The Technology, Media and Telecommunications Review: France
The French regulatory framework is based on the historical distinction between telecoms and postal activities on the one hand, and radio and television activities on the other (the two sectors are still governed by separate legislation and by separate regulators). Amendments in the past 15 years reflect the progress and the convergence of electronic communications, media and technologies, and the liberalisation of the TMT sectors caused by the de facto competition between fixed telephony (a monopoly until 1998) and new technologies of terrestrial, satellite and internet networks. French law also mirrors the EU regulatory framework through the enactment of the three EU Telecoms Packages in 1996, 2002 and 2009, which have been transposed into French law. The reform of the Telecoms Package in 2018, which resulted in the adoption of the European Electronic Communications Code (EECC), is to be transposed into national law by December 2020.2 As for the audiovisual sector, the Audiovisual Media Services Directive (AMSD) is also awaiting national transposition, the deadline initially set for September 2020 having already passed.3
The TMT sectors in France have been fully open to competition since 1 January 1998, and are characterised by the interactions of mandatory provisions originating from various sources and involving a diversity of actors (regulators, telecoms operators, and local, regional and national authorities). The TMT sectors are key to the French economy, and 2019 was once again an important year in many respects for these sectors' business.
i The regulators
The regulation of the technology, media and telecommunications sector in France is characterised by the large number of authorities:
The Authority for the Regulation of the Post and Electronic Communications (ARCEP) is an independent government agency that oversees the electronic communications and postal services sector. It ensures the implementation of universal services, imposes requirements on operators exerting a significant influence on the market, participates in defining the regulatory framework, allocates finite resources (RFs and numbers), imposes sanctions, resolves disputes and delivers authorisations for postal activities.
The Superior Audiovisual Council (CSA) is the regulatory authority responsible for the audiovisual sector. The CSA sets rules on broadcasting content and allocates frequencies by granting licences to radio and television operators. It also settles disputes that may arise between TV channels and their distributors, and is empowered to impose sanctions on operators in cases of breaches of specific regulations.
The High Authority for the Distribution of Works and the Protection of Copyright on the Internet (HADOPI) is in charge of protecting intellectual property rights over works of art and literature on the internet. An audiovisual reform originally planned for early 2020 including the merger of the CSA with the HADOPI has been indefinitely pushed back.
The Data Protection Authority (CNIL) and the French Competition Authority (FCA) also exert a significant influence in the sector.
These authorities may deliver opinions upon request by the government, Parliament or other independent administrative authorities, and, at the exception of HADOPI, also render decisions and opinions that may have a structural impact on these sectors. The National Frequency Agency (ANFR) is also an important agency in charge of inter-ministerial spectrum management and use as well as the supervision of independent radio networks (see Section IV).
ii Main sources of law
The prevailing regulatory regime in France regarding electronic communications is contained primarily in the Post and Electronic Communications Code (CPCE), and regarding audiovisual communications in Law No. 86-1067 of 30 September 1986 on Freedom to Communicate, as subsequently amended.
The main legislation governing the law applicable to data protection is the GDPR4 and Law No. 78-17 of 6 January 1978 on Information Technology, Data Files and Civil Liberties (1978 Data Protection Law), as subsequently amended, which supplements or derogates from the GDPR.
Intellectual property rights are governed by the Intellectual Property Code.
iii Regulated activities
Telecoms activities and related authorisations and licences are regulated under the CPCE.
No specific licences or authorisations are required to become a telecoms operator. Public networks and electronic communication services to the public can be freely established and provided, subject to prior notification to the ARCEP (Articles L32-1 and L33-1 of the CPCE). The ARCEP may register on its own initiative any actor who failed to declare itself.5
The use of RFs, however, requires a licence granted by ARCEP (Article L42-1 of the CPCE). The frequencies allotted to 5G networks are expected to be subject to limited exemptions in order to encourage its deployment upon the transposition of the EECC.
Authorisations and licensing in the media sector are regulated under Law No. 86-1067 of 30 September 1986.
Authorisations for private television and radio broadcasting on the hertz-based terrestrial frequencies are granted by the CSA following bid tenders and subject to the conclusion of an agreement with the CSA. The term of authorisations cannot exceed 10 years in principle, but is subject to extensions and various derogations.6 Broadcasting services that are not subject to the CSA's authorisation – namely, those that are broadcast or distributed through a network that does not use frequencies allocated by the CSA (cable, satellite, ADSL, internet, telephony, etc.) – are nevertheless subject to a standard agreement or a prior declaration.7
iv Ownership and market access restrictions
General regulation of foreign investment
Since the entry into force of Law No. 2004-669 of 9 July 2004, discrimination of non-EU operators is prohibited, and they are subject to the same rights and obligations as EU and national operators.8 However, according to Article L151-1 et seq. of the French Monetary and Financial Code, foreign (EU or non-EU) investment in strategic sectors (such as security, public defence, cryptography or interception of correspondence),9 is subject to a prior authorisation by the French Ministry of Economy. Any transaction concluded without prior authorisation is null and void, and criminal sanctions (imprisonment of up to five years10 and a fine amounting to up to twice the amount of the transaction) are also applicable. The list of sectors subject to prior authorisation has been steadily expanding over the last few years and today include online general press services and activities relating to the integrity, security and continuity of the operation of networks and ECSs.
Specific ownership restrictions applicable to the media sector
French regulations impose media ownership restrictions to preserve media pluralism and competition. Any single individual or legal entity cannot hold, directly or indirectly, more than 49 per cent of the capital or the voting rights of a company that has an authorisation to provide a national terrestrial television service where the average audience for television services (either digital or analogue) exceeds 8 per cent. In addition, any single individual or legal entity that already holds a national terrestrial television service where the average audience for this service exceeds 8 per cent may not, directly or indirectly, hold more than 33 per cent of the capital or voting rights of a company that has an authorisation to provide a local terrestrial television service.11
Regulation of the media sector is currently evolving in reaction to a number of changes in French media ownership. For example, Law No. 2016-1524 of 14 November 2016 requires media outlets to provide yearly information on their capital ownership and governing bodies,12 and reinforces the powers of the CSA over French media governance with the creation of ethics committees.13
Regarding the radio sector, a single person cannot retain networks of which the coverage exceeds 150 million inhabitants or 20 per cent of the aggregated potential audience.14 This regulation is, however, expected to be amended in order to take into account local pluralism challenges.
Further, unless otherwise agreed in international agreements to which France is a party, a foreign national may not acquire shares in a company holding a licence for a radio or television service in France that uses RFs if this acquisition has the effect of raising (directly or indirectly) the share of capital or voting rights owned by foreign nationals to more than 20 per cent.15 In addition, such licence may not be granted to a company in which 20 per cent of the share capital or voting rights is owned (directly or indirectly) by foreign nationals.16 These provisions do not apply to service providers of which at least 80 per cent of the capital or voting rights are held by public radio broadcasters belonging to Council of Europe Member States, and of which at least 20 per cent is owned by one of the public companies mentioned in Article 44 of the Law of 30 September 1986.17 Specific rules restricting cross-media ownership also apply.18
v Transfers of control and assignments
The general French merger control framework applies to the TMT sectors, without prejudice to the above-mentioned ownership restrictions specific to the media sector. Merger control rules are enforced by the FCA.19
Regarding the telecoms and post sectors, the FCA must provide ARCEP with any referrals regarding merger control, and ARCEP can issue a non-binding opinion.20 Companies active in radio or TV are subject to merger control procedures before the FCA, in addition to a non-binding opinion from the CSA.21
Finally, any modification of the capital of companies authorised by the CSA to broadcast TV or radio services on a frequency is subject to the approval of the CSA.22
Telecommunications & internet access
i Internet and internet protocol regulation
Under the CPCE, ECSs other than public voice telephony may be provided freely.23
DSL networks are subject to asymmetrical regulation. Regarding ADSL networks, alternative operators must be provided with direct access to the copper pair infrastructure of France Télécom-Orange, the historical operator, following local loop unbundling.
More generally, ISPs must comply with the provisions of Law No. 2004-575 of 21 June 2004 on Confidence in the Digital Economy governing e-commerce, encryption and liability of technical service providers, as subsequently amended. A liability exemption regime for hosting service providers is also set out by the same law, expressly excluding a general obligation to monitor the information they transmit or store or the obligation to look for facts or circumstances indicating illicit activity. Nevertheless, knowledge that obviously illicit content is stored will trigger the obligation to remove or render inaccessible such content. In that respect, the question of the qualification as 'hosting service provider' is still widely debated before French courts.26 A hosting service provider will benefit from the liability exemption regime if its role is limited to a purely technical, neutral and passive service (e.g., structuring and classifying the content made available to the public to facilitate the use of its service). However, if it plays an active role providing it with knowledge or control of content (e.g., determining or verifying the content published, broadcasted or uploaded), the provider will qualify as a website publisher and would be fully liable for any unlawful or harmful content published, broadcast or uploaded on its website.27
ii Universal service
The EU framework for universal services obligations, which defines universal services as the 'minimum set of services of specified quality to which all end users have access, at an affordable price in the light of specific national conditions, without distorting competition',28 has been implemented by Law No. 96-659 of 26 July 1996 and further strengthened by Law No. 2008-3 of 3 January 2008. Universal service is one of the three components of public service in the telecoms sector in France (the other two being the supply of mandatory services for electronic communications and general interest missions).
Obligations of the operator in charge of universal service are listed in Article L35-1 of the CPCE and fall into two main categories of services:
- telephone services: connection to an affordable public telephone network enabling end users to take charge of voice communications, facsimile communications and data communications at data rates that are sufficient to allow functional internet access and free emergency calls; and
- enquiry and directory services (either in printed or electronic versions).
The transposition of the EECC is expected to extend the coverage of universal services to high-speed internet.
These services must be provided under strictly defined pricing and technical conditions taking into consideration difficulties faced by certain categories of users, such as low income populations, and provide equal access across geographical locations. Following calls for applications (one per category), the Minister in charge of electronic communications designates the operator or operators in charge of the universal service for a period of three years. France Télécom-Orange was designated as such until 2020.29
ARCEP determines the cost of the universal service and, determines the amount of the other operators' contributions to the financing of USOs through a sectoral fund when the provision of USOs represents an excessive burden for the operator in charge. In principle, every operator contributes to the financing, with each contribution being calculated on the basis of the turnover achieved by the operator in its electronic communications activities.30
iii Restrictions on the provision of service
Net neutrality is a growing policy concern in France. From the electronic communications regulator's standpoint, which focuses on the technical and economic conditions of traffic conveyance on the internet, the key question is how much control internet stakeholders can rightfully exert over traffic. This implies examining operators' practices on their networks, as well as their relationships with some content and application providers.
The Digital Republic Law31 introduced the principle of net neutrality into the national legal framework and granted ARCEP with new investigatory and sanctioning powers to ensure compliance (see also Section VI.i).32 In particular, ARCEP is now in charge of implementing net neutrality in accordance with Regulation No. 2015/2120 of 25 November 2015 establishing measures concerning open internet access.33 When ARCEP identifies a risk of infringement by an operator, it can require said operator to comply ahead of time. The Digital Republic Law also reinforces the conditions under which the Minister in charge of electronic communications and ARCEP can conduct an investigation.34
ARCEP has been taking on a more active role regarding net neutrality since the adoption of the Digital Republic Law. For example, ARCEP has been publishing an annual report on the state of the internet in France, identifying various threats that could undermine the internet's proper functioning and neutrality, and setting out the regulator's actions to contain these threats. The most recent issue addresses data interconnection, transition to IPv6,35 the quality of fixed internet access, net neutrality, open platforms and the environmental impact of networks.36
Pursuant to the Law of 21 June 2004, ISPs have a purely technical role regarding content, and do not have a general obligation to review the content they transmit or store. Nevertheless, when informed of unlawful information or activity, they must take prompt action to withdraw the relevant content, failing which their civil liability may be sought.
Since 2009, HADOPI has been competent to address theft and piracy matters, intervening when requested by regularly constituted bodies for professional defence that are entitled to institute legal proceedings to defend the interests entrusted to them under their statutes (e.g., SACEM) or by the public prosecutor. After several formal notices to an offender, the procedure may result in a €1,500 fine.37
Finally, French e-consumers benefit from consumer law provisions and specific regulations. In particular, they are protected against certain unsolicited communications via email if their consent has not been obtained prior to the use of their personal data.38 Moreover, consumers must be provided with effective means for requesting the cessation of unsolicited communications.39 In addition, Article L223-1 of the French Consumer Code provides for the implementation of an opposition list on which any consumer can add his or her name in order to refuse advertising material.40 All telephone operators also have the obligation to offer their users the possibility to register on an opposition list.41 With regard to phone-based advertising, the Bloctel service has been implemented since 1 June 2016 to prevent unsolicited communications to consumers registered on an opposition list.42
iv Privacy and data security
Substantial changes in the legal framework regarding security in telecommunications have been made in the past few years.
Law No. 91-646 of 10 July 1991 concerning the secrecy of electronic communications, now codified in the Internal Security Code, provides that the Prime Minister may exceptionally authorise, for a maximum period of four months (renewable only upon a new decision), the interception of electronic communications in order to collect information relating to the defence of the nation or the safeguarding of elements that are key to France's scientific or economic capacity. In addition, pursuant to Law No. 2015-912 of 24 July 2015 (new Article L851-3 of the Internal Security Code) and only for the purpose of preventing terrorism, the Prime Minister may impose on providers of electronic communication services the obligation to implement an automated data-processing system for a maximum period of two months (renewable only upon a new decision) with the aim of detecting connections likely to reveal a terrorist threat. Article L851-2 of the Internal Security Code as amended by Law No. 2016-987 of 21 July 2016 provides that the administration is authorised, for prevention of terrorism, to collect real time connection data concerning pre-identified individuals likely to be connected to a terrorist threat.43
Further, Law No. 2013-1168 on Military Programming (LPM) introduced a new chapter in the Internal Security Code relating to administrative access to data connection, including real-time geolocation.44 This regime, which entered into force on 1 January 2015,45 authorises the collection of 'information or documents' from operators as opposed to the collection of simply 'technical data' without judicial control. Requests for implementing such measures are submitted by designated administrative agents to a 'chosen personality' appointed by the National Commission for the Control of Security Interceptions (CNCIS) upon the proposal of the Prime Minister. CNCIS is in charge of controlling (a posteriori) administrative agents' requests for using geolocation measures in the course of their investigation. The Minister for Internal Security, the Defence Minister and the Finance Minister can also issue direct requests for the implementation of real-time geolocation measures to the Prime Minister who, in this case, will directly grant authorisations.
Law No. 2014-1353 of 13 November 2014, implemented by Decree No. 2015-174 of 13 February 2015, also entitles the administrative authorities to request ISPs to prevent access to websites supporting terrorist ideologies or projects.46 Additionally, laws linked to the state of emergency created extraordinary means of data search and seizure and expanded the provisions of Law No. 2014-1353.
In the context of the terrorism threat, the French legislator has amended the Criminal Proceedings Code to tackle organised crimes such as terrorism acts.47 Law No. 2016-731 of 3 June 201648 allows police officers, with the authorisation and under the control of a judge, to access, remotely and without consent, the correspondences stored in electronic communications available through identification.49 Police officers can also be authorised, by a judge and under his or her control, to use a technical method, such as an international mobile subscriber identity-catcher, to collect technical connection data to identify terminal equipment or users' subscription numbers as well as data regarding the location of the terminal equipment used.50 This Law also extended existing investigating powers to all organised crimes, such as the real-time collection of computer data without consent, in the context of both preliminary investigations and investigations of flagrancy.51
In addition to the general rules applicable to the protection of personal data laid down in the 1978 Data Protection Law, the CPCE provides specific rules pursuant to which operators must delete or preserve the anonymity of any traffic data relating to a communication as soon as it is complete.52 Exceptions are provided, in particular for the prevention of terrorism and in the pursuit of criminal offences.
Unauthorised access to automated data-processing systems is prohibited by Articles 323-1 to 323-7 of the French Penal Code. In addition, with regard to cyberattacks, Law No. 2011-267 on Performance Guidance for the Police and Security Services (LOPPSI 2) introduced a new offence of online identity theft in Article 226-4-1 of the French Penal Code and empowers police officers, upon judicial authorisation and only for a limited period, to install software in order to observe, collect, record, save and transmit all the content displayed on a computer's screen. This facilitates the detection of infringements, the collection of evidence and the search for criminal activities by facilitating the creation of police files and coordination. The National Agency for the Security of Information Systems (ANSSI), a branch of the Secretariat-General for Defence and National Security created in 2009, is in charge of cybersecurity threats.53
Morevover, LOPPSI 2 increases the instances where authorities may set up, transfer and record images on public roads, premises or facilities open to the public in order to protect the rights and freedom of individuals,54 and recognises that the CNIL has jurisdiction over the control of video protection systems.55
With regard to the detection of cyberattacks, Law No. 2018-607 of 13 July 201856 created Article L33-14 of the CPCE that involves operators in the detection of cyberattacks. Pursuant to this article, electronic communications operators are entitled to use technical markers such as IP addresses to detect or prevent any potential threat that may affect the security of information systems of their subscribers. In this case, operators shall inform the ANSSI without delay.
With regard to the protection of children online, Article 45 of the 1978 Data Protection Law requires that clear information be provided to minors, using terms that are adapted to their age. Adequate vigilance and warning systems shall also be implemented (e.g., awareness messages, age gates with reliable controls, possibility of parental supervision, etc.). Regarding consent, specific rules apply in France. The age of a child's consent in relation to the offer of information society services is 15 years old (whereas it is, by default, 16 years old under Article 8 of the GDPR). Children under 15 years old may only give their consent after being duly authorised to do so by the holder of parental rights. The lawfulness of the processing activity, therefore, requires a double consent: that of the minor as well as that of the holder of parental rights.57
In terms of personal data protection, obligations were reinforced with the entry into application of the GDPR.58 The CNIL published in 2018 a new guide on the security of personal data, recalling basic precautions to be implemented systematically and providing risk management methodologies.59
v The implementation of the Network and Information Security Directive
With regard to cybersecurity, the Network and Information Security Directive (NISD)60 has been implemented into French law by Law No. 2018-133 of 26 February 2018 and Decree No. 2018-384 of 23 May 2018. This framework imposes an obligation in terms of security of network and information systems on two categories of entities: (1) the operators of essential services (OESs) and (2) digital service providers (DSPs).
The categories of services considered as essential services are listed in the appendix of Decree No. 2018-384 (e.g., payment services, insurance, services involving preventive medicine, diagnosis and healthcare, distribution of electricity and gas). The Prime Minister can designate operators as an OES if they provide at least one of the enumerated services.61 The operator is notified of the Prime Minister's intent to designate it as an OES and can formulate observations.62
DSPs are providers of cloud, online marketplace and search engine services normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services.63
Nevertheless, the French implementing law excludes from its scope certain types of entities already subject to information system security regulations, such as operators for their activities related to the operation of ECNs or the provision of ECSs and providers of trust services for electronic transactions subject to Article 19 of Regulation 910/2014 dated 23 July 2014.64
Both OESs and DSPs shall appoint a representative in charge of the contact with the ANSSI.65 For DSPs, this representative acts in the name of the provider for compliance with its obligations set forth of the NSID framework.66 DSPs shall keep an updated list of all networks and information systems necessary for the provision of their services within the European Union.67
OESs must comply with security measures defined in the Order of 14 September 2018 adopted for its implementation.68 DSPs shall ensure, based on the state of art, a level of security for all networks and information systems necessary for the provision of their services within the European Union appropriate to the existing risks.69 DSPs shall refer to Article 2 of the Commission Implementing Regulation of 30 January 2018 for the security measures that should be implemented.70 Documents attesting to this implementation should be made available to the ANSSI in case of control.71
Both OESs and DSPs shall report to the ANSSI, without delay, after becoming aware of any incident affecting networks and information systems that has or is likely to have a significant impact on the continuity of services.72
The management of the entire French RF spectrum is entrusted to a state agency, the National Frequencies Agency. It apportions the available radio spectrum, the allocation of which is administered by governmental administrations (e.g., those of civil aviation, defence, space, the interior) and independent authorities (ARCEP and the CSA) (see Section II).
ii Flexible spectrum use
The trend towards greater flexibility in spectrum use is facilitated in France by the ability of operators to trade frequency licences, as introduced by Law No. 2004-669 of 9 July 2004.75
The general terms of spectrum licence trading are defined by Decree No. 2006-1016 of 11 August 2006, and the list of frequency bands the licences of which could be traded are laid down by a Ministerial Order of 11 August 2006. A frequency database that provides information regarding the terms for spectrum trading in the different frequency brands open in the secondary market is publicly accessible. A spectrum licence holder may transfer all of its rights and obligations to a third party for the entire remainder of the licence (full transfer) or only a portion of its rights and obligations contained in the licence (e.g., geographical region or frequencies). The transfer of frequency licences is subject either to the prior approval of or notification to ARCEP, which may refuse such assignment. 76 Another option available for operators is spectrum leasing, whereby the licence holder makes frequencies fully or partially available for a third party to operate. Unlike in a sale, the original licence holder remains entirely responsible for complying with the obligations attached to the frequency licence. All frequency-leasing operations require the prior approval of ARCEP.
iii Broadband and next-generation mobile spectrum use
Spectrum in the 800MHz and 2.6GHz bands was allocated for the deployment of the ultra-high-speed 4G mobile network: in that respect, licences for the 2.6GHz frequency were awarded to Bouygues Telecom, Free Mobile, Orange France and SFR in September 2011,77 and in December 2011, licences for the 800MHz were awarded to the same operators except Free Mobile,78 which has instead been granted roaming rights in priority roll-out areas. New spectrum in the 700 and 800MHz bands was transferred in December 2015 to promote better network capacities in areas with low population density. The French government launched a call for applications, to be sent before 2 October 2018, in order to reassign the 900MHz, 1,800MHz and 2.1GHz bands, whose authorisations will expire between 2021 and 2024.79 As a result of an agreement reached between ARCEP, the French government and operators on 14 January 2018, the reassignment procedure will take into account operators' stated commitments to improve voice and data coverage in all territories, making regional development targets a priority.
On 16 June 2017, ARCEP had authorised Bouygues Telecom and SFR to deploy 4G networks in the 2.1GHz band, historically used by French mobile operators' 3G networks, to improve 4G speeds.80
Additionally, under ARCEP supervision, 5G deployment is being prepared, with network coverage estimated to begin in 2020. The European Union's public–private partnership between the European Commission and telecom industries, the 5G-PPP, which was launched on 1 July 2015, provides a framework for national 5G development. On 30 September 2015, ARCEP gave Orange authorisation to conduct initial tests for 5G in the city of Belfort until the end of 2016. The authorisation delivered to Orange tests three formerly unused spectrum ranges, namely the 3,600–3,800MHz, 10,500–10,625MHz and 17,300–17,425MHz frequencies.81 On 16 July 2018, the French government officially launched its 5G roadmap.82 Three main goals have been announced: (1) launching of several 5G pilot programmes in various regions; (2) allocation of new 5G frequencies and ensuring a commercial rollout in at least one major city by 2020; and (3) provision of 5G coverage for main transport routes by 2025. Additionally, four main working areas have been identified: (1) free-up and attribute RFs for the 5G network; (2) foster the development of new industrial uses; (3) accompany the deployment of 5G infrastructures; and (4) ensure transparency and dialogue on 5G deployments and the exposure of the public.
On 15 July 2019, ARCEP launched a public consultation in connection with its draft procedure for awarding licences to use frequencies in the 3,490–3,800MHz band, followed by the launch of the allocation procedure in late 2019.83 As of April 2020, Bouygues Telecom, Free Mobile, Orange and SFR had qualified to participate in the auction for allocation of frequencies.84 The auction for the award of 3,490–3,800MHz band was closed on 1 October 2020.85
iv Spectrum auctions and fees
Spectrum auctions in the case of scarce resources
Pursuant to Article L42-2 of the CPCE, when scarce resources such as RF are at stake, ARCEP may decide to limit the number of licences, either through a call for applications or by auction. The government sets the terms and conditions governing the selection procedures, which have always been in the form of calls for applications to date.
Pursuant to Articles R20-31 to R20-44 of the CPCE, licensed operators contribute to the financing of the universal services.
Media are, in particular, subject to certain content requirements and restrictions.
i Content requirements
At least 60 per cent of the audiovisual works and films broadcast by licensed television broadcasters must have been produced in the EU, and 40 per cent must have been produced originally in French.86
Private radio broadcasters must, in principle, dedicate at least 40 per cent of their musical programmes to French music.87
In addition, pursuant to Law No. 2014-873 of 4 August 2014 for genuine equality between women and men, audiovisual programmes have the duty to ensure fair representation of both women and men. Furthermore, audiovisual programmes and radio broadcasters must combat sexism by broadcasting specific programmes in this respect.88
Law No. 2018-1202 of 22 December 201889 with regard to 'fake news' suggests several measures to limit the impact of false information on the public election process. For instance, Article 11 of the Law provides that certain operators of online platforms – in the context of public elections – should implement measures to combat the broadcasting of false information likely to disturb public order or alter polls' reliability. Operators must implement easily accessible and visible systems that will allow users to report such false information, including when they are financed by third parties.
Decree No. 2020-984 dated 5 August 2020 relaxed certain rules regarding the broadcast of films, increasing the maximum number of hours allotted per year.
Advertising in television broadcasting is subject to strict regulations in France.90 In particular, advertising must not disrupt the integrity of a film or programme, with at least 20 minutes between two advertising slots. Films may not be interrupted by advertising that lasts more than six minutes.
Rules governing advertisements are stricter on public channels. In particular, since 2009, advertising is banned on public service broadcasting channels from 8pm to 6am. This prohibition does not, however, concern general-interest messages, generic advertising (for the consumption of fruits, dairy products, etc.) or sponsorships.
In addition, some products are prohibited from being advertised, such as alcoholic beverages above a certain level of alcohol or tobacco products.
Media owners are also subject to transparency requirements in order to protect advertisers of digital advertisement. According to Article 2 of the Decree No. 2017-159 dated 9 February 2017, media owners have to provide advertisers with the date and place of diffusion of the advertisements; the global price of the advertising campaign; and the unitary price charged for each advertising space.
Decree No. 2020-983 dated 5 August 2020 introduced a relaxation of certain rules regarding publicity by authorising segmented advertisement and advertisement for the movie industry on television.
iii Online representation of content
The Copyright Directive 2019/790 came into force on 7 June 2019. The Directive is part of a wider strategy to reform the laws relating to digital marketing, e-commerce and telecommunications, to bring the EU into the digital age and achieve greater harmonisation of the laws governing these areas. Member States have until 7 June 2021 to transpose the Directive into national law.91
France became the first Member State to transpose Article 15 of the Copyright Directive by the Law of 24 July 2019, creating a neighbouring right to the benefit of press publishers and news agencies for the online reproduction and representation of their publications by an online communication service provider.92
It introduces new provisions under the French Intellectual Property Code by implementing an obligation to obtain an authorisation from publishers of online news services or news agencies before any reproduction or communication to the public of all or part of their press publications in a digital form by an online communication service provider. These rights will expire two years after the press publication is published, a term calculated from 1 January of the year following the date on which that press publication is published.
Press publishers and news agencies shall be granted compensation by online communication service providers using all or part of a press publication based on the exploitation revenues of any kind, direct or indirect, of the said communication service provider and if not possible on a flat-rate basis. The Law specifies that such compensation shall take into account quantitative and qualitative elements such as 'human, material and financial investments made by publishers and news agencies', as well as 'the contribution of press publications to political and general information and the importance of the use of press publications by an online communication service to the public'.
Finally, the Law has duly included the exceptions to such neighbouring right that relate to: hypertext links, the use of isolated words and the use of 'very short extracts' of a press publication and outlines that the use of isolated words or very short extracts may not impact the effectiveness of the new neighbouring right and that this effectiveness is 'notably affected when the use of very short extracts replaces the press publication itself or exempts the reader from referring to it'.
The year in review
i The transposition of the European Electronic Communications Code and the Audiovisual Media Services Directive
A legislative bill transposing both the EECC and the AMSD is currently being debated before the National Assembly.93 According to the proposed bill, major revisions required under the EECC, such as the regulation of OTT services, new consumer protection obligations to be imposed on electronic communications providers, as well as those required under the AMSD, such as the regulation of online video platforms and the investigatory powers of the CSA, are to be adopted through ordinance.94 The same bill, however, aims to directly transpose requirements regarding the expansion of universal services to cover high-speed internet access and voice services.95
ii Hate speech regulations
Following the adoption of Law No. 2018-1202 of 22 December 201896 with regard to 'fake news', another law regarding content regulation, Law No. 2020-766 of 24 June 2020 regarding hateful content on the internet has been enacted. Law No. 2020-1202 created additional obligations for platform operators to delete child pornography and terrorist content within one hour when notified by the relevant authority, and to delete any hateful content that is 'obviously illicit' within 24 hours when notified by any end user. However, these obligations were found to be unconstitutional and invalidated by the French Constitutional Court.97
iii Additional GDPR sanctions
On 21 January 2019 the CNIL imposed a €50 million fine on Google LLC for breach of its transparency and information obligations and lack of legal basis for the processing of targeted advertising.98
This decision was appealed by Google, but subsequently confirmed by the French Supreme Administrative Court.99
The CNIL continues to act as an active regulatory authority, and has recently imposed its first sanction as a lead supervisory authority (Article 60 of the GDPR) in July 2020.100
iv The CNIL's new guidance on cookies
On 4 July 2019, the CNIL published new guidance on cookies providing general requirements for obtaining valid consent to the placement of cookies and other tracking devices.101 This guidance was partially struck down by the French Supreme Administrative Court,102 prompting the adoption of amended guidelines and new recommendations.103
The modified guidance largely reiterates the data protection principles already applied by the CNIL on previous occasions. Organisations shall not place cookies or process personal data obtained through them unless users have previously positively accepted the placement in a free, specific, informed and unambiguous manner, in line with the definition and conditions of Articles 4(11) and 7 of the GDPR, and withdrawal of consent must be as easy as giving consent.
'Cookie walls' as well as whether audience management cookies or performance cookies may be exempted from the opt-in consent requirement are now subject to a case-by-case review. The CNIL also recommends operators give users the opportunity to periodically renew their consent, for example, every six months.
Further clarifications on information obligations are provided in the new guidance documents. The identity of every third-party cookie provider must now be communicated to users, as well as greater details regarding the cookies' functionalities.
The CNIL announced that website providers will have until March 2021 to comply with the new guidelines.
v The implementation of Article 15 of the Copyright Directive under French law
The saga surrounding the implementation of Article 15 of the Copyright Directive under French law continues. As the national law did not prohibit the assignment of a licence free of cost, Google decided to withdraw longer displays of copyrighted content unless the rights holders agreed to give free authorisation. In April 2020, the FCA ordered Google to enter into good faith negotiations with publishers to decide on remuneration for the display of copyrighted content in Google News or Search.104 Google lodged an appeal before the Paris Court of Appeal, which confirmed the FCA's order in a decision dated October 2020.
vi The creation of a national Pole of Expertise on Digital Regulation (PEReN)
On 31 August 2020, the creation of a national Pole of Expertise on Digital Regulation (PEReN) was announced.105 The PEReN will be in charge of providing expertise regarding the regulation of digital platforms, in particular regarding the technical aspects including data analysis, data sharing, algorithmic processing and data science.
Conclusions and outlook
With the national transposition of the EECC and the AMSD still underway and the unsettled questions surrounding the Digital Services Act remaining at the European Parliament, significant changes are expected in the French TMT regulatory framework in the year to come. The inclusion of the OTT services under the telecommunications regulations, new regulations regarding platforms, and implementation of provisions transposing the Copyright Directive are only few of the moving pieces that can have a large impact on the legal landscape. Content regulation and the reshuffling of regulatory authorities are two other areas that should also be closely monitored.
1 Myria Saarinen and Jean-Luc Juhan are partners at Latham & Watkins. This chapter was written with contributions from trainee Alex Park.
2 Directive (EU) 2018/1972 of the European Parliament and of the Council of 11 December 2018 establishing the European Electronic Communications Code (Recast) Text with EEA relevance.
3 Directive (EU) 2018/1808 of the European Parliament and of the Council of 14 November 2018 amending Directive 2010/13/EU on the coordination of certain provisions laid down by law, regulation or administrative action in Member States concerning the provision of audiovisual media services (Audiovisual Media Services Directive) in view of changing market realities.
4 Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
5 Article L33-1 I of the CPCE.
6 See Articles 28 to 32 of the Law of 30 September 1986, which determine the CSA's allocation procedures.
7 Articles 33 to 34-5 of the Law of 30 September 1986.
8 Article L33-1 III of the CPCE.
9 Article R151-3 of the French Monetary and Financial Code.
10 Article L165-1 of the French Monetary and Financial Code.
11 Articles 39-I and 39-III of the Law of 30 September 1986.
12 Article 19 of the Law No. 2016-1524 of 14 November 2016.
13 Article 11 of the Law No. 2016-1524 of 14 November 2016.
14 Article 41 of the Law of 30 September 1986.
15 Article 40 of the Law of 30 September 1986.
16 Article 14 of the Law of 14 November 2016.
17 Article 40 of the Law of 30 September 1986.
18 Article 41-1 to 41-2-1 of the Law of 30 September 1986.
19 For recent examples of mergers in the TMT sectors, see, e.g., FCA, Decision No. 17-DCC-76 of 13 June 2017, in which the FCA ruled on the acquisition of Group News Participations by SFR Group.
20 Article L36-10 of the CPCE.
21 Article 41-4 of the Law of 30 September 1986.
22 Article 42-3 of the Law of 30 September 1986.
23 Article L32-1 of the CPCE.
24 Article L33-1 of the CPCE.
25 Article L39 of the CPCE.
26 This issue now seems resolved regarding video-sharing sites: see, for instance, the judgment of the French Supreme Court (Cass., Civ. 1ère, 17 February 2011, No. 09-67896, Joyeux Noël) in which the Supreme Court recognised a simple hosting status for Dailymotion. The Supreme Court ruled that host websites did not have to control a priori the content they host but need to ensure the content is not accessible once it has been reported as illegal (Cass., Civ. 1ère, 12 July 2012, No. 11-15165 and No. 11-15188, Google and Auféminin.com). This issue is still to be debated with respect to online marketplaces such as eBay from which it follows that French courts, which are favouring a very factual analysis of the role of the services provider, will give significant importance to judges' discretion. In that respect, see Cass., Com,. 3 May 2012, No. 11-10.507, Christian Dior Couture, No. 11-10.505, Louis Vuitton Malletier and No. 11-10.508, Parfums Christian Dior, in which the Supreme Court confirmed an earlier decision of the Paris Court of Appeals that did not consider eBay as a 'host provider', and therefore refused to apply the liability-exemption regime. See, in contrast, Brocanteurs v. eBay, Paris Court of Appeals, Pôle 5, ch 1, 4 April 2012, No. 10-00.878, in which second-hand and antique dealers accused eBay of encouraging illegal practices by providing individuals with the means to compete unfairly against professionals, and in which the Paris Court of Appeals considered eBay as a host provider able to benefit from the liability-exemption regime. The Court of Appeals based its decision on the fact that eBay had no knowledge or control of the adverts stored on its site. If the seller was asked to provide certain information, it was for the purpose of ensuring a more secure relationship between its users. The issue is also debated in the context of online forums. The Supreme Court ruled on 3 November 2015 that publishing directors are responsible for 'personal contribution spaces' from the moment they become aware of their content and must be held criminally liable for failing to take down defamatory comments (Cass., Crim., 3 November 2015, No. 13-82645).
27 See judgment of the High Court of Paris, 4 December 2015, Goyard St-Honoré v. LBC France.
28 Article 1(2) of Directive No. 2002/22/EC.
29 See Ministerial Order of 27 November 2017 designating Orange (JORF No. 0282 of 3 December 2017).
30 Article L35-3 of the CPCE.
31 Law No. 2016-1321 of 7 October 2016 for a Digital Republic.
32 Articles 40 to 47 of Digital Republic Law.
33 Article 40 of Digital Republic Law.
34 Article 43 of Digital Republic Law.
35 IPv6 is the most recent version of the Internet Protocol, the communications protocol that provides an identification and location system for computers on networks and routes traffic across the internet. IPv6 has been developed to deal with the issue of IPv4 address exhaustion, and is intended to replace IPv4.
36 2020 report: 'The state of internet in France', ARCEP report, June 2020 (available at https://www.arcep.fr/uploads/tx_gspublication/rapport-etat-internet_edition-2020_250620.pdf).
37 See Articles L331-25, L336-3 and R335-5 of the Intellectual Property Code.
38 See Article L34-5 of the CPCE.
39 See Article L34-5 of the CPCE.
41 The red list service ensures that contact information will not be mentioned on user lists. The orange list service ensures that contact information will not be communicated to corporate entities with the goal of advertisement. The contact information remains available on universal directories made available to the public.
42 See Ministerial Order of 25 February 2016 designating SA Opposetel (JORF No. 0050 of 28 February 2016).
43 Initially, this article provided that the collection could be authorised against the individual's relatives. However, the Constitutional Council, in decision No. 2017-648 QPC of 4 August 2017, censored this provision because it infringes the balance between public security and right to privacy.
44 New Article L246-1 et seq. of the Internal Security Code introduced by Article 20 of the LPM.
45 Article 20 IV of the LPM.
46 See Article 6-1 of Law No. 2004-575 of 21 June 2004 on Confidence in the Digital Economy as introduced by Article 12 of Law No. 2014-1353 of 13 November 2014 reinforcing regulations relating to the fight against terrorism.
47 However, the Constitutional Council established boundaries in the fight against terrorism regarding infringements of the freedom of communication. In Decision No. 2016-611 QPC of 10 February 2017, the Council considered as unconstitutional Article 421-2-5-2 of the French Criminal Code introduced by Law No. 2016-731 of 3 June 2016, which punishes any person who frequently accesses online public communication services conveying messages, images or representations that directly encourage the commission of terrorist acts or defend these acts when this service has the purpose of showing images or representations of these acts that consist of voluntary harm to life.
48 Law No. 2016-731 of 3 June 2016 reinforcing the fight against organised crime and terrorism and their funding, and improving the efficiency and the protection of guarantees of criminal proceedings.
49 Articles 706-95-1 to 706-95-3 of the French Criminal Proceedings Code added by Article 2 of Law No. 2016-731 of 3 June 2016.
50 Articles 706-95-4 to 706-95-10 of the French Criminal Proceedings Code added by Article 3 of Law No. 2016-731 of 3 June 2016.
51 Article 706-102-1 of the French Criminal Proceedings Code amended by Article 5 of the Law No. 2016-731 of 3 June 2016.
52 See Articles L34-1 and D98-5 of the CPCE.
53 See Decree No. 2009-834 of 7 July 2009 as modified by Decree No. 2011-170 of 11 February 2011.
54 See Article L. 251-2 of the French Internal Security Code.
55 See Article L. 253-2 and L. 253-3 of the French Internal Security Code.
56 Law No. 2018-607 of 13 July 2018, Military Planning Law 2019–2025 (LPM).
57 Article 45 of the 1978 Data Protection Law.
58 See Article 32 of the GDPR.
60 Directive No. 2016/1148 of 6 July 2016.
61 Article 3 of Decree No. 2018-384 dated 23 May 2018.
62 Article 3 of Decree No. 2018-384 dated 23 May 2018.
63 Article 10 of Law No. 2018-133 of 26 February 2018.
64 Article 2 of Law No. 2018-133 of 26 February 2018.
65 Articles 5 and 16 of Decree No. 2018-384 dated 23 May 2018.
66 Article 16 of Decree No. 2018-384 dated 23 May 2018.
67 Article 17 of Decree No. 2018-384 dated 23 May 2018.
68 Article 10 of Decree No. 2018-384 dated 23 May 2018.
69 Article 12 of Law No. 2018-133 of 26 February 2018.
70 Article 18 of Decree No. 2018-384 dated 23 May 2018.
71 Article 19 of Decree No. 2018-384 dated 23 May 2018.
72 Articles 7 and 13 of Law No. 2018-133; Articles 11, 12, 20 and 21 of Decree No. 2018-384 dated 23 May 2018.
73 Article 9 of Law No. 2018-133 of 26 February 2018.
74 Article 15 of Law No. 2018-133 of 26 February 2018.
75 Article L42-3 of the CPCE.
76 Article R20-44-9-2 et seq, of the CPCE.
77 ARCEP, Decision No. 2011-1080 of 22 September 2011.
78 ARCEP, Decision No. 2011-1510 of 22 December 2011.
79 See ARCEP press release of 2 August 2018.
80 ARCEP, Decisions No. 2017-0734 (Bouygues Telecom) and No. 2017-0735 (SFR) of 13 June 2017.
81 See ARCEP press release of 30 September 2015.
83 See ARCEP Draft Decision of 15 July 2019 proposing the procedure for awarding the 3,490–3,800MHz band in Metropolitan France.
84 See ARCEP press release of 2 April 2020.
85 See ARCEP press release of 1 October 2020.
86 Articles 7 and 13 of Decree No. 90-66 of 17 January 1990.
87 Article 28 2°-bis of the Law of 30 September 1986.
88 Article 56 of the Law of 4 August 2014.
89 Law No. 2018-1202 of 22 December 2018 regarding the fight against the manipulation of information.
90 Decree No. 92-280 of 27 March 1992.
91 Directive 2019/790 of 17 April 2019 on copyright and related rights in the Digital Single Market.
92 Law No. 2019-775 of 24 July 2019.
93 Bill including various provisions for the application of the law of the European Union in economic and financial matters (ECOM1935457L).
94 ibid., Articles 24 ter and 26.
95 ibid., Article 27.
96 Law No. 2018-1202 of 22 December 2018 regarding the fight against the manipulation of information.
97 Cons. Const. 18 June 2020, No. 2020-801.
98 CNIL Decision No. SAN - 2019-001 of 21 January 2019 imposing a pecuniary sanction against GOOGLE LLC.
99 Conseil d'Etat, 19 June 2020, req. No. 430810.
100 CNIL decision No. SAN – 2020-003 of 28 July 2020 regarding SARTOO SAS corporation.
101 CNIL decision No. 2019-093 of 4 July 2019 adopting guidelines on the application of Article 82 of the amended law dated 6 January 1978 to the reading or writing operations in a user's terminal (in particular cookies and other tracking devices) (corrigendum).
102 Conseil d'Etat, 19 June 2020, req. No. 434684.
103 CNIL decision No. 2020-091 of 17 September 2020 adopting guidelines on the application of Article 82 of the amended law dated 6 January 1978 modified to the reading or writing operations in a user's terminal (in particular cookies and other tracking devices) and abrogating decision No. 2019-093 of 4 July 2019; CNIL decision No. 2020-092 of 17 September 2020 adopting a recommendation proposing the practical modalities of compliance for the use of 'cookies and other tracking devices'.
104 FCP decision 20-MC-01 of 9 April 2020 on requests for interim measures by the Syndicat des éditeurs de la presse magazine, the Alliance de la presse d'information générale and others and Agence France-Presse.
105 Décret No. 2020-1102 du 31 août 2020 portant création d'un service à compétence nationale dénommé 'Pôle d'expertise de la régulation numérique' (PEReN)