Data Retention by ISPs
France is in full compliance with the EU’s 2006 Data Retention Directive. All French ISPs must
track their customers’
personal web-browsing activities, including the monitoring of what websites were visited, when
they were visited and
to whom emails have been sent. This data must then be stored for at least one year after a
person leaves their ISP’s
service and must be made readily available to French law enforcement agencies.
has gone ‘beyond the call of
duty’ with regard to the EU’s Data Retention Directive with its own 2015 enactment of a
draconian surveillance law
(LOI n° 2015-912 of July 24th 2015).
The new surveillance law was a reaction by the French government to the Paris attacks of January
2015 (which occurred
against the offices of the satirical magazine, Charlie Hebdo). It’s claimed that the law was
principally created to
provide a single legal framework for all French intelligence services.
it did create, though, were further
incursions against online privacy in France and a further chilling of online usage in that
country. The law allows
intelligence agencies to monitor phone calls and emails without prior judicial authorisation; it
requires ISPs to
install “black boxes” that filter all internet traffic, so as to mine everyone’s metadata in
order to identify what
are referred to as “deviant behaviours” (based on unclear parameters, of course) and provides
access thereof to all
intelligence and law enforcement agencies. The law goes even further in allowing the state to
bug cars, homes and
keyboards for images, sound and data on (tellingly) every premise imaginable: terrorism,
against ‘extremism’, fighting organised crime, and even competitive intelligence that may be
necessary for France’s
major economic, industrial and scientific interests.
An April 2014 decision by the European Court of Justice (ECJ) declared the European Data
Retention Directive to be a
gross violation of privacy rights under European law and, therefore, was invalid.
The Court made particular
reference to the fundamental principle of privacy in its decision.
is surely in contravention of this ECJ
France had already previously issued a legal decree called the Law on Trust in the Digital
Economy that updated the
legal regime with regard to e-commerce. This decree required all “web hosting companies”, which
everything from social networks to music sites, to store and provide the government with
usernames, passwords, phone
numbers, financial transactions and IP addresses of anyone who creates online content in
Digital Copyright Laws
Copyright law is stringent in France and governed by Section I of the French Intellectual
Property Code. Furthermore,
there is no exception under French law to copyright protection for the use of a work for
educational purposes, i.e.
even the reproduction of a work to be shared with students in an educational setting must be
authorized by the owner
of the rights of the reproduced work. France
implemented a controversial
anti-copyright theft law in 2009, which
allowed copyright-holders to obtain personal data on users suspected of engaging in illegal
Astoundingly, if they are found guilty of file-sharing three times, users will be banned from
the internet by their
ISP. There have been literally millions of reports of unauthorised file-sharing filed by
copyright owners since
Freedom of Speech and Censorship
France generally has protections for freedom of speech and censorship. However, freedom of speech
has often been
curtailed thanks to extremely tough libel and (ironically) privacy laws. Online freedom in this
regard is also
curtailed due to tough anti-terror laws, increased online surveillance, as noted above, and,
once again, laws
relating to libel. Strict hate speech laws, especially those relating to race and religion, have
also had a chilling
effect on freedom from censorship and freedom of expression generally.
France does not appear to have any cause to let up on its strident assault on online privacy. A
spate of terror
attacks in 2016 and 2017 provides ample justification (read: cover) for those advocating greater
The government, including President Emmanuel Macron, have called for weaker encryption with the
excuse that modern
terrorism is often conceived over social media, and therefore greater powers to conduct online
needed by law enforcement authorities.
To say that France’s current assault on the online privacy of its citizens is Orwellian would
not be an exaggeration. French online users should be very concerned.
Interested in other countries? See our Comparison of Internet Privacy Laws