In the information society, there are numerous organisations and institutions collecting more and more information about individuals.
We all disclose personal information, voluntarily or not, to a multitude of organisations, for example, to:
- local or government authorities (permits, licences, grants);
- tax authorities (tax return);
- doctors and pharmacies (consultations and prescriptions);
- health insurance funds (claims);
- bank (loan applications and credit card statements);
- supermarkets (loyalty cards and lotteries);
- mobile phone operators, post and telecommunication services (telephone communications);
- sports clubs, cultural and leisure organisations (membership cards);
- or simply when browsing the Internet, or even spending the afternoon shopping because of the recordings of surveillance systems.
In this way, the circulation of our personal data is growing and spreading to more and more places.
Due to modern computing techniques, this data can now be exploited more easily and in a variety of ways, either by the State and its authorities, by companies and professionals, or by clubs and associations.
The building of personal profiles which reveal our life style and consumer habits is becoming a common practice (surveys, customer cards, Internet, etc).
Whether data is collected or recorded, consulted or disclosed to third parties, there are real and constant risks for the identifiable person, resulting from this accumulation and exploitation of personal data.
However, loss of control over your personal data and unwarranted intrusion into your private life are not inevitable, far from it. The modified law of 02 August 2002 which transposes a European Directive relating to data protection affords you certain rights.
The law aims at protecting the privacy of individuals with regard to the processing of their personal data by third parties.
The authorities, companies, professionals, associations and other organisations who collect, record, use and disclose personal data cannot do so without restrictions. They must notify the identifiable person (“data subject”) and inform them of the purpose of what the law calls “the processing of personal data”. This processing must be limited to what is necessary and proportionate to the aims stipulated at the outset. Data must therefore always be used in accordance with strict rules, under the supervision of the Commission nationale de protection des données. To ensure transparency, any filing system must previously be either declared or authorised (depending on the type of data and processing).
The legislation on the protection of personal data does not only apply to computer files, but covers every kind of medium (paper files, audio and video recordings).
The protection of privacy is a fundamental right, just like the inviolability of the home, the confidentiality of correspondence and freedoms of opinion and expression.
The same principles apply in all 28 Member States of the European Union and beyond (Switzerland, Norway, Liechtenstein, Iceland, etc).