|OVERVIEW||The French data protection authority (CNIL) is one of the largest in Europe and actively enforces the French privacy and data protection laws.|
|ENACTED||1978 for Law 78-17 and 2004 for Act No. 78-17|
|GENERAL PRIVACY LAWS||
Article 9 of the French Civil Code provides a right to privacy.
Article 226 of the Criminal Code provides that willfully infringing someone else’s privacy is a criminal offense and specifies penalties incurred for interception of correspondence.
|PERSONAL DATA PROTECTION LAWS AND REGULATIONS||
Law 78-17 of January 6, 1978 on information technology, files and freedoms governs collection and storage of personal electronic data.
Act No. 78-17 Amended by the Act of 6 August 2004 relating to the Protection of Individuals with regard to the Processing of Personal Data relating to the protection of individuals with regard to the processing of personal data.
In most circumstances, the law requires the data controller to file a registration with the CNIL prior to processing the data.
|TYPE OF DATA PROTECTED||Personal Data.|
|WORKPLACE PRIVACY LAWS||
The French Labor Code prohibits restrictions of workers’ rights and individual and collective freedoms unless it is justified by the nature of the task to be accomplished or proportionate to the desired objective.
Employers must justify monitoring.
Employees must be made aware of any monitoring.
The Data Protection Act contains restrictions on the transfer of personal data to third countries outside of the European Economic Area (EEA). Personal data can be transferred to another country only if that country ensures the level of data protection that corresponds to the level of data protection in France.
Chapter XII of Act No. 78-17 complies with the requirements of the EU Data Protection Directive.
|FINES AND SANCTIONS||
Chapter VII of Act No. 78-17 sets forth the sanctions the CNIL may impose for violations of the Act. These include:
Chapter VIII provides for criminal sanctions.
|OTHER PRIVACY LAWS AND REGULATIONS||
The Penal Code (Code Penal) imposes a duty of confidentiality upon professionals, including physicians, with regard to personal information provided by their clients or patients. Disclosure of information "of a private nature" by an individual who has received that information as a consequence of his or her professional position may be punished by imprisonment for up to one year or a fine of up to €15,000.
Prime Ministerial Decree Relating to Access to Personal Information Held by Health Professionals and Institutions under Articles L.1111-7 and L1112-1 of the Code of Public Health
As of January 2002, the French Penal Code provides that it is an offence punishable by a year's imprisonment and a fine of €45,000 to "intercept, divert, use or divulge communications transmitted or received by telephone" or to install a telecommunications interception device.