Right of data processing - SpeedyLook encyclopedia

One can gather under the expression right of data processing the whole of the provisions Normative S or Jurisprudentielle S relating to the New technologies of information and the communication (NTIC).

One cannot however not describe it like an organic unit such as the Civil law or the Commercial law. Because of the diffusion of the Data-processing in a great number of activities as well professional as deprived, this right consists rather of modifications, sometimes substantial (bearing Droit of the communication on the Usage S of the Information), sometimes minor, of a great number of existing fields of the Droit.

History

For including/understanding the right of data processing well, it is necessary to go back to the prehistory of data processing, i.e. with the Mécanographie.

Data processing: the Patent

The inventor of the Mécanographie was an American of German origin, Hermann Hollerith. This one had been employed for the American Recensement of 1880. Employed at the American office of the Patent S, it had the idea to develop a process making it possible to automate the census, and made deposit a Brevet for the Perforated card.

In the Years 1930, IBM bought the Brevet S of the Carte Hollerith in Tabulating Machine Company. Bull also worked with patents.

The system of Brevet was the only means of protecting the inventions in the Mécanographie until the Second world war.

Data-processing: diversification of the right

Data processing was born Après-guerre in the immediate future with the the United States. In Europe, it appeared only towards the end of the Années 1950, once the essence of the rebuilding carried out.

When the software appeared in the Années 1960, the American office of patents (USPTO) did not recognize the software patents. In Europe, some software patents were granted. See: Patentability of the software.

The problems of respect of individual freedoms were in France at the origin of the data-processing Loi and freedoms, in 1978, then giving rise to the National Commission of data processing and freedoms (CNIL). This law constitutes the legal source of the right in the data-processing field in this country. There is not in France of code of data processing.

In general, the Logiciel S were covered by the Royalty.

Protection of the informational Inheritance

Problems

The organizations have a need important to protect their Actif S. But it is considered that 60 to 70% of the Actif S of the organizations today consist of Actifs immaterial (see also immaterial Capital), mainly represented by their Information system: Software S, for which it is necessary to add the material , networks,…

It is expected that the Information system is entered like Intangible fixed assets in the Norme S accountants IAS/IFRS in the course of application since 2005. Most of the Information system is likely to pass in Investissement, and will not be regarded any more as loads.

This is not without posing problems of protection of the informational Patrimoine: in addition to the traditional problems of Data security and Information system security, questions of Droit arise. There can be risks of plundering: Counterfeit of Software, Hacking…

Different approaches between the the United States and the European Union

The question of the protection of the informational Patrimoine consisted the Logiciel S is the subject currently of debates. With the the United States, the tradition is to protect the Logiciel S by Brevet S. On the other hand, in France and in the European Union, because of a stronger importance attached to the Free software, one remains attached to the Royalty . Those form part in the beginning of the Literary property and artistic, included today in the Code of the intellectual property (in France).

The European Union was recently opposed to the Brevetabilité of the software.

Relation with the Intellectual property

Many a Logiciel S is developed in practice for the Innovation industrial processes, especially today with the implementation of Poles of competitiveness. On the industrial Drawings and models, a harmonization is in hand between the États-membres. It precisely encounters differences between the legislations of the Member States on the relationship with the Royalty .

In Europe, the European Parliament opposed the software patents (see controversy on the patentability of the software). The Logiciel S thus function according to the Royalty , with licenses.

The licenses of software can be of two types:

Use of the computer's resources

The computer is not work tools like the others. Omnipresent in the daily tasks for many employees, it constitutes for them an essential component tallies of work inside the company. For this reason relative questions with the protection of the “private sphere” of the employee arise, control of his activities by the employer and the responsibility for this one compared to the use which its employee can make of the computer tools.

Control by the employer of the use of the computer's resources

In France, new technologies led the legislator, the judge and the CNIL, authority of Régulation, to redefine separation between private life and professional sphere in order to specify until where the freedom of the employee goes on his work place and where must stop the action of control of the employer. Any activity of the employee carried out on his work place or with the tools placed at the disposal by its employer does not raise, indeed, of the professional sphere.

General principles

The Court of appeal has, by its stop “Nikon” of October 2nd, 2001, wide the concept of private life by applying it to the professional environment by a decision of principle: “the employee has right, even at time and instead of work, with the respect of the intimacy of his private life”, which implies in particular the right to the respect of the secrecy of the correspondences.

CNIL, as for it, followed by the legislator, declared that the employer cannot install an inspecting device without as a preliminary to have informed the employees likely to be subjected there. Thus, the recordings of a camera of Vidéo-surveillance cannot be used as average of Preuve towards an employee who was not as a preliminary informed existence of this device. This principle finds now new applications in data processing: put in network of the machines, digitalization of the contents, information storage on hard drives or magnetic bands of Sauvegarde facilitate the installation of devices of particularly powerful Cyber-monitoring.

Another principle is that of the collective discussion. The employer must consult the Work's council on the introduction of any technique “ allowing a control of the activity of the employees”.

In supplement, the employer is subjected to an obligation of proportionality: when well even it would have respected the obligations of preliminary information and discussion with the work's council, it cannot implement devices which would restrict in an abusive way the right of the employees to the respect of their private life, principle posed by of the Civil code.

Use of Internet

Internet became work tools running in many companies and organizations, so much so that its prohibition pure and simple by the employer hardly seems possible. CNIL admits thus that “a prohibition general and absolute of any use of Internet at ends other than professional does not appear realistic in a company of information and communication, and seems disproportionate taking into consideration their interpretation and applicable text by jurisprudence”. However, the nature even of Internet makes possible its use at personal and nonprofessional ends.

The employer can fix in a charter the conditions and the limits of such a use of Internet. He can for example filter certain sites on the condition of informing the Employé S and to consult the Work's council. If it sets up a device making it possible to collect data of connection for each station, it must declare this treatment at the CNIL, except if a data-processing Corresponding and freedoms were indicated.

The use of Internet at the office is vast subject, the administrator must at the same time ensure the safety of his information system and at the same time respect the confidentiality of the people in the name of the right residual of each employee. As it was higher specified, the DSI, RSSI or administrator must respect a certain number of laws, with the risk to see taking its responsibility penal in front of the courts.

As soon as the administrator collects in a way or another of the data in personal matters, it must do it in the compliance with the 3 rules of the labor regulation previously evoked:

Principle of proportionality : The data in personal matter can be collected and treated only for one use legitimate and determined
Principe of transparency : No information concerning an employee personally (…) cannot be collected by a device which was not carried before the knowledge of paid the
Principe of collective discussion : Any data processing must make the object of information and consultation near the person in charge of the personnel and the work's council.

the administrator must also respect the data-processing law and freedom: This law provides that the data processing in personal matters must be " not discriminatoire" , " confidentiel" and under the responsibility of the person in charge of the treatment which must declare all types of data that it treats.

the law on the conservation of the logs The new law for the fight against the terrosism of Sarkozy specifies that the companies must preserve the logs during 1 year. It is the case of jurisprudence of the BNP Paribas, which was condemned not to have been able to provide the logs required by legal requisition.

charter Internet is another problems… It is obligatory when the data processing department data-gathering in personal matter. (i.e. about all the time today!). It aims to fix the rules related to the use of the whole of the computer's resources and must obligatorily authorize a personal use of these resources under penalty of being null and void. One white paper was plublié on all these subjects and was recommended by " The computing world of March 9th, 2007 " :

Email

According to the CNIL, “the use of the Email to send or receive, in reasonable proportions, a message in personal matter corresponds to a Usage socially allowed generally and”. The employer will be able to thus reach it freely, except if the employee clearly identified these files like personnel. A manner simple to characterize files as private is to gather them in a repertory whose name is “private”. In this case, the employer will be able to have access to these files, except “in the event of risk or particular event”, only in the presence of the employee or after having convened it for this purpose (Court of appeal,). The agreement of the employee is thus not necessary, but the “excavation” cannot be made without it being informed.

Responsibility for the employer because of the activities of his employees on Internet

In certain cases, the employer can be responsible because of the activities for his employees on Internet. According to a stop of the Court of Appeal of Aix-en-Provence of March 13rd, 2006, the employer is responsible for the fault made by an employee having created an illicit personal site by using the access to Internet provided by his Entreprise. In fact, an employee, that his company had authorized to a certain extent to use Internet from its work station, had created an Internet site disparaging another company. The Responsabilité for the employer does not exclude the responsibility for paid itself (condemned in fact for Contrefaçon). The employer can limit his responsibility if it implemented the means necessary to prevent that an infringement occurs inside its company. The first rampart is of course charter Internet (more the Olfeo site takes stock above: ), but with the case of jurisprudence of Lucent Technology where the company had established a Charter Internet in the rules by authorizing a consultation " raisonnable" (recommendation of the CNIL) of Internet sites not professionals. However Lucent was seen condemned as accessory to paid because it had not implemented sufficient means to avoid the practices of its employee, in particular because of this “window” of personal use however obligatory. Will the means necessary to avoid of such infringement lie in the installation of a tool for filtering of URL? In any case the CNIL, recommends it.

Personal recording and data processing

A new field for the right: Internet

Position of the problem

Internet poses new problems with the right, which must take into account its basically transnational character. In addition, the facility with which private individuals as of the organizations can disseminate informations on the Internet induces a new articulation between the principle of the Freedom of expression and the need for the protection of the Private life and the rights of Intellectual property. Are a shelterer of Web site, an author of Blog, an administrator of forum responsible for the Contenu which appears on their site in the same way that an editor of press? The law and jurisprudence currently clear this ground.

In addition, the emergence of the Web 2.0 offers increased possibilities of use of key words (beacons or “ tags ”) in the E-business, thus gearing down the possibilities of Recherche of information and exchanges of Services Web by processes of " discovered ". The question of the control of information thus arises in the management of the services of directories which can be proposed.

Some legal aspects are evoked below.

Suppliers of access to Internet

Recording of the data of Connection

The various applicable texts, and more precisely the law for confidence in the digital economy of June 21st, 2004, result in distinguishing the obligations from the suppliers from access (and other actors assimilated under the term of “operators of electronic communication”) from those of the shelterers from contents.

A small effort of definition is essential: the FAI are, under article 43-7 of the law of 1986 on the freedom of communication, as modified by the law of the 8/1/2000 (begun again with the article 6-I 1° of the LCEN): “natural persons or morals whose activity is to offer an access at departments of communication on line other than of private correspondence”.

The article L34-1 I refers as for him with the concept “of operator of electronic communication”, which includes “in particular” the FAI. A definition of these “operators of electronic communication” can be found in the directive “Networks” of March 7th, 2002: “a company which provides or which is authorized to provide a public communication network or an associated resource”. At the end of this definition are mainly aimed at the mobile telephone operators.

has the base of the article L 34-1:

They is here that is found the mode original of conservation of the data of connection, resulting from the law of the 8/1/2000 and altered to many recoveries, until the so much awaited decree of the 3/24/2006.

This decree was absolutely necessary insofar as the law of the 8/1/2000 did not determine with precision the categories of data having to be stored, the shelf life, as well as the compensation of the operators when requisitions are carried out.

However this decree of the 3/24/2006 was the subject of a recourse in abuse of power introduced by the Association of the Suppliers of Access in front of the Council of State and tending:  with the cancellation of the decree  with the cancellation of the decree taken pursuant to this decree and drawing up the tables of compensation of the expenses supported by the operators.

This recourse gave place to a stop of the Council of State on 8/7/2007 which:  rejects the proceedings for annulment formulated against the decree of the 3/24/2006  validates the major part of the device of compensation for the people receiving benefits subjected to the obligation for conservation (except for a provision which envisaged the compensation “on estimate”, the Council of State considering that the tariff was to be fixed beforehand).

i- data having to be preserved: It is advisable as a preliminary to recall that the principle remains the obliteration of the data generated automatically at the time of a communication. The conservation of the data subsequently to the end of the communication which generated them thus remains the exception, which underlines the art.34-1 II by pointing out the finality of this conservation: “for the needs for research, the observation and the continuation of penal offenses, and with an only aim of allowing, as a need, the provision of the legal authority of information, it can be differed for one maximum duration one year to the operations tending to erase or make anonymous certain categories of technical data”.

Being thus an exception to the principle of obliteration one can be astonished by the lack of precision of this article, which refers only to “certain technical data”. The list was finally given by it by the decree of the above mentioned 3/24/2006. It is about information making it possible to identify the user, and more precisely:

 information allowing to identify the user;  relative data with the final equipment of communication used  features as well as the date, the schedule and the duration of each communication  relative data with the complementary services requested or used and their suppliers;  data allowing to identify the recipients of the communication.

From this list the relative data with the contents are obviously excluded from the exchanged correspondences, or consulted information, during the communication.

II shelf life: It is fixed at one year as from their recording. This provision is in conformity with those of article 6 of the directive 2006/24/CE of March 15th, 2006 which envisages one duration going from six months to two years.

III it compensation of the overcosts generated by the obligation of conservation: The law of January 23rd, 2006 envisaged to cover “the identifiable and specific overcosts” born from the requests for communication of the data and of differed from the operations from anonymisation and possibly reported on the operators and people subjected to the obligations from conservation from the data of connection of the articles L. 34-1 of the CPCE and 6-II (a) of the LCEN. The decree of March 24th, 2006, lays down the methods of this compensation, by founding an article R213-1 within the criminal procedure code, returning to a decree of the Minister for the economy, finances and industry and Minister of Justice. This decree intervened the 8/22/2006 and following the recourse formed by the AFA, it was validated by the Council of State in its stop of the above mentioned 8/7/2007.

iv the sanction of the failure to this obligation of conservation: One year of imprisonment and 75.000€ of fine. These sorrows are quintupled if the person receiving benefits is a moral person.

B the base of the L34-1-1 article: This article was inserted by the law “anti-terrorism” of 2006, its sphere of activity is thus less wide. This new procedure of requisition in addition was the subject of the decree of the 12/22/2006.

i- the finality of the conservation: The law on this point was partly censured by the Constitutional council. In the beginning it provided that the purpose of the conservation was the prevention and repression of the terrorist infringements.

However being a procedure of administrative requisitions, as it will be thereafter detailed, the Constitutional council judged that this formulation was contrary with the principle of separation of the executive powers and legal.

II data having to be preserved, shelf life and methods of compensation of the overcosts: The data having to be preserved are, with little thing near, the same ones as those having to be preserved on the base of the article L34-1 (what is logical insofar as the debtors of the obligation of conservation are the same ones).

In the same way, the shelf life, by the operators of electronic communication of these data is one year as from their recording.

Finally the compensation for the operators of electronic communications is done on the basis of table appearing as an annexe of the decree of the 8/22/2006.

III procedure of requisition: This procedure of requisition is a measurement of administrative police force, and, for this reason, she escapes control from the legal judge.

 qualified people to ask the communication of the data: The L34-1-1 article provides that only “the agents individually indicated and duly competent police services and of gendarmerie main roads especially in charge of these missions (fight against terrorism)” will be able to ask for the communication of these data. Those are named by the chiefs of the police services and gendarmerie in charge of the missions of prevention of the terrorist acts (art R. 10-15 CPCE).

 the framing of the requests communication:  they must contain (Art R.10-17 CPCE):  the name and the quality of the applicant, like his service of assignment and the address of this one.  the nature of the data whose communication is required and, if necessary, the period concerned.  the motivation of the request (this motivation not being transmitted to the agent entitled to the operators which carries out the communication).  they are subjected to the decision of a qualified personality, placed near the Ministry for the Interior This “qualified personality” is named for three years renewable by the National Commission of Control of the Interceptions of Safety on a proposal from the Minister of Interior Department and must draw up an annual report of activity bound for the CNCIS). Mr. François Jaspart was named in this quality by the decision n°1/2006 of the 12/26/2006 of the CNCIS.  they are the subject of a recording at the CNCIS  the CNCIS can operate controls constantly.

 shelf life of the data by the qualified agents: It is three years as from the communication of these data, which was not without causing many criticisms, some seeing a means there of circumventing the two years maximum duration posed by the directive 2006/24/CE of March 15th, 2006.

That it is within the framework of the L34-1 article or that of the L34-1-1 article, no jurisprudential decision still intervened to sanction this new mode and this more especially as the FAI, via the AFA had undertaken proceedings for annulment of the decree of the 3/24/2006. This recourse was rejected, as it was known as higher. It does not remain about it less than between the entry pursuant to the decree in March 2006 and the Council Decision of State on August 7th, certain FAI drew argument from this recourse to refuse to answer the requisitions of the services of investigation.

Responsibility compared to the contents for the lodged sites

If a user of Internet publishes on his personal site a defamatory text towards another person, its responsibility can be committed as well as if it had used another means of communication. But what is it company which provided him average the techniques to publish this text? Can the shelterer see his responsibility (civil or penal) committed for writings published on the sites of which it with the load?

In France, the Loi for confidence in the digital economy specifies that the Fournisseurs of access to Internet are released from any civil responsibility and penal if the publication is made without manual intervention of the shelterer and that this one makes inaccessible the litigious contents as soon as it is informed of it:

The essential stake is here the legal qualification of the person receiving benefits who technically allows the publication of the contents on Internet. According to its degree of intervention in these contents, it will be described as simple shelterer, will be released from responsibility compared to the contents, or editor of press, person in charge of the contents published pursuant to the Loi on freedom of the press of July 29th, 1881. This question raises an abundant legal dispute.

Web sites

legal Mode according to the nature of the site (personal site, blog, moderate forum a priori , moderate forum a posteriori , commercial site, media on line, public site…)
Freedom of expression on Internet.
Responsibility and obligation S of the authors of Web sites compared to their contents.
Recording and treatment of the Personal data of the visitors.

Management of the proof for the electronic Contract S

Legal status of the contracts
the problem of the Preuve (imputability) must be treated through standards of records management, of which some comprise Métadonnée S. This point is treated differently in public Droit and Private law.

Syndication

In the case of exchange S of information with Partner S or Recipients, one needs to use techniques of diffusion of the updates of the Web sites (see Syndication, RSS): which are the legal rules to apply for the various types of moral persons (Institution S public, Entreprise S private,…).

Aspects of computerization putting question compared to the traditional field of the right

the E-voting,
the Email,
the Protection of the private life,
the E-business and services of Directories UDDI
the Web 2.0

(...)

Qualified organizations as regards right of data processing

International Federation off Computer Law (IFCLA) international association with scientific goal, whose head office is in Brussels.
Site of the IFCLA
Site of the French Association of the Right of Data processing and Telecommunication

See too

Internal bonds

informational Inheritance
Right of telecommunications

External bonds to deepen

Site of the CNIL
Regional office of Information Technologies of Ile de France, precautions
Right and legislation on Internet (for webmaster)

Random links:

The Marsh (the Essonne) | Stinky Toys | ㄲ | List races of Mortal Kombat | Pseudolarix