Personal data must be collected and processed fairly and lawfully for specified, explicit, and legitimate purposes, and with the consent of the data subject.
In addition to the right to consent, data subjects have been given the following rights: right to be informed, right to object, right of access, right to correct and delete information, and right to be forgotten.
The 1978 Law is said to have inspired the drafting of Directive 95/46/EC on personal data protection. The 1995 Directive intended to harmonize the protection of the right to the privacy of individuals with respect to the processing of personal data among Member States. France transposed this Directive by Law 2004-801 of August 6, 2004 (2004 Law). As the 1978 Law was largely compatible with the 1995 Directive, most of its articles remained unchanged and it has kept its original number and is generally referred to as Law 1978 of January 6, 1978, as amended by Law 2004-801 of August 6, 2004.
It also created an independent data protection authority, the National Data Processing and Liberties Commission (Commission Nationale de l’Informatique et des Libertés, CNIL).
The CNIL’s primary mission is to ensure that the development of information technology remains at the service of each citizen and does not infringe upon human identity, the rights of man, or individual or public liberties.
The articles include “Ten Recommendations on PC Security,” “The Duties of Bloggers,” “Targeted Marketing on the Internet,” “Search Engines and Privacy,” “Street View: CNIL Review,” “The Status of IP Addresses”, and “Social Networks.” The CNIL has also published a study on security regarding the latest generation of smartphones, providing ten recommendations on how to protect personal data, including one’s geographic position. Its recommendations include avoiding the recording of confidential information in a smartphone, choosing a complicated code, adding an automatic lock to the code, installing antivirus software, and turning off the GPS or Wi-Fi feature when not using a location-based application. In addition, the CNIL recently reissued guidance on cookies. The 1978 Law applies to the processing, automated or not, of personal data contained or intended to be part of a personal data filing system.
It applies to the processing of personal data (automated or not) from the private and public sectors carried out by a natural person or legal entity. Processing undertaken exclusively for private (personal or household) activities is excluded.
A draft law further strengthening personal data protection has been pending before Parliament since March 2010.