French senators debate over-reliance on databases

The government, represented by Minister Delegate for Citizenship Marlène Schiappa before the Senate, has justified the change, saying that the "security context has become tense globally", and that while technology has evolved, "data law has grown" with the EU's GDPR. [Lianhao Qu/Unsplash]

As the so-called “global security law” opened Pandora’s box in France regarding privacy protection, the national parliament’s upper house debated last week whether the data of too many people are stored in the country’s databases for identification, administrative or surveillance purposes. EURACTIV France reports.

Deputies in the French Senate probed the matter on 10 February, at a time when the security context appears to be gradually taking precedence over health matters.

According to a parliamentary report, 106 databases were made available to administrative and police/gendarmerie services in 2018, compared to the 58 in 2009.

While the multiplication of files often is justified by the need to compartmentalise them, Bastien Le Querrec of La Quadrature du Net warns that “the fact that there are many files does not mean they are small”.

Last Wednesday (10 February), senator Eliane Assassi of the Communist, Republican, Citizen, and Ecologist group – who initiated the discussion – said she was concerned about the “multiplication” and “massification” of files in France, which she considers “dehumanising”.

“We are accumulating these data with a predictive, not preventive logic,” she said.

‘Contradictory demands’

Three government decrees issued on 2 December further expanded the information that may be contained in the main intelligence files of the police and gendarmerie, and data collection is now allowed with regards to “political opinions, philosophical or religious beliefs or trade union membership”, while it was previously limited only to “activities”.

“No to digital records, immediate withdrawal!” tweeted the president of the ecologist group in the Senate, Guillaume Gontard.

The government, represented by Minister Delegate for Citizenship Marlène Schiappa before the Senate, justified the change saying that the “security context has become tense globally”, and that while technology has evolved, “data law has grown” with the EU’s General Data Protection Regulation (GDPR).

The decrees are also there to reconcile the “contradictory demands” of the French people, Schiappa added.

“Militancy is not a data item that is of interest in itself” and “belonging to a trade union is never a reason in itself that justifies filing”, Schiappa assured legislators.

GDPR could obstruct AI development, MEP says

The EU’s digital agenda over the next mandate is set to be marked by a series of broad-ranging reforms, from artificial intelligence and data protection to cryptocurrency regulation and digital tax. EURACTIV talked to Greek MEP Eva Kaili about how she hopes the EU’s digital agenda over the next five years will play out.

According to Le Querrec, the return “in a completely uncomplexed manner” of the police database known as EDVIGE – a police database set to gather considerably broaden the categories of persons potentially on file for the sole reason of being “likely to undermine public order”, as well as the list of information recorded without much detail as to the reasons for information’s use or collection – is very worrying.

EDVIGE was created in June 2008, then dropped a few months later after it faced public outcry.

Although “a register will always be made for ideas that are more or less acceptable,” according to Le Querrec, cases of abuse and misuse of initial objectives can be numerous and are unfortunately noticed after the fact.

During the first lockdown in April 2020, it was only after a Rennes court released a defendant accused of a repeat offense in flouting lockdown measures, that his lawyer found that the police and gendarmes had consulted his road traffic offense file to establish a repeat offense, diverting from the data’s original use.

The country’s interior ministry then changed the rules in an order issued on 14 April, by allowing the file to keep information relating to a fine or offense for five to 10 years.

Mass surveillance permitted only for national security concerns, EU court says

EU countries are permitted to carry out the indiscriminate transmission and retention of communications data only when there is a ‘serious threat to national security’, the bloc’s highest court ruled on Tuesday (6 October).

Lack of control?

As many databases collect information that could be considered sensitive, it becomes difficult to control their use. The competent authority in this area is the French data watchdog, the CNIL.

However, the CNIL’s opinion regarding a created database is purely consultative and does not constitute an “authorisation” or “refusal”. CNIL “exercises a prior control over their [databases] implementation conditions,” the French data watchdog told EURACTIV France.

Former CNIL president Isabelle Falque-Pierrot told Le Figaro in 2018 that the body “lacks the means to cope with its new and ever-increasing missions”. On top of that, the existing access and correction procedures are not within everyone’s reach or even always operational, according to La Quadrature du Net.

On 12 January, the CNIL warned the interior ministry about its illegal use of drones equipped with cameras outside any legal framework.

Le Querrec also noted that collected data is rarely updated, and although this may be detrimental to the individuals featured in them, “prosecutors have other things to do.”

Google challenges French data watchdog's €100 million fine in court

France’s administrative court known as the Council of State considered on Thursday an application for interim measures filed by Google LLC and Google Ireland after the French Data Protection Authority known as the CNIL fined the digital giant €100 million last December for its cookie collection policy. EURACTIV France was at the hearing.

No ‘Big Brother’

Interior Minister Gérald Darmanin told Franceinfo on 10 December the government would “specify the decrees, there is no problem. I am a republican minister and I answer to republican institutions. We mustn’t see this as a kind of Big Brother”.

However, some organisations still have concerns.

“When the administration and intelligence services are allowed to have such exorbitant registration powers, they will, of course, use them and there are no safeguards in this area,” said Le Querrec, who pointed out that “registration increases the pressure on minorities”.

During a parliament session last week, senator Jérôme Durain stressed that “we often voluntarily accept giving personal data”.

We are “much less concerned about files held by third parties,” the senator said, in reference to the so-called GAFAM (Google, Amazon, Facebook, Apple, Microsoft),

Le Querrec pointed out, however, that “the difference is that with the state, it is much more difficult to oppose and protect oneself against it”.

[Edited by Zoran Radosavljevic]

Subscribe to our newsletters