Data protection and privacy—France—Q&A guide

The following Information Law practice note provides comprehensive and up to date legal information covering:

  • Data protection and privacy—France—Q&A guide
  • 1. Summarise the legislative framework for the protection of personally identifiable information (PII). Does your jurisdiction have a dedicated data protection law? Is the data protection law in your jurisdiction based on any international instruments on privacy or data protection?
  • 2. Which authority is responsible for overseeing the data protection law? Describe the investigative powers of the authority.
  • 3. Are there legal obligations on the data protection authority to cooperate with other data protection authorities, or is there a mechanism to resolve different approaches?
  • 4. Can breaches of data protection law lead to administrative sanctions or orders, or criminal penalties? How would such breaches be handled?
  • 5. Does the data protection law cover all sectors and types of organisation or are some areas of activity outside its scope?
  • 6. Does the data protection law cover interception of communications, electronic marketing or monitoring and surveillance of individuals? If not, list other relevant laws in this regard.
  • 7. Identify any further laws or regulations that provide specific data protection rules for related areas.
  • 8. What forms of PII are covered by the law?
  • 9. Is the reach of the law limited to PII owners and processors of PII established or operating in the jurisdiction?
  • More...

Data protection and privacy—France—Q&A guide

This Practice Note contains a jurisdiction-specific Q&A guide to data protection and privacy in France published as part of the Lexology Getting the Deal Through series by Law Business Research (published: July 2020).

Authors: Aramis Law Firm—Benjamin May ; Farah Bencheliha

1. Summarise the legislative framework for the protection of personally identifiable information (PII). Does your jurisdiction have a dedicated data protection law? Is the data protection law in your jurisdiction based on any international instruments on privacy or data protection?

The legislative framework for the protection of PII in France is one of the oldest in Europe as it is based on the Law on Computer Technology and Freedom dated 6 January 1978 (LIL). This law has been amended several times since then, and especially by:

  1. Law No. 2004-801 dated 6 August 2004 to implement the provisions of Directive 95/46/CE;

  2. Law No. 2016-1321 dated 7 October 2016, which anticipates the implementation of certain provisions of the EU General Data Protection Regulation 2016/679 (GDPR);

  3. Law No. 2018-493 of 20 June 2018, which implements the GDPR in France and further amend the LIL; and

  4. Ordinance No. 2018-1125 of 12 December 2018 and Decree No. 2019-536 of 29 May 2019, which complete at the legislative level the compliance of the national law with the GDPR and redraft the LIL for better readability and understanding of

Popular documents