transborder

IT landscape in France
Return to main menu

Transborder data flows

France has a conservative system regarding privacy and censorship that aims at protecting its citizens.

Privacy

The Data Protection Act was enacted in 1978 and covers personal information held by government agencies and private entities. Anyone wishing to process personal data must register and obtain permission in many cases relating to processing by public bodies and for medical research. Individuals must be informed of the reasons for collecting information and may object to its processing. Individuals have rights to access and demand correction to personal data. Fines and imprisonment can be imposed for violations.

French privacy laws are enforced by the CNIL agency (National Commission on Computers and Civil Liberties). Nearly all Western countries (except the US) and several Asian countries have voted a law to protect their data and have chosen an administrative body to enforce the law. A new law could be voted in France in 2002 to extend the power of the CNIL in administering financial penalties. However, French authorities think they lack power to control commercial e-mails, online medicine, minors' protection, etc. A European statement in 1995 has forbiden to transmit personal data outside the EU if the host country does not provide protection garanties.

Electronic surveillance is regulated by a 1991 law which requires permission of an investigating judge before a wiretap is installed. The law created the Commission Nationale de Controle des Interceptions de Securite which sets rules and reviews wiretaps each year. However, the European court of Human rights has ruled against France a number of times for violations. Although the French government is encouraging the growth of the Internet, the eavesdropping and filing of intercepted transmissions is high. A report issued in 1992 by the CNCIS stated that the Direction Generale de la Securite Exterieure (French CIA equivalent) was practising wiretaps not directly linked to the objective of preventing penal crimes. However, the events of September 11, 2001 might change this perception.

France has also adopted the OECD guidelines on the protection of privacy and transborder flows of personal data.

Censorship

Article 10 of the European Convention on Human rights on freedom of expression is fully included in the French constitution. Limits to this freedom concern defamation, insults, incitement to racial hatred and paedophilia. legal action can be taken over these.

ISP responsibility is a big issue in France, since ISPs can be held responsible for Web content. The Bloche amendment was added to new television law in May 1999, puting a fundamental definition on ISP liablility. ISPs can be convicted over Web content, if they have actively been involved in the creation of the content. Despite this ambiguity, Yahoo was convicted in November 2000 for allowing links to websites selling Nazi memorabilia.

Sources