How best to defend individual freedom, privacy and “the right to be forgotten” in a context of increased focus on public security and the fight against terrorism were the core topics when more than 20 AAPA members met on Jan. 21 with Isabelle Falque-Pierrotin, President of France’s Commission Nationale de l’Informatique et des Libertés (CNIL).


Speaking at the CNIL’s Parisian headquarters, Mme Falque-Pierrotin spoke about how Europe’s digital freedom authorities are grappling with major Internet providers such as Google Inc, and on-going efforts to harmonise Europe’s response to questions of individual and business privacy.

The CNIL chief, who also heads the European Union’s “G-29” working group on privacy and developments for “digital Europe”, said experts are working on a legal framework to ensure rights are protected. But she also pointed out that governments must also quickly adapt to rapid changes in this area.

She urged Internet providers to adopt a “compliance pact,” and said there’s a need to amalgamate “accountability and sanctions” and emulate “the best of the Anglo-Saxon regulations” in order to develop a “toolbox” to tackle issues in the digital sector.

Mme. Falque-Pierrotin acknowledged that European approaches vary concerning the dispute with providers such as Google, but her approach was to negotiate a settlement. However, if this didn’t work the CNIL would envisage harsher measures, including “financial sanctions,” she said.

There is “an enormous debate and lobbying” surrounding the need for Europe-wide regulation, she said. But she stressed that the timetable for adopting a “regulation” in 2015 to help protect European Union sovereignty has been set in stone.

This year “will be a decisive year (when) Europe must make its voice heard, forcefully,” she said, adding: “We must have priority measures” for companies and individuals.

The need for public security amid growing calls for greater monitoring of the Internet was also broadly discussed, and she revealed that his question has been under discussion by the “G29” for some time. The working group is to meet in 10 days time to discuss this and other matters, the CNIL head noted.

In 2014, she said, the working group issued an opinion that “with regard to EU law, massive surveillance is illegal.” That is the case in France, she noted, where “systematic, collective, automatic surveillance” is outlawed.

As new security laws come forward, Falque-Pierrotin maintained that the role of the CNIL will be to ensure “guarantees” to avoid such laws going too far or violating existing rights.

The CNIL’s role in ensuring legislation that contains guarantees for privacy is vital, she said. However, she admitted her organisation did not have access to “Intelligence” files, but can gain access to regular police records.

She argued that it is “a bad choice to sacrifice freedom for security” and we should avoid this “binary” view and add the third element of “guarantees” in a national or European legislative framework to ensure security does not impede on public freedoms.

Concerning the thorny issue of “the right to be forgotten” and individual requests to be removed from Internet listings with major providers, Mme. Falque-Pierrotin said this “showed the extraordinary expectations of digital users”. There have been 250,000 requests here to be removed from listings and archives at Internet providers in a period of three months, but only 200 complaints to the  CNIL for non-compliance by providers.

John Keating