![Default Article Featured Image_laptop-newspaper-global-article-090623[95].jpg](https://images.contentstack.io/v3/assets/bltd4dd5b2d705252bc/blt61f52659e86e1227/64ff207a8606a815d1c86182/laptop-newspaper-global-article-090623[95].jpg?width=3840&quality=75&format=pjpg&auto=webp)
Last year, the French Parliament authorized the government to implement by way of “ordinance” the so-called “telecom package” of Directives of 25 November 2009 (2009/139/EC and 2009/140/EC).
The draft text includes an amendment to the provision of the French Data Protection Act relating to cookies and other web beacons. The amendment provides that one can access information stored in the terminal equipment of a user of a communication network or insert information in this equipment only after having sought the consent of the user. The text specifies that the consent may result from appropriate parameters of the user’s connection device or of any other device under the user’s control.
The scope of the security breach section is restricted to data processing activities implemented in the framework of the provision of electronic communication services on networks open to the public. They provide for a two-tier notice mechanism in case of “violation of personal data,” which is defined as either a breach of security leading to the accidental or unlawful destruction, loss, modification or disclosure of data or non-authorized access to data.
In any event, the CNIL must be notified promptly of the “violation” by the e-communication service provider.
If the violation could impact the personal data or the privacy of an individual, the service provider must promptly inform the individual unless the CNIL has approved the technological measures implemented to remedy the violation and verified their implementation.
The government opened a public consultation on the text. The public comment period ended on May 20.
The CNIL will provide its opinion on the text.
