Updated Sep 23, 2022
Meanwhile, Directive 2002/58 continues to inspire case law, including the lifting of anonymity on the Internet for the purpose of tracing the authors of unlawful statements published on the InternetHowever, the directive concerns communications between individuals (private correspondence) and not the writing of public statements online (CJEU, gde. ch., Oct. 6, 2020, aff. C-511/18, C-512/18 and C-520/18)
***
January 10, 2017, aims to respond to the concerns of European citizens on the protection of their data
personal information stored on their smartphones, tablets, laptops,
etc., by strengthening the rules applicable to communications
electronic and commercial canvassing.
legislative process devoted to the proposed regulation. The Commission
calls on the European Parliament and the Council to press ahead with the
work on their proposals and to ensure their adoption by 25 May 2018
at the latest (date from which, moreover, the general EU regulation
n°2016/679 of April 27, 2016 on data protection will come into force
application).
of July 12, 2002 (revised on November 25, 2009 by Directive 2009/136/EC).
a new youth through this regulation, which will make them directly
applicable, this time to all Member States and without a transposition deadline,
thus making it possible to fight against inequalities and differences
assessment in matters of personal data protection. Furthermore,
this regulation will supplement the Regulation General EU n°2016/679 of April 27, 2016 on data protection which will come into force on May 25, 2018.
through 11 texts, the new regulation will therefore have the merit of serving as a single reference text on the subject and directly applicable:
Law No. 2004-575 of June 21, 2004 for confidence in the digital economy
audiovisual communication services
with regard to the processing of personal data and amending Act No.
78-17 of 6 January 1978 relating to data processing, files and freedoms
network operation and the provision of communications services
electronic
Decree No. 2009-834 of July 7, 2009 establishing a department with national competence
called "Agence nationale de la sécurité des systèmes d'information
Law No. 2011-302 of March 22, 2011 adapting various provisions of the
legislation to EU health, labour and social legislation.
electronic communications
departments for people with disabilities and containing various provisions relating to
disability policy
Ordinance No. 2011-1012 of August 24, 2011 relating to electronic communications
european electronic communications
electronic communications in accordance with the new regulatory framework
European
- 1er
shutter : listening, interception, analysis and storage
SMS, e-mail or voice calls will be prohibited unless
consent of the user: this will concern the content of the
communication but also the data relating to the place, the time and the
recipient. (this will also concern applications such as WhatsApp,
Facebook, Skype, Gmail, etc.).
- 2th
shutter : the
transparency in the use of cookies. The objective is to offer
users a digital environment that is less 'invaded' by
cookie banners that are displayed on each page visited. In this regard,
the user will have the option to accept or decline cookies and
should be able to do it more
systematically by configuring the navigation parameters (concerning the
so-called "third-party cookies", which are essentially intended to
communicate data to third parties for commercial purposes, browsers
must be able to block them by default)
cookie is the equivalent of a small text file stored on the
user's terminal. Their appearance dates from the 90s and allow
thus allowing website developers to retain user data in order to
to facilitate navigation and to allow certain functionalities. The
cookies have always been more or less controversial because they contain
personal information that could potentially be exploited by
third.
account :
Directive 2002/58 on privacy: it contains rules on
the use of cookies. Article 5 §3 requires that the storage of data
(such as cookies) in the user's computer can only be
done if: the user is informed of how the data is used
the user is given the possibility to refuse this operation of
storage. However, this article also states that the storage of data for
technical reasons is exempted from this law. According to G29 Opinion No. 2/2010 of
2010, this directive remains very poorly applied: most sites
is limited to a simple "banner" informing about the use of
"without giving information on the uses, without
differentiate between "technical" and "business" cookies
It is not a question of "tracking", nor is it a question of offering real choice to the user.
Directive 2009/136/EC of 25 November 2009 therefore strengthens the obligations
prior to the placement of cookies on the user's computer, provided that
that the latter has given his consent after having received clear information and
complete. However, despite the will of the European legislator to the contrary, no
browser does not yet allow the dissociation of technical cookies and cookies
optional.
- 3th
shutter : prohibition of electronic communications
unsolicited, whatever the medium used (emails, SMS, calls
telephones, etc.). Except prior consent of the user. Thus, for
the sending of spams, the Net surfer will be able to materialize his consent by ticking
a box and thus receive offers commercial
of the society. Similarly, the consumer who has actively registered his number
on the red list shall not receive targeted telephone calls
commercial.
useful questions for France: in fact, sending spam is
already governed by consumer law in France, as well as the implementation of
place of telephone restrictions (“Platform “ bloctel.gouv.fr ”, resulting from the law n ° 2014-344 of March 17, 2014
on consumption). Text messages and voice messages are not affected, but
depend on another procedure (Platform of the 33 700).
are the actors of targeted advertising and
the GAFAs. Indeed, the commission's new proposal intends to include
within its scope all service providers
telecommunications: such as Facebook (Facebook Messenger), WhatsApp, Google
Hangouts etc.
proposal does not go far enough in terms of data protection.
British PhD researcher
IT from INRIA, specializing in security and privacy issues,
the commission's proposal does not take not
take into account the technical developments awaiting browsers and this
finally content to validate the status quo: “ For example, this new update of the directive does not take
not take into account the fact that browsers will soon have
much more powerful features, such as access to sensor data
or the pairing between the browser and the user's device, via
Bluetooth. ".
Thus, browsers will be able to enter data via the
connected devices, including the collection of cookies.
would simply seem to renew some bases already acquired in 2009 or with
the new Directive coming into force in 2018, without really bringing any
progress.
See also: https://roquefeuil.avocat.fr/reglementation-des-cookies/
The states
announce that they will take a position on this regulation only from the end of April 2017.
On 9 February 2017, the G29 stated that it will publish its opinion on the Regulation " maybe in April, surely before
summer [Editor's note: 2017]".
MR