The CNIL’s English homepage highlights a mix of enforcement, guidance, and public outreach. A featured item showcases an English-language graphic narrative called The Privacy Agency, inspired by manga, designed to help raise awareness among teenagers about personal data and online privacy. Enforcement remains a central theme: as part of a cookie regulation action plan initiated in 2019, the CNIL imposed fines of 325 million euros on Google and 150 million euros on Shein for failures to comply with cookie rules. The authority also published final recommendations to help professionals design mobile applications with stronger privacy protection, following a public consultation.
Recent news items underscore ongoing European coordination and national oversight. The European Data Protection Board adopted opinions on draft United Kingdom adequacy decisions, posted on 20/10/2025. On 16/10/2025, the EDPB published guidelines on the interaction between the GDPR and the Digital Markets Act and announced coordinated European-level transparency checks. At the national level, the CNIL reported a sanction against the Samaritaine regarding hidden cameras, published on 23/09/2025, and the closure of an injunction issued against Orange, published on 18/09/2025. The homepage also reiterates the awareness initiative for teenagers through The Privacy Agency, listed in news on 12/09/2025.
Artificial Intelligence governance features prominently. A joint statement on trustworthy data governance for Artificial Intelligence notes that twenty data protection authorities have committed to fostering innovative and privacy-protecting Artificial Intelligence, published on 18/09/2025. The item reflects growing cross-border collaboration among authorities on emerging technologies while emphasizing data protection safeguards.
The CNIL also spotlights practical resources. A 2024 edition of the practice guide for the security of personal data is featured, alongside two documents: The CNIL in a nutshell 2025 and Cybersecurity 2024 – GDPR: the best prevention against cyber risks. Together, these resources and updates illustrate the regulator’s dual focus on enforcement and education, combining sanctions and European guidance with toolkits and recommendations to support better compliance and privacy-by-design practices.
