing technical solutions focused on privacy and ensure compliance with security rules.

CNIL recorded a 35 percent increase in public complaints related to data privacy in 2023. It also issued twice as many sanctions as the previous year, collecting more than 89.1 million euros in fines.

Article Topics

age verification  |  biometric data  |  biometric identifiers  |  CNIL  |  cybersecurity  |  data privacy  |  data protection  |  digital identity  |  France