The General Data Protection Regulation (GDPR) will enter into force on 25 May 2018. In light of the urgency to adapt Law no. 78-17 dated 6 January 1978 to the new European Union law, the French Government has initiated an accelerated procedure. This procedure led to the adoption in final reading by the French National Assembly of the bill on personal data protection on 14 May 2018. However, some French Senators lodged a constitutional complaint against the said law on 16 May 2018.
The bill on personal data protection aims to adapt the “French Data Protection” Act to the new legal framework called “European data protection package” made of the GDPR and the directive on the processing of personal data implemented in police and judicial matters.
In various fields (notably in the field of medical research), the GDPR has provided a “margin of manoeuvre” for Member States, which have to specify certain provisions, arrange derogations or, on the contrary, strengthen safeguards already provided for by European law.
The bill was adopted by the French National Assembly in final reading on 14 May 2018 and plans an entry into force of the new provisions for 25 May 2018.
On 16 May 2018, some French Senators applied to the French Constitutional Council under Article 61(2) of the French Constitution. They argue that the referred law would, notably, disregard the objective of accessibility and intelligibility of the law and that it would infringe the principle of equality. The French Constitutional Council shall give a decision within a month from the date of referral, unless the French Government asks for the procedure to be accelerated.