Counterfeiting: how to react: the intellectual property lawyer in Paris answers

Copyright, Trademarks, Patents, Designs and Models how to sue or defend yourself in case of suspected infringement? The intellectual property lawyer in Paris will inform and advise you.


Patents, copyrights, trademarks, designs and models are intellectual property rights; the list is not exhaustive.

They are registered with intellectual property offices, and it is their registration with these offices that establishes their existence, except in the case of copyright, which can be proven by any means.

Registration with the offices is not a guarantee of the validity of the title. Your title may therefore be declared invalid by a court if it does not meet the required conditions of validity.

Should civil or criminal proceedings be used to stop and punish counterfeiting?

The criminal route implies that the public prosecutor, in charge of defending public order and society in general, takes charge of the case: the prosecutor therefore no longer has control over his or her case in order to settle a dispute.

In addition, in the context of criminal proceedings, the prosecutor must prove the intention to infringe, which can be difficult to prove.

The civil route avoids these disadvantages.

On the other hand, when there is mass counterfeiting or when the counterfeiters are not immediately identifiable, the criminal route may be preferred, which makes it possible to implement means of investigation and action such as customs and judicial police.


Counterfeit : 

What can be asked?

If your work, productions or signs are copied, you can sue the copier for counterfeiting or unfair competition (parasitism).

It is of course advisable to call on a lawyer specialising in intellectual property law to analyse the situation and determine the conditions under which you can proceed. 

Not all copying is actionable, and the scope of what you can claim (bans, compensation) is variable.

You can also request preventive prohibition measures, seizures, measures to produce information on the extent of the infringement.

Some fifteen directives and two regulations of the European Union apply to copyright. These texts implement the international treaties that exist on the subject (WIPO, APDIC, Rome, Berne).

In France, Directive (EU) 2019/790 of the European Parliament and of the Council of 17 April 2019 on copyright and related rights in the digital single market and amending Directives 96/9/EC and 2001/29/EC, ("DANUM" Directive), has been transposed 


  • by Order No 2021-580 of 12 May 2021 as regards Articles 13 and 17: "providers of online content sharing services" may be liable for infringing content uploaded by their users;


  • by Law 2019-775 as regards Article 15, by creating a neighbouring right for the benefit of press agencies and publishers


The principles are the same for trademarks, patents and designs.


Counterfeiting: What are the defences?

A person suspected of infringement may defend himself by stating 

  • that he is the legitimate holder or user of the right (ownership dispute);
  • that the right being challenged is invalid, outdated or not applicable (e.g. outside the territory);
  • that it benefits from the application of an exception; 
  • (reduces the attack) that the infringement does not cause harm; 


Roquefeuil avocats, a law firm specialising in intellectual property law, can assist you in these matters.

See as well : Assignment of copyright

Remuneration for work and payment of royalties, the issues – the lawyer in intellectual property law answers

Patent: is software patentable?


Apart from intellectual property infringement, what can be sued, how to defend the intangible assets of the company? : 


Intellectual property can only sanction certain acts, and cannot prevent free competition.

A company may seek to protect its assets in areas other than intellectual property: 

  • action for unfair competition and parasitism ;
  • violation of trade secrets, business secrets ; 
  • breach of contract ...


2023: DSA - DMA - The new regulation of the Internet: remarks on the (adopted) projects of the European Union


Updated: February 14, 2023

(Update July 1, 2022:

The European Parliament officially adopted, on July 5, the draft regulation on digital services known as Digital Services Act (DSA).

The text should be formally adopted by the Council in September, before being published in the Official Journal of the EU. It will be applicable in all member countries no later than January 1, 2024.

(UPDATE January 11, 2023: the text was adopted and published in the OJEU: REGULATION (EU) 2022/2065 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of October 19, 2022 on a single market for digital services and amending Directive 2000/31/EC (Digital Services Regulation)

(Updated February 17, 2022:

As part of the European digital agenda, entitled “Shaping Europe's digital future”, it has been announced that the European Commission will modernize the rules governing digital services in the EU. The European Commission has proposed two legislative initiatives: the Digital Services Regulation (DSA) and the Digital Markets Regulation (DMA). -act-package

The overall aim is to discipline GAFAM (Google, Amazon, Facebook, Apple, Microsoft) and other major internet players, to prevent abuse, and to ensure fair information and trade.

A major provision, quite recent in Union law: these regulations will apply to foreign companies operating in the Union, and the latter will have to designate a representative in the Union, able to submit the said company to administrative or judicial proceedings in the Member States, without the constraint of having to initiate proceedings outside the said States, or to be subject to rules other than those of Union law.


The DSA and the DMA pursue distinct objectives:




Its objective is to contribute to a safer digital space in which the fundamental rights of users of digital services are protected, beyond the "consumption" regulations of goods and services, to encompass aspects related to the dissemination of information or digital content in general.

This regulation will complement and amend the current directive (directive on electronic commerce 2000/31 – this is to facilitate the removal of illegal content while preserving freedom of expression.

The host provider's limited liability regime continues, however much more involvement and transparency is expected from it in the process of removing or putting content back online (articles 14 and 15 in particular).

(UPDATE 11 January 2023) the text was adopted and published in the OJEU: REGULATION (EU) 2022/2065 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 19 October 2022 on a single market for digital services and amending Directive 2000/31/EC (Digital Services Regulation):

The text distinguishes, among "hosts", online platforms and very large online platforms, but also search engines and very large search engines, with a broader responsibility when the platform puts itself forward (article 6 paragraph 3):

3. Paragraph 1 shall not apply with regard to liability under consumer protection law applicable to online platforms enabling consumers to conclude distance contracts with traders, where such a platform online presents the specific information or otherwise enables the specific transaction in question in such a way that an average consumer may be led to believe that the information, product or service that is the subject of the transaction is being provided either directly by the online platform, or by a recipient of the service acting under its authority or control.

On judicial and administrative injunctions, it is worth noting Articles 9 to 14 whose valuable provisions govern the processing by the platforms, with the obligation for the platforms to designate an electronic contact point (for the authorities and for the recipients of the services ), a representative in the State concerned, and in Articles 16 and following, increased obligations of responsiveness of the major platforms in terms of reporting content and transparency.

On the project to transpose the “online hate” component in France, see the update of the article:

The Avia bill against hate on the Internet, in a few points

Negative and disparaging reviews

The difficult lifting of anonymity on the internet

The personal data of the company director

Influencers and brand contracts: precautions to take

Update Feb. 1, 2023:

The DSA entered into force on November 16, 2022; but many obligations will only be applicable on February 17, 2023.

Are you concerned?

This text concerns all Internet players (with derogations for very small ones).

What are your obligations?

Your responsibility is engaged as soon as your role goes beyond a simple role of technical intermediary, and the conditions of your neutrality are not met.

You have the obligation to

– designate a point of contact and a legal representative in France;

– update your terms and conditions; describe content moderation procedures;


Host :

– set up a system for reporting illegal content;

– obligation to report threats to the life and safety of persons to the authorities;

– set up an internal appeal system against the hosting provider's decisions;

– set up a system for correcting the abuse of denunciation of illegal content;

– transparency report, in particular on the number of disputes handled out of court;


Platform provider:

– increased information for the Internet user before making a decision;

– transparency as to the existence and origin of the advertising presented;

– reinforced protection of minors; prohibition of profiling of minors;

– traceability and evaluation of information provided by professionals;

Platform providers presenting a contracting process between the professional and the consumer:

– put in place the means enabling professionals to fulfill their pre-contractual information obligations;

– obligation to report an illegal product or service;

– carry out an impact analysis of the risks involved;

– provide a crisis response mechanism;

– offer at least one recommendation option that does not reproach profiling;


Very large platforms and engines:

– keep a register of advertisements with increased information;

– appoint a compliance officer to liaise with the authorities;

– transparency: on moderation, the number of users;

– obligation of independent audit;

– payment of a monitoring fee;


Analyzes and processes must therefore be put in place; the Firm supports you on these subjects.




Its objective is to establish a level playing field to promote innovation, growth and competitiveness, both in the single European market and in the world. This regulation will complement the platform to business regulation 2019/1150 ( Il s’agit de limiter l’effet anti-concurrentiel des gatekeepers.


Uncertainty about the MAD: it is applicable without prejudice to the application of existing European and national rules, and thus risks being reduced to a trickle.

Update of 2/11/2022

Entry into force of the Digital Markets Act (DMA)

of 14 September 2022 on contestable and fair markets in the digital sector and amending Directives (EU) 2019/1937 and (EU) 2020/1828 (regulation on digital markets), after a few final modifications since the first proposal.

  • the quantitative thresholds bringing a company into the scope of the DMA have been set at:
    • 7.5 billion euros in annual turnover in the European Union
    • 75 billion euros at market capitalization level
  • the maximum fine of 20% of worldwide turnover that may be imposed by the European Commission in the event of non-compliance with the rules by an access controller, will only apply in the event of a repeat offence.
  • a maximum fine of 10% of worldwide turnover will apply in the event of a first offence.

The DMA will be applied from May 2, 2023.

On this date, access controllers will have two months to notify their essential platform services to the European Commission. The latter will decide within 45 working days on the qualification or not of these actors as access controllers. The new obligations for gatekeepers so appointed will start to apply from March 2024.

The Class Actions Directive (DIRECTIVE (EU) 2020/1828 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 25 November 2020 on representative actions aimed at protecting the collective interests of consumers and
repealing Directive 2009/22/EC)
– which Member States must transpose by the end of 2022, will apply in the event of breaches of DMA rules by access controllers, allowing consumer associations to take legal action against access controllers.

Call on the Roquefeuil law firm in Paris to support you in your disputes or your digital projects.

See also, for an example of a problem of competition and access to the market via Google Ads advertising: The web entrepreneur ousted by Google Ads

Reform of consumer law:

Changes to guidelines:

Transposition order:


The right of withdrawal

Remarks on the interpretation of the contract

Are the terms and conditions still useful?

Can we have our foreign supplier judged in France?

Unfair terms




See as well :

Defamation, false testimony, slanderous denunciation…what are the differences?



See: decree 2022-32 of January 14, 2022 (obligations of platforms against hateful content)

D. No. 2022-32, Jan. 14, 2022 taken for the application of Article 42 of Law No. 2021-1109 of August 24, 2021 confirming compliance with the principles of the Republic and relating to the setting of a threshold of connections from which online platform operators contribute to the fight against the public dissemination of illegal content

Immunity of American platforms?

Civil and criminal reforms 2022


Internet law – Legal framework


The right to personal data

Directive n° 2016/680 of April 27, 2016, known as the “Police-Justice” directive

Regulation 2016/679 (GDPR general regulation on the protection of personal data) repealing directive 95/46/


Metadata, cookies, telecoms and privacy:

Directive 2002/58/EC of 12 July 2002 known as “privacy and electronic communications” (e-Privacy directive on metadata), amended in 2009 (directive 2009/136/EC). Electronic communications:
Directive 2002/21 (common regulatory framework for electronic communication networks and services) repealed by Directive 2018/1972 (European electronic communications code).


Regulation 2015/2120Platforms and consumer law, loyalty

Regulation 2019/1150 (transparency) (concerns sellers using platforms)

Directive (electronic commerce) 2000/31

Directive 2015/1535 (notification of technical regulations)



Directive 2019/790 (copyright in the digital single market)


Open data:

Directive 2019/1024 replacing Directive 2003/98


media, audiovisual

guideline 2010/13/EU of the European Parliament and of the Council of 10 March 2010 on the coordination of certain laws, regulations and administrative provisions of the Member States relating to the provision of audiovisual media services (Audiovisual Media Services Directive) (OJ L 95 of 15.4. 2010, pp. 1-24)
Successive amendments to Directive 2010/13/EC have been incorporated into the original document. This consolidated version has only documentary value.

Directive (EU) 2017/541 of the European Parliament and of the Council of 15 March 2017 on the fight against terrorism and replacing Council Framework Decision 2002/475/JHA and amending Council Decision 2005/671/JHA (OJ L 88 of 31.3.2017, pp. 6-21)
Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions entitled "Strategy for a Digital Single Market in Europe" (COM(2015) 192 final of 6.5.2015)
Charter of Fundamental Rights of the European Union (OJ C 326, 26.10.2012, pp. 391-407)
Directive 2002/21/EC of the European Parliament and of the Council of 7 March 2002 on a common regulatory framework for electronic communications networks and services (Framework Directive) (OJ L 108, 24.4.2002, pp. 33-50 )

Consultation on platform law (Digital Services Act):

EU legal framework

National transposition

Digital Service Act – Digital Market Act

Remove a negative review

Internet and legal protection of personal data: the Franco-European approach, the analysis of the GDPR lawyer in Paris


Internet and legal protection of personal data: the Franco-European approach

Personal data (also known as "nominative data"), which make it possible to identify such and such a person, such as the name or the social security number, can be misused by third parties, but can we really control this phenomenon on the Web ? Including if someone has chosen, at one time or another, to make his personal data public?


If certain rights, such as intellectual property rights, make it possible to protect one's creations against unauthorized use, can we in the same way prohibit third parties from using the personal data of others, as if they were a creation, an expression of the person, rather than a simple identifier, police instrument, advertising target or media object?


French and European laws, reflecting each other, can provide elements of response and action.


“Action” since damage suffered in France can trigger the jurisdiction of French civil courts (code of civil procedure, article 46) or criminal courts (penal code, article L113-2), in particular when an offense has a link with France .




The personal data protection regime establishes a principle of requiring the prior consent of the person before any use of their personal data.


French law (Data Protection Act No. 78-17 of January 6, 1978, Article 7, amended by Law No. 2004-801 of August 6, 2004) and the European Directive (Directive No. 95/46 of October 24, 1995 , article 7) make the processing of personal data subject to the prior consent of the persons concerned. By processing data, we usually mean the integration of this data into a collective filing process, more or less automated, which differs from the simple use of data, required by the very function of this data, we will come back to this. .


These provisions make it possible to obtain damages, injunctions and penalties. Thus the fact of collecting personal data by unfair means is punishable by criminal law up to five years' imprisonment and a fine of 300,000 euros (criminal code, articles 226-18, 226-18-1, 226- 19, 226-28).


Article 7 of Law No. 78-17 of January 6, 1978 “Informatique et Libertés” provides in particular that:

A processing of personal data must have received the consent of the person concerned or meet one of the following conditions:

1° Compliance with a legal obligation incumbent on the controller;

2° Safeguarding the life of the person concerned;

3° The performance of a public service mission entrusted to the data controller or the recipient of the processing;

4° The execution, either of a contract to which the data subject is a party, or of pre-contractual measures taken at the latter's request;

5° The fulfillment of the legitimate interest pursued by the controller or by the recipient, subject to not disregarding the interest or the fundamental rights and freedoms of the data subject.




These provisions apply when the means of data processing are located in France (“Informatique et Libertés” law, article 5).


The law does not distinguish whether personal data is publicly available or not. As such, would the personal data collected by a third party when the consent of the person concerned be required be unlawful?


The fact of having published one's own personal data once on such or such website, implicitly or explicitly allowing their public access and their indexing by search engines does not imply, from the subjective point of view in any case, a consent general to see their personal data circulating anywhere and anyhow, in particular for advertising purposes by such and such a media, nor to see them indexed anyhow.


It is however necessary to consider the permission in principle granted to web actors to index public content, this permission being considered as constitutive of the Internet. However, this permission is not unlimited and may be confronted with, for example, the provisions applicable in terms of illicit profit, violation of the peace of the person, infringement of copyright, or with the provisions applicable to public directories, we will come back to this.


In addition to the provisions specific to data processing, other regimes have the effect of sanctioning the unauthorized use of personal data.


Rights to own name and image against invasion of privacy


The unauthorized use of a person's name or image may infer an invasion of privacy and be punished as such, pursuant to Articles 9 and 1382 of the Civil Code and 226-1 of the Criminal Code (up to to one year's imprisonment and a fine of 45,000 euros).


The use in a private setting of another person's personal data does not require the consent of that other person. This is the typical case of keeping a personal address book, referred to in Article 2 of the “Informatique et Libertés” law. Unauthorized disclosure of this data initially held privately may attract civil or criminal penalties for invasion of privacy, depending on the sensitivity of the information disclosed and the extent of its dissemination, the desire to harm stakes.


And also :


– Identity theft, confusion (articles 434-23 and 226-4-1 of the criminal code);

– Scam (scam) (article 313-1 of the penal code);

– Audio and video editing (article 226-8 of the penal code);

– Illegitimate profit (article 1382 of the civil code);

– Defamation (law of 29 July 1881 on the press);

– Abuse of the use of a name as a domain name (article R.20-44-46 of the postal code);

– Breaches of professional secrecy (criminal code, art. 226-13);

– Breach of the secrecy of journalistic sources (law of July 29, 1881 on the press);

– Infringement of copyright (intellectual property code);

– Breach of a contractual obligation of confidentiality;

– Violation of the secrecy of correspondence (penal code).




Does this mean that any use of personal data without the prior consent of the person concerned is prohibited? No, broad exceptions exist in the name of the protection of such broad legitimate interests, mainly: public order, transparency, freedom of expression.


Where is the principle, where is the exception? Nothing seems settled yet if we consider on the one hand that in the computer age the use of personal data necessarily implies a form of "processing" of this data and therefore the generalized application of the rule of prior consent, and on the other hand that freedom of expression, fundamental freedom, as well as other necessities, requires a fluidity incompatible with this rule.




Certain imperatives make it possible to set aside the rule of prior consent


Public order and specific objectives


The keeping of registers is either prohibited or at least subject to constraints, in particular those provided for by the regulations on the protection of personal data (in particular the aforementioned “Informatique et Libertés” law), and sanctioned by heavy criminal penalties.


Nevertheless, the “prior consent” rule can be set aside when the collection of personal data is required for the performance of legal or contractual obligations: the operation of public services, the protection of national security, the fight against crime, the preservation of public health, the security of the Internet, the promotion of scientific work, or even more simply the technical operation of such and such a contractual service.


In these cases the personal data is supposed to be kept confidential and is used only by the authorities or operator services concerned, on a restrictive basis and through specific procedures and regimes. If the data collected under these conditions is improperly disclosed, the rules sanctioning confidentiality may apply and give rise to civil, criminal or disciplinary actions (for example, violation of the secrecy of correspondence punishable by article 226-15 of the criminal code until to 1 year in prison and a fine of 45,000 euros, and 432-9 of the penal code, up to 3 years in prison and a fine of 45,000 euros).




Transparency and public directories: a mixed approach


According to the CNIL (Commission Nationale Informatique et Libertés):

Considering that the publication of lists of subscribers or users of telecommunications networks or services is free, subject to the protection of the rights of the persons concerned; that the processing implemented for the purpose of establishing these lists constitutes automated processing of personal information within the meaning of the law of January 6, 1978; that consequently, the protective provisions of individual freedom and privacy provided for by this law are applicable to the lists of subscribers which, whatever the medium on which they are published (paper medium, or electronic medium), are commonly called directories; (deliberation n°97 – 060 of July 8, 1997).


Articles L34 and L34-5 of the Post and Electronic Communications Code specify that:

“The publication of lists of subscribers or users of electronic communications networks or services is free, subject to the protection of individual rights.

Among the rights guaranteed are those for any person to be mentioned on the lists of subscribers or users published in directories or consultable via an information service or not to be, to oppose the registration of certain data concerning him to the extent compatible with the requirements of the constitution of the directories and the information services for which these lists are intended, to be informed in advance of the purposes for which are established, from these lists, directories and information services and possibilities of use based on search functions integrated into their electronic version, to prohibit the personal information concerning it from being used in commercial transactions, as well as to be able to obtain communication of the said personal information and demand that they be rectified, completed, clarified, updated or deleted, under the conditions provided for in ux articles 39 and 40 of law n ° 78-17 of January 6, 1978 relating to data processing, files and freedoms. (art.L34 al.2).


This regime triggers the sanctions provided for by the “Informatique et Libertés” law, ie up to five years' imprisonment and a fine of 300,000 euros, and more in the case of the legal persons involved.


“The prior consent of subscribers to a mobile telephone operator is required for any registration in the lists of subscribers or users drawn up by their mobile operator, intended to be published in directories or consultable via a service information, personal data concerning them.” (art.L34 al.3)


In short, some mentions are published by default, others not, but in all cases the subscriber must be able to intervene, free of charge, to modify the default options (see also decree n°2006-606 of May 27, 2005 , modifying the postal code, articles R10, R10-12).

(Right to be forgotten, right to erasure) – In the judgment Proximus, rendered on October 27, 2022, the Court of Justice of the European Union interprets the provisions of Directive 2002/58 applicable to telephone directories and those of the GDPR.

The transmission of a subscriber's contact details by a telephone operator to a directory must be subject to consent resulting in a opt-in and not a opt out and must be able to be withdrawn as easily as it was given. In addition, when the subscriber exercises his right to be forgotten, he can contact any data controller who will be responsible for communicating the request to other data controllers as well as to online search engines.


Hyperlinks and Constituent Hyperlinking Permission of the Internet


Harmful content available in France may be condemned by French civil or criminal courts. Failure to remove links pointing to such content may be a source of damages, see for example an extract from the LICRA v/ Yahoo saga on


Is a website or a search engine authorized to display personal data in its hyperlinks or to use personal data as a search keyword for advertising purposes? No if the personal data is kept secret by the person it concerns or if it is associated with illegal content, not consented to by this person.


There is indeed a general principle of non-responsibility for the fact of hyperlinking, which is considered to be a constituent activity of the Internet. However, when illegal content, for example personal data kept secret, is reported to the installer of the link, the latter becomes responsible if he fails to remove the link and the associated comments. His responsibility is more or less great according to his role and his degree of implication in the illicit act. We will see below that the law organizes notification procedures, in addition to those put in place by the various actors.


On the other hand, the question is more delicate with regard to personal data left in public access at one time or another by the person concerned. These data can be collected by various and varied sites for advertising purposes, to attract clicks, network and content, to sell advertising space.


French case law may seem reluctant to penalize those who use third party names as keywords for advertising referencing, if we stick, for example, to the case law applicable to brand names used as keywords. referencing keys by non-holders of the mark, which does not sanction these “non-holders”.


The fact of using personal data, in particular for advertising purposes without the prior consent of the person but after having left the said data in public access on other sites may be subject to the provisions applicable to public directories, views above, as well as the rules sanctioning illicit profit, infringement of copyright and the peace of persons.


On the other hand, the provisions of the “Informatique et Libertés” law and the rule of prior consent apply again after a reasonable period of time after the person has had the initial public access to their personal data withdrawn.


Could the public data which would not be withdrawn, which would remain accessible by the usual search engines, be reused by third-party sites, in particular those acting as directories?


These directory sites most often display this personal data with advertising content, or with content from people with the same name, thus maintaining a mixture of genres, confusion about the authorship of the content or the identity of the people targeted by this content. Several types of provisions can then be requested to sanction these abuses:


– The law applicable to directories, seen above, not necessarily favorable to the Internet user, it is therefore necessary to check the qualification of “public directory” to set aside this regulation;


– Copyright, sanctioned civilly and criminally, which sanctions the moral right of the author to consent to the disclosure of its contents, and the conditions of this disclosure; the right of short quotation does not authorize a mixing of genres, nor the display of data with unsolicited advertising content;


– The civil sanction of the illicit profit made by a site editor who would attract traffic by displaying or using as a keyword the personal data of a third party without his consent;


– Penal provisions sanctioning the violation of the peace of persons; in this respect, we recall article L226-4-1 of the penal code according to which:

“The act of usurping the identity of a third party or of making use of one or more data of any kind enabling him to be identified with a view to disturbing his peace or that of others, or undermining his honor or on his consideration, is punished by one year's imprisonment and a fine of €15,000.

This offense is punishable by the same penalties when committed on an online public communication network.




Freedom of expression


This fundamental freedom is enshrined in particular in the European Convention on Human Rights (ECHR), in Article 10. Writing about others as part of the exercise of freedom of expression or of artistic creation is permitted in principle. This freedom is supplemented by a series of exceptions to copyright (for example, Article L122-5 of the Intellectual Property Code provides for the possibility of mentioning the existence of a creation on condition of mentioning its author) or the right to personal data (derogations provided for in literary, artistic and journalistic matters by article 67 of the law “IT and freedoms”).


This freedom is however limited by the traditional provisions of the right of the press envisaged by the law of July 29, 1881, in particular the penal provisions as regards insult and defamation.


If the publication of personal data is made without the consent of the interested party, it must be for the purposes of information, creation, training, scientific, political or union discussion, in compliance with the rules applicable to the freedom of the press which require compliance with strict ethics. This deontology can found civil, penal, disciplinary sanctions, a posteriori, or even preventive measures.


These rules are intended to prohibit any behavior that could damage the reputation or dignity of a person, interfere with his life or his private correspondence (think of the "sensational" that sells such a newspaper), incite to violence and discrimination.


Commercial operations remain subject to the rule of prior consent, this is for example the case of social networks which are remunerated by the sale of drained content.


In the context of the right to the press, and for the promotion of freedom of expression, the fact of omitting to request prior consent is not sanctioned but the attempt to obtain this consent will be taken into consideration within the framework civil or criminal actions against, for example, acts of defamation.


It is most often only once the incriminated act has been committed that the invasion of privacy or reputation can be sanctioned within the framework of a civil or criminal action.


By way of illustration, the Mosley case (ECHR, Mosley c/UK, 10 May 2011, n°48009/08 (commented indicates that the reproach made to the State for not providing for sanctions for non-compliance with the rule of prior consent is unsuccessful. This case concerned the dissemination of articles and videos revealing a citizen's sex life, which was sanctioned on other grounds.


Specific provisions apply in the context of the protection of the presumption of innocence, and the dignity of the person (article 35 ter, 35 quater of the law of July 29, 1881):




  1. – When it is carried out without the consent of the person concerned, the dissemination, by any means whatsoever and whatever the medium, of the image of an identified or identifiable person implicated in the occasion of criminal proceedings but not having been the subject of a judgment of condemnation and showing, either that this person wears handcuffs or shackles, or that he is placed in pre-trial detention, is punished by 15,000 euro fine.
  2. – Is punished with the same penalty the fact:

– either to carry out, publish or comment on an opinion poll, or any other consultation, relating to the guilt of a person implicated during criminal proceedings or on the sentence likely to be pronounced against him ;

– or to publish information allowing access to the surveys or consultations referred to in the preceding paragraph.




The dissemination, by any means whatsoever and whatever the medium, of the reproduction of the circumstances of a crime or misdemeanor, when this reproduction seriously undermines the dignity of a victim and is carried out without the agreement of the latter, is punished by a fine of 15,000 euros.






The procedures provided for by the law of confidence in the digital economy (LCEN)


Some procedures are specific to Internet users and are provided for by the LCEN. The fact that data is disclosed on the Internet leads to the application of specific regulations providing for procedures allowing victims to obtain a rapid removal of the incriminated content by those who have control over it. Victims can notify the irregularities, in sequential order, to the author, the host, the access provider, with the aim of triggering their various responsibilities (for example, technical intermediaries such as hosts do not have obligation of general monitoring of the content they host but must intervene when they are notified), and request the correction or withdrawal of the content, in specific forms. These intermediaries have the obligation to alert the authorities to the most sensitive content (for example: apology for crimes against humanity).


Persons notified must react quickly. A refusal can be challenged in court but it should be specified that the burden of proof rests on the victim. It is she who must demonstrate the improper nature of the content, proof which may prove difficult if this improper nature is not self-evident. The notified person does not have to provide legal advice to the alleged victim, and can prosecute this “victim” for abuse of notification, punishable by article 226-10 of the penal code for up to five years. imprisonment and a fine of 45,000 euros.


The “internet referral” is an accelerated procedure allowing victims to obtain preventive or curative measures before the civil courts (article 6.I.8 LCEN) (be careful, check the successive reforms of the LCEN)




press law


Penal provisions apply (in particular the right of reply provided for by article 13 of the law of July 29, 1881), including to non-professionals of the press, even if they do not benefit from the privilege of secrecy of sources or other statutory privileges enjoyed only by press professionals.


Article 6 V of the LCEN extends to online communication services the provisions of press law, in particular those which establish a presumption of liability of the publication director. This regime is detailed in Article 93-3 of Law No. 82-652 of July 29, 1982 on audiovisual communication, recently amended by HADOPI Law No. 2009-669 of June 12, 2009, Article 27.II, and describes a regime adapted from the classic regime of article 42 of the law of 1881.


Freedom of the press is tempered by a right of reply by any person quoted, and this right is also exercised within the framework of online communication services, as provided for in article 6 IV of the LCEN and decree no. 2007-1527.


Usual prescription in terms of press offences: 3 months from publication (be careful to check the successive reforms in terms of prescription, as well as special prescriptions)


CNIL procedures


The Commission Nationale Informatique et Libertés (“CNIL”) is the institution that intervenes to supervise the implementation of regulations on the protection of personal data. It has its counterpart in each of the Member States of the European Union. The CNIL can issue warnings, regulations, injunctions, financial penalties, and can initiate actions with the competent courts to obtain emergency measures. It can decide to publish the sanctions. It can issue recommendations that will serve as a standard or criterion for interpreting legislation on the protection of personal data and on the concept of privacy, for example with regard to the use of personal data in public archives. and court decisions.


A CNIL procedure can be triggered by any citizen by means of a simple letter.




Criminal courts


The Penal Code brings together in a chapter dedicated to personality attacks the provisions sanctioning violations of privacy, the tranquility of individuals, secrecy, the protection of personal data and respect for the right of reply. Copyright is also criminally sanctioned in the intellectual property code.


Usual prescription in terms of attacks on the personality: 3 years / 1 year (be careful to check the successive reforms in terms of prescription, as well as special prescriptions)




Civil courts:


The civil code makes it possible to obtain damages in compensation for a prejudice if it can be demonstrated a link between this prejudice and an inappropriate use of personal data. This will be particularly the case in matters of copyright, invasion of privacy, illicit profit.


It may also be possible to obtain preventive measures through emergency procedures (referral or request) explicitly provided for in the context of an activity on the Internet by article 6.I.8 of the LCEN.


However, civil law cannot have the effect of adding restrictions to freedom of expression other than those already provided for by the law on the press, called "press offences", such as insult and defamation, and subject to to specific procedural regimes.


Usual civil prescription: 3 years, 5 years (be careful to check the successive reforms in terms of prescription, as well as special prescriptions)


gdpr: emergency procedures against the controller under EU regulations and French law of procedure