Is France’s CNIL-Style Enforcement Coming to a CCPA Violation Near You?

The California Privacy Protection Agency (CPPA) and France’s Commission Nationale de l’Informatique et des Libertés (CNIL) have recently signed a significant declaration of cooperation. This agreement marks a pivotal step in the global landscape of data privacy, aiming to enhance the enforcement capabilities and collaborative efforts between these two leading privacy authorities. 

Does this indicate the CPPA will start enforcing soon and aggressively? Truyo President Dan Clarke says, “I can’t think of any other reason to create this declaration unless California wants to seek state adequacy under GDPR, which I believe to be possible but unlikely.  While the CPPA has been very active in rulemaking, even the third and largest enforcement settlement originated with the AG, so I suspect the CPPA is about to get much more proactive.” 

The agreement outlines a comprehensive framework for cooperation, designed to facilitate joint research, education, and the sharing of best practices related to new technologies and data protection issues. This partnership is poised to strengthen the privacy regulations in both regions, ensuring the protection of personal data in an increasingly interconnected world. 

“We’re pleased to collaborate with the CNIL and pave the way for information sharing on areas of mutual interest. We look forward to a productive exchange in the years to come, with our appreciation to the CNIL,” said Ashkan SOLTANI, Executive Director of the CPPA.  

“This agreement opens a new chapter of cooperation between the CPPA and the CNIL. We are looking forward to working together on common research projects, to exchanging good practices or to sharing experiences. Data circulation on a global scale requires such an approach to go beyond the national and European framework,” said Marie-Laure DENIS, President of the CNIL. 

 Key Points of the CPPA-CNIL Agreement: 

• Joint Research and Education: Conducting collaborative internal research and education on new technologies and data protection issues. 

• Sharing Best Practices: Exchanging experiences and best practices, particularly in the course of investigations. 

• Periodic Meetings: Convening regular meetings to discuss and address emerging privacy challenges. 

• Strengthening Enforcement: Enhancing the enforcement capabilities of both agencies through mutual learning and shared investigative findings. 

• Global Collaboration: Emphasizing the necessity of cross-border cooperation to tackle complex data protection challenges. 

What Are the Likely Priorities for Enforcement by the CPPA?   

GPC and opt-out are always top of mind for the CPPA, but they also want to show broad elements of compliance. Clarke says, “I always recommend looking at your website like an auditor would for what’s easy to assess. You can easily check your cookie and GPC compliance and find actionable steps to proactively enhance compliance if there are gaps.” 

Is International Collaboration the Future of Enforcement? 

The CPPA-CNIL partnership underscores the growing importance of international collaboration in data privacy protection. As both agencies pool their resources and expertise, they are better equipped to navigate the evolving digital landscape and enforce robust data protection laws.  

This agreement not only enhances the capabilities of the CPPA and CNIL but also sets a precedent for other regions seeking to strengthen their data privacy measures through international cooperation. By fostering a collaborative approach, the CPPA and CNIL aim to create a safer and more secure digital environment for consumers worldwide. 

To stay abreast of the latest developments in state and federal privacy law, subscribe to the Truyo Privacy Newsletter at Truyo.com/blog.