Digital Republic Bill Uses Crowdsourcing To Promote Data Protection, Net Neutrality And Openness In France

from the what-will-happen-to-your-personal-data-when-you-die? dept

There have been plenty of really bad ideas coming out of France in the digital arena recently, as Techdirt has been reporting. So it makes a pleasant change to be able to write about a new law that has quite a few good ideas. One reason for that might be that the French government used a form of crowdsourcing to help shape what is known as the "Digital Republic Bill":

The bill's text was drafted following a ground-breaking co-construction process in the form of a massive nationwide consultation initiated by the Prime Minister in October 2014. In all, there were more than 4,000 contributions from businesses, government departments and individuals which were received, summarised and examined by the Conseil national du numérique (French Digital Council) which presented its findings and proposals to the government on 18 June 2015.
The first part of the bill is about data and knowledge dissemination, and aims to support openness in various forms. For example, it requires government departments to make information about their activities more easily accessible, and extends the scope of open government rules to include not just central and local government, but also public and private legal entities that operate under a public service mandate. The aim is to provide more government documents online as a matter of course, so that citizens don't need to make formal requests for them -- a sensible approach others should emulate. In addition, the French government will be:
expanding the open data policy to include public and private entities, public service concession holders or entities whose activities are subsidised by the public authorities.
The bill hopes to boost open access to research by creating a new "secondary exploitation right" for academics, under which:
the author may make his/her creation publicly available after an embargo period of 12 months from the first publication of scientific works, as long as this is not for commercial purposes. The timeframe will be 24 months for human and social science works as publishers in this sector do not have such a comfortable financial situation.
That's rather disappointing, since it enshrines long embargo periods even for non-commercial use. While the open access provisions are timid, an attempt to prevent the digital commons from being enclosed is much bolder. The French government proposes to set up:
a common information domain extending to the intellectual public domain, which has not yet been clearly defined, and which is not restricted to intellectual property as it includes elements such as information and ideas that are not protected by intellectual property rights, but still require protection against other exclusive rights.
It's not really clear what that will mean in practice, but it's good the French government is working on this issue. Also welcome, but more conventional, are moves to enshrine net neutrality in French law, and to require data transferability so that customers can easily retrieve and transfer their data between competing online services. Another novelty concerns online reviews. The Digital Republic Bill:
obliges websites publishing online reviews to expressly state whether said reviews have been verified. It stipulates that if websites do verify reviews, they have to clearly specify the main procedures. This new obligation will allow consumers to decide for themselves how much trust they can place in the reviews available and, thus, in the website which publishes them.
A large portion of the new bill seeks to enhance the protection of personal data. It enshrines a general right of individuals to decide how their personal data is communicated and used, and strengthens the powers of France's data protection agency, the CNIL. As a post on the Data Protection Report explains:
the bill would increase the amount of monetary sanctions that the CNIL can impose for privacy violations, which reflects the relevant sanction provisions of the future GDPR [the EU's new data protection law]. The CNIL would thus be able to impose monetary sanctions on a data controller of up to 20 million euros or 4% of its worldwide turnover. The sanction would be limited to 10 million euros or 2% of the worldwide turnover for minor violations of the DPA.
In addition, the bill would authorize certain types of organizations to bring data protection class actions on behalf of consumers in the event of a data breach. This would apply to:
(a) associations protecting privacy and personal data; (b) consumer protection associations; (b) trade unions, when the processing affects employees; and (c) any association created for the sole purpose of filing the class action.
Finally -- in all senses -- one forward-thinking element of the new Digital Republic Bill is that it will give people the right to make arrangements for the storage and communication of their personal data after death:
People will be able to send instructions concerning the treatment of their personal data to the CNIL or to a data controller, and may appoint a person responsible for carrying out these instructions.

Moreover, ISPs will have to inform the user about what will happen to this data after his/her death and let him/her choose whether or not to transfer it to the third party of his/her choice.
As the population of Internet users ages, this is likely to become a major issue. It's good to see France tackling it head-on with the Digital Republic Bill -- one of the few countries to do so. The proposed law now passes to the French Senate, but is unlikely to undergo any major modifications there, not least because it has already been subject to unusually wide consultation thanks to the innovative approach used in drawing it up.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: data protection, digital republic bill, france, net neutrality, open access, open knowledge, privacy


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Any name since your tracking everything I do, 13 Oct 2016 @ 11:57pm

    Nonesense

    "...The timeframe will be 24 months for human and social science works as publishers in this sector do not have such a comfortable financial situation."

    yes because google is broke and big data are the only ones that will take advantage of this.

    4000 contributes? I could probably have a gofundme to get me drunk in cape town with more participants, france like everywhere else is going straight to fascism

    link to this | view in chronology ]

  • identicon
    as above, I don't like tracking even if I understa, 14 Oct 2016 @ 5:27am

    according to the French Governmental website https://www.republique-numerique.fr/, 21 330 contributed to the Bill. It is unclear if the parliamentary representatives were included in this number, but even if they were, this leaves a huge number of contributions.

    by the way the sanctions powers to the CNIL (the 4% fine) stem from the EU Regulation on data protection to be in force at the latest on 25 May 2018. So every single EU country will have implemented the same types of sanctions by 2018.
    US companies should think seriously about their privacy policies and practices as EU law has a tendency to apply to anybody who does business in the EU with or without a Privacy Shield agreement in place. and the 4% fine was created to bite ... on Google and the like...

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.