The French data protection authority, the CNIL (Commission Nationale de l’Informatique et des Libertés), has published its annual report for 2012, emphasizing a significant increase in complaints, audits, and sanctions. The CNIL says it processed the largest amount of complaints in its history in 2012-over 6,000. Those complaints were received principally from private individuals regarding their right to access, rectify, or oppose data processing. In addition, CNIL audits increased by almost 20% since 2011. The audits were triggered as a result of the CNIL’s annual programme of audits (approximately 40%), in reaction to public events (approximately 25%), or to complaints (23%). While the number of financial sanctions was relatively stable (4 versus 5 in 2011), the total amount of financial sanctions decreased. However, the CNIL has increased substantially the number of public sanctions, taking advantage of a new provision, which allows it to order the publication of its cease-and-desist letters. The CNIL’s report dwells on the challenges of regulating big data, and argues that privacy protection does not necessarily have to create costs in terms of innovation and economic development.