France 
United States 
Deutschland 
United Kingdom 
México 
Canada (EN) 
From the emergence of new laws to elections that shift policy priorities to significant enforcement actions, 2024 was another active year in the data governance space. Privacy professionals anticipate that trend will continue in 2025, with what they say will be a transformative year for data protection, AI governance and cybersecurity. While some countries will continue implementing existing regulations and frameworks, others will work to bring forward potential legislation, and areas like AI governance and children’s privacy are expected to remain a key focus for many jurisdictions. For an on-the-ground perspective, privacy pros from 67 countries and jurisdictions around the globe share their insights on what lies ahead for 2025.
France predictions by Cécile Martin, Managing Partner – Ogletree Deakins
Each year, France’s DPA, the Commission nationale de l’informatique et des libertés, defines topics of high public interest and its priority investigations.
As expected, the CNIL plans to focus mainly on two major concerns in 2025, one being the hot topic of minors’ data being collected online through applications such as social networks, dating sites and online gaming platforms. This is given the high risks potentially raised by the massive collection of data related to minors’ identities, preferences and lifestyles.
To ensure data controllers are complying with obligations, the CNIL is checking use of age control mechanisms, implementation of security measures and respect of the data minimization principle.
The CNIL’s second area of focus is data subjects’ right of access, the European Data Protection Board’s 2024 Coordinated Enforcement Framework action. The CNIL is joining other DPAs in investigating compliance with this right by data controllers.
According to the CNIL, the goal is to harmonize effective application of the EU GDPR and coordination between supervisory authorities to enable a better understanding of this right.
AI is, of course, another point of attention after the 12 July 2024 publication of the EU AI Act — the first general AI legislation in the world. The CNIL published a booklet on the topic, based mainly on the development of privacy-friendly AI, the support of innovative players and the audit of the existing systems to protect data subjects.
Companies’ application of the AI Act, especially regarding human resources and recruitment or evaluation of candidates and employees, will undoubtedly be one of the major issues in years to come.
Cliquez sur le lien suivant pour accéder au livre blanc complet / Please click on the link below to access the full publication :
=> IAPP 2025 Global Legislative Predictions
IAPP – International Association of Privacy Professionals
=> Vous souhaitez être accompagné(e) en gestion des données personnelles en France comme à l’international, ou être mis en relation avec nos avocats, contactez-nous / If you need assistance with data privacy issues, in France or in the world, or to get in touch with our lawyers, contact us: communicationFR@ogletree.com
