French Government Decree on data retention – another Big Brother act

By EDRi · April 25, 2007

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

The French Government, during this election period, is preparing a decree
for the application of the law on the confidence in the numerical economy
(LCEN) of 21 June 2004, which requires webmasters, hosting companies,
fixed and mobile telephony operators and Internet service providers to
retain all information and on Internet users and telephone subscribers and
to deliver it to the police or the State at a simple request.

The present text requires the data retention for a year, and according to
the digital rights associations, such as EDRI-member IRIS, this goes even
further up to retaining the passwords supplied when subscribing to a
telephone service or an Internet account or payment details such as amount,
date or type.

It apparently imposes the identification of anyone in France who has made
any modification in a blog, a chat room or on the web and the systematic
recording of anything put, modified or erased online which is practically
impossible from the technical as well as economical point of view.
Further more, chapter 2 of the draft decree establishes that the data
retained by the ISPs and hosting companies and obtained by the police can be
kept by the latter for a period of three years in the automatic processing
systems provided by the Ministry of Domestic Affairs and the Ministry of
Defence. And this comes at a time when the police have already been given
wider prerogatives while no data protection measures are provided for the
data retained.

Concerns are also expressed in relation to the vagueness of the text. “We
would like some clarifications on the nature of the data that operators have
to retain, considering their risk of penal responsibility in case of a
legal decision regarding the violation of privacy” said Dahlia Kownator,
general delegate of AFA-France (French Association of ISPs), who also
believes that a harmonization of the regulatory texts should be achieved at
the national and European level.

The costs involved by this process would also be extremely high. During a
meeting organised by the Ministries of Domestic Affairs and Finance on 8
March 2007, professionals have estimated their costs in human resources and
storing capacity could reach up to several millions euro per year.

The sanction for non-compliance or passivity would also be very high, the
French Internet ISPs and websites facing fines of up to 375 000 euros and
their managers one-year imprisonment and up to a 75 000 euros fine, besides
the closing down of their business and the interdiction to practice any
commercial activity.

According to IRIS, besides these obvious negative results, this action would
lead to discouraging the French Internet providers to the advantage of the
international players.

Retention of identification and connection data: more and more and over
longer time periods – IRIS press release (only in French, 20.04.2007)
http://www.iris.sgdg.org/info-debat/comm-decretlcen0407.html

Debate on the information data retention (only in French, 20.04.07)
http://www.lemonde.fr/web/article/0,1-0@2-651865,36-899089@51-886229,0.html

Does the State want to kill the Internet in France (only in French,
20.04.2007)
http://www.lemonde.fr/web/article/0,1-0@2-3232,36-899116@51-886229,0.html