country: France framework: GDPR region: EU language: fr version: 2024-06 status: published last_updated: 2025-06-26 source_verified: true authority: CNIL (Commission Nationale de l'Informatique et des Libertés) notes: - France enforces GDPR directly, supplemented by national guidance from CNIL. - CNIL offers detailed recommendations on biometric data, health data, and cookie tracking. categories: - name: Full Name type: direct_identifier subtype: personal_name required_masking: true tags: - pii citations: - regulation: GDPR article: 4(1) description: Defines personal data as any information relating to an identified or identifiable person category_tags: - core - identity - name: Email Address type: direct_identifier subtype: digital_contact required_masking: true tags: - pii citations: - regulation: GDPR article: 4(1) category_tags: - core - contact - name: Phone Number type: direct_identifier subtype: telecom_contact required_masking: true tags: - pii citations: - regulation: GDPR article: 4(1) category_tags: - core - contact - name: IP Address type: indirect_identifier subtype: network_identifier required_masking: true tags: - tracking citations: - regulation: GDPR recital: '30' description: Online identifiers such as IP addresses can lead to identifiability - authority: CNIL guideline: Cookies & trackers url: https://www.cnil.fr/fr/cookies-traceurs-que-dit-la-loi category_tags: - digital - behavioral - name: National ID Number (INSEE or Numéro de Sécurité Sociale) type: national_identifier subtype: government_id required_masking: true tags: - pii - national_id - government_id citations: - regulation: GDPR article: '87' - authority: CNIL guideline: Use of national identifiers url: https://www.cnil.fr/fr/le-numero-de-securite-sociale-et-les-cookies category_tags: - core - identity - name: Biometric Data (e.g., facial recognition, fingerprints) type: special_category subtype: biometric required_masking: true tags: - biometric - sensitive citations: - regulation: GDPR article: 9(1) - authority: CNIL guideline: Biometric systems and fingerprint use url: https://www.cnil.fr/en/biometrics category_tags: - core - biometric - sensitive - name: Health Data type: special_category subtype: health required_masking: true tags: - phi - sensitive citations: - regulation: GDPR article: 9(1) - authority: CNIL guideline: Health data in research and processing url: https://www.cnil.fr/en/health category_tags: - core - health - sensitive - name: Location Data (real-time GPS, Wi-Fi triangulation) type: behavioral subtype: geolocation required_masking: true tags: - tracking citations: - regulation: GDPR article: 4(1) description: Location data can indirectly identify a person category_tags: - digital - tracking - name: Cookie Identifier / Device Fingerprint type: indirect_identifier subtype: device_id required_masking: true tags: - tracking - online_identifier - pii citations: - regulation: GDPR recital: '30' - authority: CNIL guideline: Cookies and Trackers url: https://www.cnil.fr/en/cookies-and-other-trackers category_tags: - tracking - digital - name: Employment Contract Data type: contextual_identifier subtype: hr_data required_masking: true tags: - pii - hr_data - employment_contracts citations: - regulation: GDPR article: '88' - authority: CNIL guideline: Employee privacy url: https://www.cnil.fr/fr/le-dossier-employeur-et-rgpd category_tags: - employment - sensitive - name: Salary Information type: financial_identifier subtype: compensation required_masking: true tags: - pii - compensation - hr_data citations: - regulation: GDPR article: 4(1) description: Considered identifiable and sensitive in employment context category_tags: - finance - employment