From local to national levels of government around the world, there was a slew of legislative activity in the privacy and data protection space in 2023. And 2024 shows no signs of slowing down. The legislative and regulatory landscape will be even more complex in 2024 as some countries work to implement laws finalized last year — such as India’s Personal Data Protection Law — while others launch or continue discussions around potential privacy legislation. Artificial intelligence will be top of mind, too, as governments and regulators consider how to best rein in the burgeoning technology — such as the proposed EU AI Act — and privacy pros work to determine the intersection between AI governance and data protection.

For an on-the-ground look at what lies ahead for 2024, the IAPP gathered insights from privacy professionals in 56 countries around the globe.

France predictions by Cécile Martin, Managing Partner – Ogletree Deakins

France’s data protection authority, the Commission nationale de l’informatique et des libertés, outlined three areas of focus within its 2022-24 strategic plan, given new challenges presented by the increasing digitization of our society.

The CNIL will focus on promoting better control and respect for people’s rights in the privacy field. It intends to act on several fronts in France, but also at the European level. While the CNIL plans to locally increase its communication efforts and publish tools to facilitate this exercise, it also seeks to reinforce the effectiveness of individuals’ rights and organizations’ compliance with the GDPR by implementing a dissuasive and proportionate repressive policy within tighter deadlines. To this end, the CNIL is adapting its control, formal notice and sanction procedures. In addition, the regulator intends to increase the effectiveness of the « one-stop shop » mechanism and pushes for concerted actions within the EDPB.

Promoting the GDPR as an asset of trust for companies will be the CNIL’s second area of focus. One of the tools the CNIL underlines to reinforce the efficiency of the GDPR is the certification and code of conduct process. According to the CNIL, these tools are powerful given they enable controllers to take charge of compliance in a way that is adapted to their specificities. Furthermore, being conscious that cybersecurity is at the heart of digital confidence and cybercrime is on the rise, the CNIL will strengthen its role in the public authorities’ response to cyber risk.

Lastly, the CNIL will prioritize targeted regulatory actions on subjects with high stakes for privacy. The CNIL selected three priority themes: augmented cameras and their uses, the cloud, and smartphone applications. With the accelerated development of AI, the CNIL aims to extend its work in generative AI to large language models and derived applications, notably chatbots. Its AI action plan will focus on understanding how AI systems work and their impact on people, enabling and overseeing the development of AI that respects privacy, federating and supporting innovative players in the AI ecosystem in France and Europe, and audit and control of AI systems and protecting individuals.

Cliquez sur le lien suivant pour accéder au livre blanc complet / Please click on the link below to access the full publication :

=> IAPP 2024 Global Legislative Predictions

IAPP – International Association of Privacy Professionals

=> Vous souhaitez être accompagné(e) en gestion des données personnelles en France comme à l’international, ou être mis en relation avec nos avocats, contactez-nous / If you need assistance with data privacy issues, in France or in the world, or to get in touch with our lawyers, contact us:


Pour aller plus loin

Vous souhaitez recevoir nos newsletters, informations et actualités ?

Inscrivez-vous ici