On June 18th, the French National Digital Council (“Conseil National du Numérique” or “CNN”) released a Report entitled “Digital Ambition: a French and European policy for a digital transition” containing 70 proposals for the future of the digital economy in France and Europe. The Report follows a nation-wide consultation of the major stakeholders which has also sparked a debate on various issues relating to the digital economy, such as how to regulate digital platforms and how to boost the competitiveness of French start-up companies.
The Report was officially presented to the public in the presence of Manuel Valls, the French Prime Minister, Emmanuel Macron, Minister for the Economy, the Industry and the Digital Economy, and Axelle Lemaire, State Secretary for Digital Affairs. During the press conference, Manuel Valls announced that its Government has already prepared and will introduce a “Digital Bill” before the French National Assembly in the fall, aimed at regulating the use of the Internet, as well as stimulating innovation and fostering growth in the digital economy. The competent public authorities, such as the French Data Protection Authority (“CNIL”), will be consulted beforehand on the draft Bill.
The 70 proposals in the Report are structured around four main topics, namely: 1) Fairness and freedom in a shared digital environment; 2) Re-defining public action in the digital sphere: openness, innovation, participation; 3) Boosting the French economy: towards an economy of innovation; and 4) Solidarity, equality, emancipation: the stakes of a digital economy.
Below is a selection of some of the key proposals in the field of data protection that can be found in the Report:
- The right to self-determination of data
The Report recommends creating a fundamental right to self-determination of data, a concept directly inspired from German law, based on a decision of the German Constitutional Court of 1983, which recognized the individual’s right to decide on the communication and use of one’s personal data.
The CNN acknowledges the progress made in the upcoming General Data Protection Regulation (see my previous article on the topic) and calls for the adoption of a broad definition of “personal data”, consent of the individual for secondary uses of his/her data, and a reinforced control of the individual over his data (including over the disclosure of data).
- The right to the portability of data
The right to portability is viewed as an extension of the right to self-determination, enabling the individual to transfer and re-use his/her data across various services. This could be done, for example, by encouraging the development of PIMS (“Personal Information Management Systems”) that would allow individuals to store their data where they wish and to control how their data is disclosed to third parties.
- Criteria applicable to the de-listing of data
The Report suggests creating a legal framework (by way of either a European Regulation or a national law) for user requests to de-list their personal data based on a set of criteria that are defined by the national data protection authorities, not search engines. The Report specifically refers here to the guidelines set out by the Article 29 Working Party in its analysis of the Mario Costeja Gonzales case adopted in November 2014 (see our previous article) and considers that these guidelines should apply to search engines.
- Secondary uses of personal data
The Report considers that individuals are insufficiently informed about the disclosures of their personal by the initial data controller data to third parties (such as business partners). To increase transparency, the Report recommends imposing on the initial data controller an obligation to inform the data subjects clearly about the selling or disclosure of their data to third parties (including the names of such parties) and to allow the data subject to opt-out from the disclosure of their data to third parties, at any time, regardless of the opt-in or opt-out provided to the initial data controller.
- Data protection class actions
The Report supports the idea of creating a class action for violations of data protection legislation that would be brought before the first instance courts by consumer protection associations.
- Fairness of web platforms
The Report underlines an unfair balance between web platforms and their users, due to the lack of transparency regarding the use of Big Data, the difficulties for users to migrate from one platform to another, or the excessive cost of services on some platforms. To remediate this situation, the Report proposes to create a principle of fairness that would require web platforms to conduct their business in good faith and in a transparent manner, for example, with regard to the collection, processing and restitution of personal data. The principle of fairness would apply to web platforms in their relations with consumers and professionals.
- Information provided to users
- Algorithms used to process Big Data
The Report observes that profiling of individuals can be done by combining different sets of data, without actually verifying an individual’s identity, which can cause unfair or unlawful discriminations. For this reason, the Report proposes to increase transparency by requiring web platforms to provide prior information to users about the algorithms they use for profiling purposes.
The announced “Digital Bill” is expected to contain important new measures on the future governance of the Internet. In particular, Manuel Valls did stress the importance of the right to self-determination and to the portability of data. The challenge for the French Government will be to introduce such measures without contradicting the upcoming Data Protection Regulation that was recently adopted by the EU Council of Ministers. The CNIL is expected to issue an opinion on the draft Digital Bill in the coming weeks.
This article was first published in the IAPP‘s Privacy Tracker.