Implementation of the new EU regulation in France

with Pas de commentaire

Article rédigé par Juliette FAUCONNIER, étudiante du M2 ECLA promotion 2016-2017: implementation-of-the-new-eu-regulation-in-france




The General Data Protection Regulation or GDPR (Regulation EU2016/679) is a Regulation by which the Commission intends to unify data protection for individuals within the European Union. It was negotiated for 4 years and was adopted by the European Parliament in Strasbourg on April 27, 2016 and was published in the official journal on May 4th, 2016 and will replace the old Directive from 1995 (Directive 95/46/EC).

Is this new EU-Regulation will change the French law?

The right to the protection of personal data is dedicated to Article 8 of the Charter of the Fundamental Rights of the European Union. Different from respect for private life, in spite of its close link with it, and not expressly enshrined by the European Convention on Human Rights, the protection of personal data appears as a key in a digital world. Going beyond the case-law of the Court of Strasbourg, the Court of justice has the opportunity to reconcile the protection of fundamental rights with economics freedoms on which digital activities are founded.

On June 16, 2016, the French Data protection Authority (CNIL, Commission Nationale de l’Informatique et des Libertés) launched a public consultation on the four priority topics identified by the Article 29 Working Party in its February 2016 action plan for the implementation of the GDPR.

One of these priorities is to issue guidance to help data controllers and data processors prepare for the GDPR. Four topics have been selected:

– The new right of data portability

– Data protection impact assessments

– Certification

– The data protection officer

In French law, the law on informatics, files and liberties of January 6th 1978 (loi relative à l´informatique, aux fichiers et aux libertés) has not often been modified. The law of 1978 has been reformed by the law of 6 August 2004 about the personal data protection, which is the transposition of the European Directive of 1995. This law has been criticized because it didn´t protect the individual enough against the internet giants like Google, Amazon, Facebook and Apple.

There is a common conception in the data protection enshrined in the 1978 law modified in 2004. The European Regulation adopted on April 27, 2016 will be directly applicable in French law on May 25, 2018.

The French government has anticipated the repercussion of this new regulation on the French law and has proposed a draft law called “Pour une République Numérique”. It was adopted by the French National Assembly on January 26, 2016 and was actually debated in the Senate.

This draft law will consider:

– Right to data portability

– Confidentiality in private correspondence

– The right to be forgotten

– The digital death: people can ask to have their data deleted after their death

– More power for the CNIL

This new legislation will be in accordance with the new European regulation adopted in 2016. The European Legislation will immediately replace the law of 2004 “Informatique et Libertés” modifying the 1978 law. Certain data transfers with risk for the rights and individual liberties will have to make a prior consultation in front of la CNIL. Furthermore, the penalties will be higher because the company can be forced to pay 10 millions or 20 millions euros.