D11.6: Survey on Mobile Identity

The legal framework for LBS in Europe LEGAL FRAMEWORK FOR PROCESSING LOCATION DATA BY PUBLIC AUTHORITIES

Legal framework for processing location data by public authorities

The French Data Protection Act applies to all controllers whether they are Public Authorities or companies from the Private sector. Therefore, the processing of location data by public agencies or public companies will have to comply with the data protection principles described above. The sole exception consists in the process of authorisation by the CNIL of some specific processing. Article 26 stipulates that an order of a competent Minister or Ministers shall authorise, after a reasoned and published opinion of the CNIL, the processing of personal data carried out on behalf of the State and which involves State security, defence or public safety; or whose purpose is the prevention, investigation, or proof of criminal offences, the prosecution of offenders or the execution of criminal sentences or security measures. In these cases, the opinion of the CNIL shall be published together with the order authorising the processing, but it is not binding.  

Regarding the provisions of Art. L.34-1 of the Code of Posts and Electronic Communications, they will apply whenever the data originate from a public electronic communication network.  

This chapter will first focus on three examples of processing of location data by Public Authorities, before describing the rules applying to the requests and use of location data by Public Authorities for law enforcement purposes.  

1. 1. 1. Processing of location data by public authorities: examples

Three examples of processing of location data that present great interest are going to be analysed in order to illustrate the main purposes which Public Authorities use them for: the use of e-tickets in public transport which leads to the collection of location data with commercial purposes but also with purposes of control and repression of fraud, the taking of automatic picture of cars when their drivers infringe the Traffic Code and the use of e-bracelets for offenders. None of these examples imply the use of a public network of communications and thus Art. L.34.1 of the Code of Posts and Electronic Communications will not be applicable. 

1. 1. 1. 1. Use of e-tickets in public transport

Public transport companies, through their modernisation process, have started to offer to their users magnetic, chip or RFID cards in order to ease their movements into the network and to offer them complementary services. Users do not have to buy and carry a paper-ticket any more. However, as these devices memorise more data than that strictly needed for the provision of the service, data protection issues have been raised. They not only allow the user to use the public transportation network but also record the itineraries of the users collecting the time, data and place of entrances, exits and interconnections. This situation raised specific issues of proportionality of data collected, legitimacy of the processing and of the period of storage of these data.  

In 2003, the CNIL issued a recommendation which defines the case where public companies were entitled to proceed with such processing and how long they could store the data collected. The only purposes considered as legitimate are the ones relative to the management of subscription rates, commercial relationship, statistic analysis and measurement of the quality of the system and fraud control. The personal data collected through e-tickets cannot be processed for any other purposes.

Moreover, the CNIL advocates for the anonymisation of the personal data in order to guarantee the freedom of movement in an anonymous way ensured by the use of a paper-ticket. The data should not be stored for a period exceeding two successive days and in the case of data gathered as the consequence of fraud detection, they should not be stored more than the necessary time to verify the reality of the fraud, and to enable the examination of the case by judicial authorities.  

1. 1. 1. 1. Automatic taking of car pictures for repressing traffic offences

The Act of 12 June 2003 reinforcing the fight against traffic violence foresees that a fine notice can be sent as a consequence of the recognition of an infringement of the traffic code made by automatic means. This provision mainly raised the problem of its compatibility with the previous article 2 of the Data Protection Act which forbid a decision with judicial consequences to be taken on the basis of automatic process. But it also raised the problem of the processing of location data, as long as the processing reveals the location of an individual at a precise moment. Even if the purpose of the processing remains to control the vehicles and not the individuals, they create a feeling of being under constant surveillance and thus raise data protection issues (CNIL). Especially if we take into account that in this case, the previous consent of the driver is not required, as the processing is carried out for the purpose of repression of offences.

However, the CNIL considered that even if the consent of the driver was not required in this case, he should be informed when he receives the fine of the existence and purposes of the processing, the identity of the controller, its rights of access, rectification and. Especially when a specific period of data retention of ten years was established by article L121-3 of Traffic Code. 

In 2003, the CNIL gave a first positive opinion on an experimentation conducted by the Ministry of Internal Affairs which intended to implement the automatic taking of pictures of the cars and their passenger when they infringe the speed limits.  

The personal data processing included not only the driver and passengers of the vehicle but also the data relative to the offence, such as place and date of the infringement. This processing allows the defining of the location of an individual in a specific moment.  

In October 2004, this system has been fully approved by the CNIL and extended to other traffic offences foreseen by Art. L.121-3 of the Traffic Code: respect of security distance between vehicles, the failure to follow stop signs, non payment of tolls fees and the forbidden presence of a vehicle in specific roads or on the pavement. It will apply not only to the French but also to foreign drivers.  

1. 1. 1. 1. Electronic bracelet for offenders

Since 2002, several provisions have been introduced into the Criminal Procedure Code for the electronic surveillance of convicts in the context of a diversification of alternative measures to prosecution, incarceration, and to the ones pronounced during the application of the prison term. Particularly, the Act of 12 December 2005 on repetition of penal offences treatment introduced into French Law the possibility of putting convicts under mobile electronic surveillance after their release, when their dangerousness has been certified, whenever they consent to it. The Public agency in charge of the processing will be able to know where the convict is at every moment and thus, despite being an alternative to prison, its highly intrusive nature does not allow the State to compel the convicts to opt for this kind of reclusion. The processing will be legitimate on the basis of the consent given by the convict and the processing should be limited to the personal data strictly necessary for the surveillance. The fact that consent was required was one basis of the constitutional validation of the measure by the Constitutional Council.

This processing knows the location of the persons wearing e-bracelets through GPS or GSM techniques. The electronic bracelet informs the location of the convict each 30 seconds, and warns through SMS the competent authorities when he is out of the “security area”. A law proposition is in debate in the National Assembly regarding the electronic surveillance of convicts aged 70 years and older.  

This Act allows the use of an e-bracelet for a period of two years, renewable once or twice, in defined cases:  

1. in the case of socio-judicial follow up of individuals above 18 years convicted to an at least 7-year prison term and whose dangerousness has been certified by a medical expertise 

2. as a modality of execution of the punishment (conditional release) 

3. as a measure of judicial surveillance ordered against individuals convicted to prison terms over 10 years for specific crimes 

The CNIL opinion reiterates that the processing should respect and guarantee the human dignity, integrity and privacy of the individuals, as well as encourage social reintegration. Regarding these purposes, some data, at first foreseen to be collected, have been abandoned, such as the name of the relatives of the convict, following the opinion of the CNIL which considered their collection disproportionate with regard to the finality of the processing. It highlights the importance of obtaining the consent of the individual, which should be obtained through a debate organised by the magistrate. The information provided to the convicts before they volunteer to the experimentation has been revised by the CNIL as well. Moreover, a specific reference is made to the modalities in the exercising of the right of access, which should be guaranteed in any case.

Other considerations are taken into account as well, like the securing of the frequencies used for the transmission of the location data and the technical and legal guarantees, which should accompany the sub-contracting of a third party in order to ensure the confidentiality of the data.  

An application decree should be published in order to define the conservation period of the data. During this period, specific police officers will be allowed access to the data with the purpose of criminal or offences inquiries, i.e. in almost all cases. The CNIL is required to give its opinion prior to the approval of the decree. 

A first experiment has been launched, with the previous approval of the CNIL for 40 convicts in the context of judicial surveillance. The system will process a series of data needed for the monitoring of the convict in order to ensure he respects his obligations, and for his search and arrest in case he tries to escape.

1. 1. 1. Requests of location data by public authorities

Specific obligations for the retention of traffic data by Telecommunication Operators have been implemented since 2001. As a general principle, Telecommunication Operators are bound to erase or anonymise these data. Traffic data refer to any information processed for the need of the conveyance of an electronic communications by the Telecommunication Operators (Art. R. 10-12 Code of the Posts and Electronic Communications Code). It follows that location data can be part of traffic data and thus should be erased as well. However, several exceptions are foreseen, in particular for the persecution of criminal offences, when the data can be retained for up to one year. In any case, data related to the content of the communication cannot be preserved.  

As a consequence, Telecommunication Operators are bound to retain traffic data in three different cases: 

1. Up to one year, for the needs of prosecution of criminal offences. In this case, the judicial authority could access these data upon request in the context of judicial inquiries.  

2. Up to one year, when their conservation is required for billing purposes.  

3. Up to three months, when their conservation is required for network security reasons.  

The broad and vague terms used by the legislator compel the Operator to retain a large amount of data, which has been highly criticised by the CNIL. When processed for the needs of prosecution of criminal offences, Art. R 10-13 specifies the data which should be retained: the information allowing the identification of the user, the data relative to the terminal equipment and the type of communication, and the date, hour and duration of each communication, data relative to complementary services requested or used and their providers, the origin and the localisation of the communication. For telephony services, the data allowing the identification of the receiver of the communication should be retained as well. 

In 2006, the Act for the fight against terrorism has established an administrative requisition procedure for the consecution of the connection and traffic data, without any previous judicial authorisation, in the context of prevention of terrorist attacks This new procedure allows police agents to request and access certain type of traffic data, for the need of prevention of terrorist attacks (article L.34-1-1 Code of Posts and Electronic Communications). In this case, a specific procedure is established in order to control the legitimacy of the request: the request should be grounded and subject to the authority of a qualified person dependant on the Ministry of Interior Affairs. The requests are recorded and communicated to the National Commission of Security interceptions’ control [Commission national de contrôle des interceptions de sécurité]. This person is designated for a period of three years and should report once a year to this Commission. When it recognises a breach of trust or harm done to fundamental rights, it has to refer to the Ministry of Interior Affairs, which has to determine the relevant measures to be taken within 15 days.