The French Adaptation of the GDPR, by Olivia Tambou

See the final book of this conference :

On 14 May 2018, the Assemblée Nationale adopted the new Personal Data Protection Act1 (hereinafter NDPA), which adapts the French law to the General Data Protection Regulation (GDPR). The NDPA is the second most important reform of the Act n°78-17. Nevertheless, at the time of writing, the NDPA has not yet entered into force because sixty senators referred it to the Constitutional Council (hereinafter CC), arguing that it was not conform to French constitutional law. Thus, it is possible that France might need to review some elements of its NDPA. This paper gives a brief presentation of the accelerated adoption of the NPDA in a first part. It presents an overview of the formal French approach to the adaptation of the GDPR in the second part. The third part gives a first assessment of the NDPA by highlighting that the
French Government has used its margin of manoeuvre moderately. In so far, the French Bill respects the
rationale of the GDPR reform. The fourth part details some specific illustrations on the most disputed points during the adoption.

to read more download the paper on French Adataption of the GDPR.


I- Introduction

II- The accelerated adoption of the New Data Protection Act

III- French Formal Approach of the National Adaptation of the GDPR

IV- Respect of the Rationale of the GDPR

A- Strengthening the CNIL

B- Moderate Uses of Margin of Manoeuvre

1. Limitation of the Priori Formalities

2. Provision on the Law Applicable in Cross-Corder Cases

3. A Derogation for the Communication of Personal Data Breach

IV- Most Disputed Topics Regarding the Adoption of the New Data Protection Act

A- The Uses of the Openings Clauses in the Context of the Algoritimic Decision

1. General Legal Framework for the Implementation of Individual Decisions Solely Based on Automated Processing

2. A Legal Basis for a Systematic Use of Administrative Individual Decisions Solely Based on Automated Processing

B- The Impact of the GDPR on Specific Situations

1. The need to Consider the Protection of the Child

2.  The Local and Regional Entities Concerns

C- The « Qwant » Amendment

D- The Introduction of a Collective Action For Damage

E- The Processing of Personal Data Relating to Criminal Convictions and Offences

IV- Conclusion


Olivia Tambou is is Associate Professor at the Paris-Dauphine University specialized in European Law. She has been lecturing in French and foreigner Universities for more than 20 years. Her current research interest is the effectiveness of the European Data protection Law. She wrote several articles on the General Data Protection Regulation (GDPR) about certification, remedies, profiling and the de-listing right. She is a contributor of the comparative section of the European Data Protection Law (EDPL) regarding data protection issues in France . She is also the editor of blogdroiteuropeen and of its Open Acess Book Collection see here The Right to Be Forgotten in Europe and Beyond

To see all the contributions of the e-conference on National Adataptions of the GDPR click HERE


TO BE FOLLOWED ON MONDAY 12H30 FRENCH TIME 11:30 GTM with a post on Winds of Change Blow across Health Data in France, by Vlad Titerlea


Votre commentaire

Entrez vos coordonnées ci-dessous ou cliquez sur une icône pour vous connecter:


Vous commentez à l’aide de votre compte Déconnexion /  Changer )

Photo Facebook

Vous commentez à l’aide de votre compte Facebook. Déconnexion /  Changer )

Connexion à %s

Ce site utilise Akismet pour réduire les indésirables. En savoir plus sur la façon dont les données de vos commentaires sont traitées.