VPNs available in France
Information about French VPNs
What is a VPN for France?
A VPN for France is a service that gives all French citizens the ability to encrypt their digital communications and increase their online privacy with the touch of a single button, with barely any tech knowledge required.
We haven’t tested any servers in France just yet, but k now there are plans in the works to test more than 100+ locations worldwide with France leading on that front!
Why Use a VPN in France?
Of all the modern Western democracies connected to the internet today, France takes the cake as having one of the oldest privacy laws still in use on the books today. Law No. 78-17, as it’s known, was passed all the way back in 1978, and provides blanket protection against the gathering of “sensitive data” on any persons or businesses without a legal warrant.
That said, with so many new technologies that have been introduced in that time, it’s now up to the French Parliament to parse what is or isn’t technically considered “data”, and many ISPs and businesses local to the region have fought long and complicated legal battles in order to make distinctions in this gray area of information gathering.
Luckily the new GDPR regulation will modernize much of France’s privacy sector, and bring all the different legislative loopholes back up to code once it goes into effect this year. Here is a brief overview on the new language that will be used to change how France handles the data privacy of its citizens in 2018:
“I. CNIL’s New Powers
1. Encryption and Anonymization
- The French DPA (the “CNIL”) is charged with overseeing and promoting the development of encryption technologies. Furthermore, it may create, approve or publish anonymization standards.
- Interestingly, the Act’s emphasis on security was complemented by industry efforts, as demonstrated by a recent agreement of French telecom operators pertaining to the use of encryption for the storage of electronic communications.
- The CNIL may issue financial sanctions of up to 3 Million Euro for infringements of the French Data Protection Act. It is expected that this limit will be raised to 20 Million Euro when the GDPR is fully implemented in France.
- Importantly, the Act implements the provisions of the GDPR pertaining to the criteria DPAs may take into account in determining sanctions. More specifically, under the Act, the CNIL may take into account (i) the intentional or negligent character of the infringement, (ii) measures adopted to mitigate the damage to the individuals, (iii) the extent to which the infringer has cooperated with the CNIL, (iv) the categories of personal data affected by the infringement, and (v) the manner in which the infringement became known to the CNIL.
- The procedure for the issuing of sanctions under the French Data Protection Act has been slightly modified, as companies may be sanctioned without the prior issuance of an injunction in cases where the infringement may not be remedied. Such cases will most likely be specified in the upcoming implementing Decrees.
3. Cooperation with Other DPAs
- The CNIL may audit companies on behalf of a DPA from a country outside the EU which offers an equivalent level of data protection. The CNIL must enter into an agreement with the DPA which defines the terms of the collaboration.
II. New Rights for Individuals
1. Right of Self-Determination
- The Act provides that any individual has the right to decide and control the use of his or her personal data. In its comment on the Act, the CNIL highlighted that this provision is inspired by the German constitutional right of informational self-determination.
2. Right of Access and Rectification
- The Act does not significantly modify the procedure for individuals to access or rectify their personal data. The Act makes it clear, however, that where the data is collected through electronic means, individuals are entitled to make an electronic request in relation to access, rectification or erasure of their personal data.
3. Right to be Forgotten
- An individual has a right to obtain the erasure of personal data if the data was collected (i) in the context of an information service, (ii) and he or she was a minor at the time of collection.
- Companies must implement this right within one month following a specific request for erasure. In addition, they must take reasonable efforts to inform data controllers to whom they have disclosed the data of the request for erasure.
- Specific exceptions may apply, including where a company needs the personal data for compliance with a legal obligation or litigation purposes.
4. Data Portability
- The Act does not introduce provisions on data portability into the French Data Protection Act. Rather, it modifies the French Consumer Code to provide for data portability and makes a clear reference to the direct application of the GDPR’s provisions on data portability. Those provisions will only enter into force as of May 2018.
- Consumers have a right to “retrieve” the entirety of their personal data in the systems of online communication service providers.
- More specifically, online communication service providers must implement a feature by which consumers may obtain (i) files that have been published online, (ii) data which users may access on their profiles, and (iii) other types of personal data associated with a user account. In determining whether such other types of personal data are subject to the data portability right account will be taken of whether the data is necessary for the migration of the data to another online service provider, as well as the economic impact of the concerned services, the intensity of the competition between the providers, and other financial considerations.
- The right to data portability is not absolute, and may be limited if for instance portability interferes with the protection of business secrets, intellectual and industrial property, or if the data constitutes a “significant enrichment” for the provider from which the data are being transferred. The conditions establishing such “significant enrichment” will be defined in a Decree.
5. Notice Requirements
- The Act adds new notice elements in line with the GDPR. More specifically, privacy notices must indicate applicable data retention periods, or where it is not possible to define a specific period, the criteria used to determine such periods.
- A specific provision – which constitutes a particularity of French law – requires that notices clarify that individuals are entitled to give instructions regarding the handling of their personal data after their death."
Is it Legal to Use a VPN in France?
100%! That in mind, it’s important to remember that France is one of the many countries currently belonging to what is known as the “14 Eyes” surveillance collective. This means that even though French nationals are within their rights to use a VPN, they should be careful when selecting any VPN providers that are based out of France or any other countries that belong to the 14 Eyes.
This is because as a member of the 14 Eyes, France is allowed to share data or get data shared with them on anyone using privacy services based in any of the 14 countries that are a part of the agreement. But, as long as you keep both the provider you subscribe to and the servers you connect to outside of those boundaries, your data will remain completely protected while browsing from a VPN in France!