French Regulator Unveils Projects Clarifying AI Deployment and GDPR Compliance
The French privacy authority CNIL Thursday listed its 2025 projects which aim at helping privacy professionals comply with the General Data Protection Regulation.
Sign up for a free preview to unlock the rest of this article
CNIL's main tools are non-prescriptive "flexible law" documents containing recommendations and guidelines that clarify applicable regulations and suggest best practices.
Among other things, this year's flexible law projects include updated fact sheets on AI to help professionals balance innovation with respect for people's rights for responsible AI development. The fact sheets will focus on topics such as applying the GDPR to AI models and security. There will also be fact sheets about deploying AI, particularly in the education, labor and local authority sectors.
Three draft recommendations are on the agenda, CNIL said. The first is about multi-terminal consent; CNIL will clarify the conditions where companies can obtain consent for data processing over a range of equipment, such as computers and smartphones, by ensuring transparency and user control.
Another recommendation will cover pixels in emails. Here, CNIL said, it will try to clarify those cases where consent is required and suggest ways of collecting consent appropriately. The third recommendation concerns the seniors' economy: This will give professional guidance across several sectors, such as health, nutrition, safety and autonomy and housing, to assist with such things as the nature of personal data processing and age-specific targeting.
Additional recommendations will cover the use of dashcams, and clarify rules applicable to political parties, candidates and subcontractors to help them comply with new EU regulations on political targeting.