Law No 2018-493 of June 20th, 2018 regarding the protection of personal data has been published in the JORF of June 21st, 2018.

This law modified the French law relating to computers, files and freedoms.

It defined the missions of the CNIL as national supervisory authority for the implementation of the GDPR.

As provided for by the GDPR, the processing of sensitive data shall be prohibited. However, some exceptions to this prohibition are provided by law. 

The 2018 law added other exceptions. The processing of biometric data (fingerprints, etc.) is allowed if strictly necessary to control access to the workplace, computers and applications used at work. The processing based on the reuse of information contained in court decisions disseminated in opensource.

The law also defined the conditions of children’s consent to process their personal data for offering information society services directly. Indeed, for minors under fifteen, the consent of the person holding parental responsibility is required.

It has also extended the group action to the reparation of material and moral damages suffered if personal data is violated