Digital Republic Bill Uses Crowdsourcing To Promote Data Protection, Net Neutrality And Openness In France

from the what-will-happen-to-your-personal-data-when-you-die? dept

There have been plenty of really bad ideas coming out of France in the digital arena recently, as Techdirt has been reporting. So it makes a pleasant change to be able to write about a new law that has quite a few good ideas. One reason for that might be that the French government used a form of crowdsourcing to help shape what is known as the "Digital Republic Bill":

The bill's text was drafted following a ground-breaking co-construction process in the form of a massive nationwide consultation initiated by the Prime Minister in October 2014. In all, there were more than 4,000 contributions from businesses, government departments and individuals which were received, summarised and examined by the Conseil national du numérique (French Digital Council) which presented its findings and proposals to the government on 18 June 2015.

The first part of the bill is about data and knowledge dissemination, and aims to support openness in various forms. For example, it requires government departments to make information about their activities more easily accessible, and extends the scope of open government rules to include not just central and local government, but also public and private legal entities that operate under a public service mandate. The aim is to provide more government documents online as a matter of course, so that citizens don't need to make formal requests for them -- a sensible approach others should emulate. In addition, the French government will be:

expanding the open data policy to include public and private entities, public service concession holders or entities whose activities are subsidised by the public authorities.

The bill hopes to boost open access to research by creating a new "secondary exploitation right" for academics, under which:

the author may make his/her creation publicly available after an embargo period of 12 months from the first publication of scientific works, as long as this is not for commercial purposes. The timeframe will be 24 months for human and social science works as publishers in this sector do not have such a comfortable financial situation.

That's rather disappointing, since it enshrines long embargo periods even for non-commercial use. While the open access provisions are timid, an attempt to prevent the digital commons from being enclosed is much bolder. The French government proposes to set up:

a common information domain extending to the intellectual public domain, which has not yet been clearly defined, and which is not restricted to intellectual property as it includes elements such as information and ideas that are not protected by intellectual property rights, but still require protection against other exclusive rights.

It's not really clear what that will mean in practice, but it's good the French government is working on this issue. Also welcome, but more conventional, are moves to enshrine net neutrality in French law, and to require data transferability so that customers can easily retrieve and transfer their data between competing online services. Another novelty concerns online reviews. The Digital Republic Bill:

obliges websites publishing online reviews to expressly state whether said reviews have been verified. It stipulates that if websites do verify reviews, they have to clearly specify the main procedures. This new obligation will allow consumers to decide for themselves how much trust they can place in the reviews available and, thus, in the website which publishes them.

A large portion of the new bill seeks to enhance the protection of personal data. It enshrines a general right of individuals to decide how their personal data is communicated and used, and strengthens the powers of France's data protection agency, the CNIL. As a post on the Data Protection Report explains:

the bill would increase the amount of monetary sanctions that the CNIL can impose for privacy violations, which reflects the relevant sanction provisions of the future GDPR [the EU's new data protection law]. The CNIL would thus be able to impose monetary sanctions on a data controller of up to 20 million euros or 4% of its worldwide turnover. The sanction would be limited to 10 million euros or 2% of the worldwide turnover for minor violations of the DPA.

In addition, the bill would authorize certain types of organizations to bring data protection class actions on behalf of consumers in the event of a data breach. This would apply to:

(a) associations protecting privacy and personal data; (b) consumer protection associations; (b) trade unions, when the processing affects employees; and (c) any association created for the sole purpose of filing the class action.

Finally -- in all senses -- one forward-thinking element of the new Digital Republic Bill is that it will give people the right to make arrangements for the storage and communication of their personal data after death:

People will be able to send instructions concerning the treatment of their personal data to the CNIL or to a data controller, and may appoint a person responsible for carrying out these instructions.

Moreover, ISPs will have to inform the user about what will happen to this data after his/her death and let him/her choose whether or not to transfer it to the third party of his/her choice.

As the population of Internet users ages, this is likely to become a major issue. It's good to see France tackling it head-on with the Digital Republic Bill -- one of the few countries to do so. The proposed law now passes to the French Senate, but is unlikely to undergo any major modifications there, not least because it has already been subject to unusually wide consultation thanks to the innovative approach used in drawing it up.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: data protection, digital republic bill, france, net neutrality, open access, open knowledge, privacy