More than twenty Internet companies conducting business in France have put their names behind a complaint brought to France’s State Council by the French Association of Internet Community Services (ASIC). At issue is a new French law that mandates the companies retain customer information—including name, address, phone numbers, email addresses, as well as usage records and passwords—for a year. The idea behind that law is to keep the data available in the event there is ever a police, security, or governmental inquiry that required it: causes could range from trying to root out terrorists to settling customs, tax, copyright, or social security inquiries.
Internet giants like Google, Facebook, eBay, and DailyMotion have signed on to the complaint. France enacted the legislation on its own, independent of the European Union. The requirement that service providers supply accounts passwords in response to government inquiries may be unique in the world.
ASIC’s action aims to have to law overturned.
Collection and retention of personal data has any number of privacy and security implications. Since the record-keeping requirements of the French law include passwords, the retention requirements could be even more problematic: in the event of a security breach, perpetrators could potentially get full access to millions of everyday Internet users’ accounts, including not just email and social networking, but banking and online commerce too.
The companies also warn the law coul dissuade Internet companies from conducting business in France
Ironically, Google itself has been fined by France for privacy violations surrounding its Street View mapping service.