Online Public Communications
Liability of Internet Intermediaries
E-commerce
Encryption
Computer Crimes


On June 21 2004 the EU E-commerce Directive (2000/31/EC) was finally implemented into French law through the enactment of the Digital Economy Law (575/2004).

This long-awaited law (the directive was supposed to be implemented into national law by January 17 2002) implements the directive's provisions almost word for word on most issues, while adding a number of French twists, in particular with regard to internet service provider (ISP) liability, online communication and encryption.

Online Public Communications

The Digital Economy Law establishes a principle of freedom of 'public communications by electronic means', which is defined as:

"making available to the public or categories of the public, through means of electronic communications, signs, signals, texts, images, sounds or messages of any type which do not have a character of private correspondence".

Public communications by electronic means include the following types of communications: (i) audiovisual communication (ie, "communications to the public of radio or television services, regardless of the manner in which they are made available to the public, as well as any public communications by electronic means of services other than radio and television that are not included in the online public communications"); and (ii) online public communication (ie, "transmission, at individual request, of digital data that does not have a character of private correspondence by means of electronic communications permitting the mutual exchange of information between the sender and the recipient").

Pursuant to the Digital Economy Law, the French Supreme Audiovisual Council has competence over regulations of audiovisual communications, including radio and television programmes broadcast over the Internet, but does not have competence over regulations of all content posted on the Internet.

Liability of Internet Intermediaries

Access providers
The Digital Economy Law provides that "any person carrying out the activity of transmission of content on a telecommunications network or provision of access to a telecommunications network" has no civil or criminal liability for the content, unless it "initiates the transmission, selects the receiver of the transmission, or selects or modifies the transmitted content". The Digital Economy Law also reiterates the current obligation of such to "inform their subscribers of the existence of technical means enabling the subscribers to restrict access to certain services or to select them".

Caching providers
The Digital Economy Law provides that "any person carrying out the activity of automatic, intermediate and temporary storage of transmitted content for the sole purpose of making its onward transmission more efficient" has no civil or criminal liability for the content, unless it:

"modified the content, did not comply with conditions on access to it or rules on its updating, or interfered with the lawful and habitual use of technology used to obtain data... [or] did not act promptly to remove the stored content or to disable access to it as soon as it became aware that the original content was removed from the network, access to the original content was disabled or the judicial authorities had ordered the removal of the original content from the network or barred access to it."

Hosting service providers
The Digital Economy Law replaces a broad exemption of hosting service providers from liability for hosted content that existed under the law of August 1 2000 by two sets of circumstances under which hosting service providers are exempt from civil or criminal liability (previously, hosting service providers were civilly or criminally liable for the content hosted by them "only if, upon notification by a judicial authority, they did not promptly take the necessary steps to prevent access to this content").

The Digital Economy Law provides that "individuals or legal entities making available to the public, even for free, through online public communications services, the storage of signs, texts, pictures, sounds or messages of all kinds provided by the service user" are not civilly liable for the activity or content hosted at the request of the user if: (i) "they were not aware of their illegal character, or of facts or circumstances from which such illegal character is apparent"; or (ii) "upon becoming aware, they acted promptly to remove the information or disable access to it".

Hosting service providers are exempt from criminal liability for content hosted at the request of the service user if: (i) "they were not aware of the illegal activity or information"; or (ii) "upon becoming aware, they acted promptly to remove the information or disable access to it".

The exemptions do not apply if the service user "acts under the authority or control" of the hosting service provider. As the Digital Economy Law does not define what constitutes 'control', the French courts must decide, in particular, whether it means control of activities of the service recipient (as suggested by the EU E-commerce Directive) or control of information published by the service user (as suggested by some French parliamentarians during the enactment of the law).

In line with the EU E-commerce Directive, the Digital Economy Law provides that neither internet access providers nor hosting service providers have "a general obligation to monitor the information that they transfer or store, or...to search for facts or circumstances revealing illegal activities", although this does not prejudice the right of the courts to require a "targeted and temporary monitoring". Nevertheless, after much debate in Parliament, the Digital Economy Law requires internet access and hosting service providers to assist in the battle against certain crimes that have spread on the Internet. Specifically, the law requires them to "join together to fight the distribution of [materials] that support crimes against humanity or incite racial hatred, and child pornography". In particular, providers must: (i) implement an "easily accessible and visible technical mechanism allowing any person to alert the provider to such"; and (ii) "promptly inform competent public authorities of illicit activities reported to them or carried out by the service users, and make public the resources they dedicate to fighting such". Failure to comply with these obligations may result in criminal fines, imprisonment and, for legal entities, a prohibition on carrying out the relevant activities for a period of up to five years. Anticipating the adoption of these provisions, the French Association of Internet Access Providers adopted in June 2004 a charter specifying the resources used to fight unlawful content.

Although the Digital Economy Law does not introduce a notice and take-down procedure, it takes an important step in this direction by providing that the hosting service provider is presumed to be aware of litigious facts when it has been notified of certain information listed in the law.

In order to avoid false notices, the Digital Economy Law makes criminally liable any person reporting to hosting service providers a content or activity as illicit in order to obtain its removal while knowing that its claim is incorrect.

The French Constitutional Council validated the provisions on liability of hosting service providers on June 10 2004 and further decided that provisions of the Digital Economy Law "should not result in making liable a hosting service provider which did not remove information reported as illicit by a third party, if such information is not of a manifestly illicit character or if its removal was not ordered by a judge".

Despite the vagueness of the term 'manifestly illicit content', the Constitutional Council's decision should encourage hosting service providers not to remove systematically any content reported to them as illicit. Systematic removal - which is a side effect of the Digital Economy Law that some French commentators fear - may also be tempered by the economic interests of hosting service providers, which would risk losing clients if they gain a reputation as over-zealous censors.

E-commerce

The Digital Economy Law contains rules on the following:

  • liability of e-commerce vendors;

  • choice of law;

  • advertisements sent by email; and

  • electronic contracts.

It establishes the principle of the automatic liability of e-commerce vendors with regard to the purchaser for satisfactory performance of obligations under the agreement, regardless of whether these are performed by the e-commerce vendor itself or by other service providers. In order to avoid being held liable, the e-commerce vendor must prove that the non-performance or improper performance of the contract is due to the following:

  • the purchaser;

  • an unforeseeable and unavoidable act of a third party external to the supply of the goods or services under the contract; or

  • an event of force majeure.

The Digital Economy Law defines 'e-commerce' as "economic activity in which a person offers or ensures at a distance and by electronic means the supply of goods or services", even if the service user does not pay for them. Among other services, this includes the following:

  • provision of online information;

  • search engines;

  • access to communication networks; and

  • hosting data.

With regard to choice of law, the Digital Economy Law limits the instances where the choice of an EU member state law in a distance contract concluded with a French consumer would be disregarded in favour of French law. Specifically, it authorizes the parties to have the contract (other than for real estate located in France and certain insurance contracts) governed by the law of the EU member state where the e-commerce vendor is established, provided that the application of foreign law does not "deprive a consumer of usual residence in [France] from the protection afforded to him by the mandatory provisions of French law relating to contractual obligations". Provisions relating to contractual obligations are defined as "provisions applicable to the elements of the contract, including those specifying the consumer's rights, which have a determining influence on the decision to enter into a contract".

The Digital Economy Law establishes an opt-in system for the processing of data on physical persons for direct marketing purposes where advertisements are made to the person by email, calling machine or fax. Therefore, the recipient must give prior consent to receive such, 'consent' being "any manifestation of free, specific and informed will by which a person agrees that his personal data be used for direct marketing purposes". The only exception applies to unsolicited email advertisements sent by persons who have obtained directly from the recipients their email addresses in the context of the sale of a product or service, provided that:

  • the data was initially collected in compliance with the Data Protection Law 1978 (for further details, please see the Overview (November 2002));

  • commercial communications are limited to similar products or services of the same person; and

  • recipients "clearly and distinctly are given the opportunity to object, free of charge and in an easy manner", to such use of their email addresses when they are initially collected and when each message is sent to them.

It is prohibited to send commercial communications by email, calling machine or fax where the identity of the person on whose behalf the message is sent is dissimulated or where a "subject matter that is not related to the proposed product or service" is mentioned.

The Digital Economy Law expressly recognizes the validity of contracts concluded in electronic form by stating that where writing is required for the validity of a legal act, such may be provided by and stored in electronic form (except for certain acts, such as personal sureties, nuptial agreements or wills). If the signature of the contracting party is required, this may be done electronically, provided that the conditions of use "ensure that the notice has originated from him only".

The Digital Economy Law states that a person who offers, on a professional basis and by electronic means, to supply products or services must provide the applicable general and specific terms and conditions "in a manner that allows for their preservation and reproduction". It further provides that the offeror is bound by the offer as long as it is accessible electronically, due to the offeror's acts. In order for a contract to be validly concluded, the offeree must have been allowed to verify the details of his or her order and the total price, and to correct any errors before confirming acceptance. The offeror must then confirm the order "without unjustified delay".

Encryption

The Digital Economy Law liberalizes the supply of encryption products in France, while tightening the rules on the transfer of encryption products outside of France. As encryption products are essential in ensuring the security of electronic transactions, these provisions are of particular interest to all e-commerce vendors.

As under the current regime, the use of all encryption products is free. The supply, import and export of encryption products are also free if they are limited to the authentication or control of data integrity (eg, authentication of a person placing an order with an e-commerce vendor). The new regime submits the domestic supply and importation into France of encryption products which encrypt content (eg, data contained in an order placed with an e-commerce vendor) to a prior declaration regime, regardless of the strength of the encryption algorithm. The declaring party would be required to maintain for the use of the Prime Minister's Office a description of the technical characteristics of its products, as well as source code of the encryption software. The provision of encryption services would be subject to a prior declaration, the conditions of which are to be set by decree.

At the same time, the Digital Economy Law now requires a prior authorization for the transfer to another EU member state or exportation out of France of any encryption product that is not limited to authentication and data integrity functions, while in the past a declaration was sufficient for transfers and/or exports of certain encryption products to certain countries.

Future decrees may provide for exceptions to the prior declaration and prior authorization regimes for categories of encryption products or services that the Prime Minister's Office believes are not sensitive.

The liberalization of the use and supply of encryption products and services is accompanied by a significant reinforcement of the government's power to obtain the technical information necessary to decipher encrypted messages where necessary and of penalties for violation.

Computer Crimes

The Digital Economy Law significantly reinforces criminal penalties for the use of encryption products for the preparation, perpetration or facilitation of a criminal offence and the criminal interference with automated data processing systems. It further amends the Criminal Procedure Code to extend the notion of 'documents' to electronic data.


For further information on this topic please contact Bradley L Joslove or AndrĂ©i Krylov at Franklin by telephone (+33 1 45 02 79 00) or by fax (+33 1 45 02 79 01) or by email ([email protected] or [email protected]).