Privacy & Cybersecurity Law Blog

In November 2009, the French Secretary of State in charge of the digital economy, Nathalie Kosciusko-Morizet, launched a wide-ranging campaign designed to secure the “right to be forgotten” on the Internet (“droit à l’oubli”).  The main objectives of the initiative were to: (1) educate Internet users about their exposure to privacy risks on the Internet; (2) encourage professionals to adopt codes of good practice and to develop privacy-enhancing tools; and (3) foster data protection and the right to be forgotten at both the national and EU level.

The project was completed and resulted in the adoption of two codes of good practice:

1. Code of Good Practice on Targeted Advertising and the Protection of Internet Users (“Charte sur la publicité ciblée et la protection des internautes”) – On September 30, 2010, ten professional associations under the umbrella of the French Federation of Direct Marketing (“Union Française du Marketing Direct”) signed a code of good practice on targeted advertising and the protection of Internet users’ data.  The Code includes eight recommendations intended  to reinforce data protection and Internet users’ rights regarding targeted advertising.  In particular, the Code covers notice to users, enabling users to exercise their rights efficiently, and limiting the retention of cookies for the purposes of behavioral advertising.  The ten signatory associations represent marketing professionals, including advertisers, direct marketing companies, search engines, mobile phone operators, online merchants and electronic service editors.
2. Code of Good Practice on the Right to Be Forgotten on Social Networks and Search Engines (“Charte du Droit à l’oubli dans les sites collaboratifs et les moteurs de recherche”) – On October 13, 2010, representatives from social networks, content service providers and search engines operators, together with associations for the protection of minors, signed a code of good practice intended to safeguard Internet users’ rights to control their personal data when it is posted on the Internet.  The code commits industry professionals to respect the individual’s right to consent to data processing, to receive prior notice of processing and to object to the use of their data.  According to the Secretary of State, “these practical commitments could be the starting point for a future international agreement.”