Thanks for your interesting post about the France's CNIL commission. I don't want to risk turning this into a political blog, but I fear that there is a big difference between the French and the US governments. It seems like the US government is taking steps to be an abuser of data while the French commission seems to be a protector of data. That is most likely too broad of a statement to be accurate, though. The US has enacted laws such as the Sarbanes-Oxley act and HIPAA to protect data privacy and security (and to provide guidance on how to better manage data). On the other hand, there is the PATRIOT act which makes it easier for the government to sieze formerly private data. I like the idea of having the US enact a CNIL-like agency if I could be sure that it would act in the best interests of the citizen's data (and not like a bureaucratic mechanism for siezing more data). And, of course, there are those that would be against such an idea just because it imposes more governmental control (e.g. Libertarians).

As data-related issues and problems grow in volume and "scariness" I think the US congress will impose additional legislation (indeed, some are working their way through the system now). A problem could grow here, too, where the law becomes so convoluted that noone will know what it actually is enforcing.