CNIL publication dated April 3, 2026
Each year, the CNIL identifies priority enforcement areas, in addition to investigations carried out following complaints or current events. For 2026, the authority has selected three main focus areas: recruitment, the single electoral register (REU), and sports federations. The CNIL also announces, in a separate but complementary framework, a coordinated European action focusing on the transparency and completeness of the information provided to data subjects.
- Implementation of the CNIL’s recruitment guidelines
Three years after publishing its dedicated guide, the CNIL intends to verify that recruitment practices comply with data protection rules. Inspections will focus in particular on candidate information, data retention periods, and the use of automated decision-making tools.
Large companies and recruitment agencies will be especially targeted due to the significant volume of applications they process. This theme also aligns with the CNIL’s forthcoming role as a market surveillance authority in the field of employment under the Artificial Intelligence Regulation.
- Monitoring the use of the national electoral register (REU)
The REU, managed by INSEE, centralizes data on all French voters and is notably used to manage electoral rolls and proxy voting.
Inspections will aim to ensure the lawfulness of the use of this particularly sensitive database and to detect any misuse or diversion from its intended purpose.
- Sports federations: sensitive data, minors and cybersecurity
Following the Paris 2024 Olympic Games, whose popularity led to increased registrations in sports clubs, the CNIL will pay particular attention to data processing carried out by clubs and sports federations. These organizations handle large volumes of data, including health data and information relating to many minors.
Checks will focus in particular on the relevance of the data collected, retention periods, and security measures, in a context marked by a rise in cyberattacks targeting the sector.
- Coordinated European Action on Transparency
Finally, as part of the European cooperation mechanism, the CNIL will participate in a coordinated action with its counterparts focusing on the transparency of the information provided to data subjects.
This work will result in a European report identifying best practices and areas for improvement, with the CNIL coordinating this initiative this year.
* * *
Organizations concerned would therefore be well advised to anticipate these inspections by assessing their practices against GDPR requirements. Beyond mere documentary or technical compliance, this development also highlights the importance for organizations of preparing internally for CNIL inspections. This notably involves understanding how an inspection unfolds, identifying in advance the relevant contacts, and ensuring that appropriate operational reflexes are in place when responding to CNIL agents’ requests.
