On June 16, 2016, the French data protection authority (“CNIL”) launched a public consultation on the General Data Protection Regulation (“GDPR).   The consultation focuses on four priority themes set out in the Article 29 Working Party’s 2016 Action plan:

  • the data protection officer;
  • the right to data portability;
  • data protection impact assessments; and
  • certification.

For each topic, the CNIL invites stakeholders to submit their questions, anticipated difficulties in interpretation, and examples of good practices.

Stakeholders can provide their contributions on the CNIL’s website.  The responses should help the CNIL in its efforts to create an “efficient and operational regulatory framework”.  The results of the consultation will also feed into the Article 29 Working Party’s preparation of guidelines on these topics.

The CNIL also calls on stakeholders to communicate their priorities under the GDPR.  This should help the CNIL and the Article 29 Working Party to prioritize the areas in which further guidance is required.  Additional public consultations on other topics will follow in a few months.


On the same day, the European Data Protection Supervisor published a background paper for stakeholder consultation on the “necessity principle”.  The consultation should contribute to the development of a “toolkit” providing guidance to legislators when assessing the “necessity” of a legislative measure that interferes with the data protection and privacy rights.  The paper provides background on the role of the necessity principle and proposes a “Six steps” checklist.