On June 14, 2013, the French Data Protection Authority (“CNIL”) announced that last March it had created an internal working group to study the privacy issues arising from the access of the personal data of French citizens by foreign public authorities. The CNIL further announced that the working group has decided to organize meetings with the various concerned stakeholders (attorneys, telecommunications operators, public institutions and non-governmental organizations) and that it has already had discussions with some of them. A summary of the CNIL’s findings is expected to be published in September 2013.
The creation of this working group was triggered by the fact that many non-EU countries have passed legislation allowing some of their public authorities to access the personal data of European citizens under certain conditions. The CNIL quoted examples of such legislation as the USA PATRIOT Act of 2001, the U.S. Foreign Intelligence Surveillance Act of 1978 Amendments Act of 2008 and the Indian Information Technology Act 2000.
The CNIL also noted that the development of cloud computing services raises concerns about the level of security and confidentiality of the personal data of European citizens stored in the cloud. In the CNIL’s view, the recent revelation of the U.S. PRISM surveillance program confirms the need to clarify these issues.