REGISTRATION DOCUMENT AND FINANCIAL REPORT - Iliad
REGISTRATION DOCUMENT AND FINANCIAL REPORT - Iliad
REGISTRATION DOCUMENT AND FINANCIAL REPORT - Iliad
- TAGS
- registration
- iliad
- iliad.fr
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
6. OVERVIEW OF THE GROUP’S BUSINESS<br />
6.6 REGULATORY SITUATION<br />
The Group makes access to Free’s no-subscription services conditional upon customers providing a physical<br />
address to which their connection settings can be sent by post. Free is therefore in a position to respond to any<br />
requests for information from the legal authorities. As the flat-rate and broadband services are linked to physical<br />
access, Free is also able to respond to requests from the authorities concerning the subscribers of these services.<br />
Processing of personal data and protection of individuals<br />
Framework Directive 95/46/EC of October 24, 1995 relating to the protection of individuals with regard to the<br />
processing of personal data and the free movement of such data specifies the requisite measures for effectively<br />
protecting the rights and freedom of individuals. The main objectives of this Directive are to (i) harmonize<br />
European legislation governing the processing of personal data, (ii) facilitate the movement of such data<br />
(provided that the country of destination of the information concerned provides a satisfactory level of protection),<br />
and (iii) ensure the protection of the rights and freedom of individuals. This Framework Directive was<br />
supplemented by the sector-specific Directive 97/66/EC of December 15, 1997 relating to the processing of<br />
personal data and the protection of privacy in the telecommunications sector. This Directive has been repealed<br />
and replaced by Directive 2002/58/EC of July 12, 2002.<br />
Law 2004-801 of August 6, 2004 on the protection of individuals with respect to the processing of personal data,<br />
amending Law 78-17 of January 6, 1978 relating to information technology, computer files and civil liberties,<br />
transposed the Framework Directive of October 24, 1995 and certain provisions of the Directive of July 12, 2002<br />
into French law.<br />
Law 2004-575 of June 21, 2004 on confidence in the digital economy and Law 2004-669 of July 9, 2004 on<br />
electronic communications and audiovisual communication services also transposed certain provisions of the<br />
Directive of July 12, 2002 into French law.<br />
The main provisions of Law 2004-801 of August 6, 2004 are as follows:<br />
• Article 7 establishes the principle that no personal data may be processed without the consent of the person<br />
concerned. This Article does, however, set forth a limited number of circumstances in which such processing<br />
may be lawful, even without the consent of the person concerned. This applies in particular if such<br />
processing is necessary in the legitimate interests of the data processor or the recipient “provided that it does<br />
not disregard the interests or infringe the fundamental rights and freedoms of the person concerned”. Such<br />
exceptions do not, however, apply to the processing of “sensitive data”, for which Article 8 of Law 2004-801<br />
requires the express consent of the person concerned.<br />
• The data processor’s obligation to provide information covers all situations in which personal data is<br />
processed, even if this data has not been collected directly from the person concerned, such as for file<br />
transfers. In the latter case, Article 32-III of Law 2004-801 states that the data processor must provide this<br />
information as soon as the data is recorded or, at the latest, when the data is first divulged to a third party.<br />
This information is not necessary, however, if the sole purpose of the processing is to permit or facilitate<br />
communication by electronic means.<br />
In addition to the obligation to inform people of the mandatory or optional nature of their responses, of the<br />
consequences of any failure to respond, of the recipients of the data and of their right to access and correct<br />
their personal data, Article 32 of Law 2004-801 imposes on data processors the obligation to inform the<br />
person from whom the personal data is collected of the identity of the data processor, the purpose for which<br />
the data is processed, and of their right to object to the information being transferred to a third party, as well<br />
as, where necessary, of any proposed transfers of data to a country which is not a Member State of the<br />
European Community.<br />
This obligation is immediately applicable and concerns all types of processing. Companies have until<br />
August 6, 2007, to comply with the new requirements in respect of processing carried out before Law<br />
2004-801 came into force.<br />
The obligation to provide information also applies to cookies. Article 32-II of Law 2004-801 states that<br />
“anyone using an electronic communications network must be clearly and fully informed [ ] about the<br />
purpose of any action taken (i) to access, by electronic means, information stored in their connection<br />
terminal, or (ii) to enter, by similar means, information in their connection terminal equipment [and] about<br />
the measures they may take to prevent this”.<br />
56 - <strong>Iliad</strong> – Registration Document 2007