Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends
Posted in International/EU Privacy

French Parliamentary Commission Recommends Privacy Law Reform Citing Testimony of Hogan Lovells Privacy Lawyer

French FlagAfter a year of hearings, including meetings in Washington with the FTC and DOJ, a French parliamentary commission released its findings on the protection of individual rights in the digital revolution. The 384-page report from the French National Assembly covers a broad range of issues linked to data protection, including specific recommendations on EU privacy law reform. Hogan Lovells partner Winston Maxwell testified before the parliamentary commission and the commission cited Winston’s testimony in connection with the commission’s recommendations on the "right to be forgotten," privacy by design, and net neutrality. 

The parliamentary commission found that the "right to be forgotten," while an attractive concept, covers a broad range of different situations, and that the key element of the "right to be forgotten," i.e. that individuals have a right to access and to require the deletion of personal data about them, is already covered by existing law. Citing Maxwell’s testimony, the commission concluded that the creation of a new "right to be forgotten" does not appear necessary from a legal standpoint. On the issue of privacy by design, the commission recommended that Europe invest heavily in privacy-enhancing technology, and use privacy by design to create competitive edge for European industry.

The commission issued several recommendations on cloud computing, including a startling suggestion that future legislation should prohibit cloud services located outside the EU from storing sensitive data, such as health data, genetic data, data about children, and financial data. Prohibiting cloud services based outside the EU from handling sensitive data could create a major barrier to the development of cloud computing for the financial services industry and health care industry. The commission also recommended that cloud service providers be required to conduct security audits, and that French and European authorities conduct impact assessments on the risks of cloud computing conducted outside the EU. 

The commission recommended that the Article 29 Working Party be given a budget and personnel of its own in order to ensure the group’s independence. Echoing recommendations of the European Commission, the parliamentary commission urged reform of the rules on applicable law, citing diverging court decisions in France on the question of whether French data protection rules apply to Google.  

In an unexpected twist, the French parliamentary commission supported the use of a European Regulation in reforming European privacy rules, so as to ensure proper harmonisation of rules throughout Europe. This recommendation seems surprising coming from members of parliament because national parliaments generally want to maintain freedom to interpret EU rules, and a Directive, as opposed to a Regulation, gives Member States this freedom. Finally, the parliamentarians urge the French government to initiate diplomatic action to encourage the adoption of a new international treaty on data protection, under the auspices of the United Nations. The parliamentary commission echoed remarks of Hogan Lovells partner Christopher Wolf made at the eG8 conference in Paris, finding it highly regrettable that the eG8 had been organized without inviting a single data protection authority to speak.