France to implement 1995 Privacy Directive

By EDRi · April 21, 2004

On 29 April 2004 the French National Assembly will examine in second reading the draft law implementing the 1995 Directive on the protection of privacy and personal data. The transposition process started in July 2001 under the previous government. France is the last EU country where the implementation has not been completed, far beyond the deadline of October 1998.

French people have been however among the first EU citizens to enjoy a law on personal data protection, with the ‘Computing and Freedom Law’ (Loi informatique et libertes) adopted in January 1978. But this law only deals with protection against government activities, and the transposition is needed to reinforce protection against private and commercial activities. The long awaited implementation of the Directive is also supposed to empower the French Data Protection Authority (Commission nationale de l’informatique et des libertes or CNIL), giving it the power to impose financial sanctions on companies when they infringe the law.

However, it appears from the current draft law that the situation is likely to become worse. As recalled by the French coalition DELIS (Droits et libertes face a l’informatisation de la societe) in a free opinion published by Le Monde on 14 April 2004, many provisions may lessen the protection level of French citizens. Among them, two provisions are specially dangerous. The first one would authorise rightholders to keep in their files the identity of their offenders (or their IP numbers); this has been a clear request from IP rightholders.

The second one is the replacement of the necessary declaration prior to any collection and use of personal by the nomination of a ‘CNIL intermediary’ in any private or public entity, this person being an employee of the organisation. Proposed in the name of efficiency, this provision will obviously make independent control difficult.

The French situation is also made difficult by the fact that the draft law does not seem to raise a lot of concerns from the general public. 25 years ago the 1978 law was adopted, and the CNIL created, after a large scandal resulting from a government proposal to interconnect all files of the administration. Today, French e-government plans are being implemented without any debate.

Opinion by DELIS published in Le Monde (14.04.04) http://www.iris.sgdg.org/info-debat/tribune-delis-0404.html

French National Assembly Dossier on the draft law http://www.assemblee-nationale.fr/12/dossiers/cnil.asp

CNIL http://www.cnil.fr

(Contribution by Meryem Marzouki, IRIS)