Privacy & Cybersecurity Law Blog

On June 21, 2010, the French Data Protection Authority (the “CNIL”) published its Opinion on a new security bill, the Loi d'orientation et de programmation de la performance de la sécurité intérieure (referred to as “LOPPSI”), which was adopted by the French National Assembly on February 16, 2010, and recently amended by the Senate's Commission of Laws on June 2, 2010.

The bill is aimed at increasing the level of national security in France by introducing several key provisions, including:

• Criminalizing online identity theft and the unlawful use of any data that allows for the identification of an individual;
• Extending the right of law enforcement authorities to collect and process personal data during police investigations;
• Authorizing law enforcement authorities who have a warrant to access computer data in any location and without the individual’s prior consent, and to copy and store computerized data that would aid in a criminal investigation;
• Introducing body scanners in airports for a three-year trial period; and,
• Expanding the use of video surveillance (i.e., CCTV) in public areas (e.g., to protect public buildings, regulate traffic or prevent thefts, assaults, drug trafficking and acts of terrorism).

While the CNIL’s Opinion was taken into account with respect to several key recommendations (for example, the bill expands the CNIL’s authority to monitor the use of CCTV cameras in public areas), the CNIL is concerned about privacy protection in other areas.  For example, the CNIL believes that the right of law enforcement authorities to monitor publicly accessible computers should be limited to specific circumstances in order to avoid excessive monitoring of computer networks in public areas.

With respect to airport security, the CNIL is satisfied that body scanners may only be used with a traveler’s prior consent, and that none of the images may be stored by airport security.  However, the introduction of airport body scanners for public safety reasons should be weighed against privacy protection concerns.  To this end, the conditions under which body scanners are deployed (e.g., security protocols, personnel authorized to view the images, rights of the data subjects, etc.) should be clearly stated in an implementing decree.

For more information, view the bill (in French).