France: National Commission for the Protection of Information and Information guidance clarifying the role of data controllers and subcontractors in personal data processing

Progress

Current status

adopted

06 Jun 2025 adopted

Scope

Implementers

France

Policy Area

Data governance

Policy Instrument

Data protection regulation

Regulated Economic Activity

cross-cutting

Government Branch

executive

Government Body

data protection authority

Implementation Level

national

Timeline of events

06 Jun 2025

adopted

National Commission on Informatics and Liberty adopted guidance clarifying the role of data controllers and subcontractors in personal data processing

On 6 June 2025, the French National Commission on Informatics and Liberty (CNIL) adopted guidance clarifying how entities should determine their roles as data controllers, joint controllers, or processors under the General Data Protection Regulation…

Source

Event type outline

Action type adoption

Government branch executive

Government body data protection authority

Progress

Scope

Timeline of events

National Commission on Informatics and Liberty adopted guidance clarifying the role of data controllers and subcontractors in personal data processing

Related changes