Winston Maxwell writes:
France’s December 18, 2013 law on military spending contains two provisions that facilitate the collection of data by the French military and intelligence services. The first provision relates to the collection of passenger name records (PNRs). Under the new law, airlines are required to send PNRs to authorities in accordance with a yet to be adopted government decree. The data may be held for up to five years and may not contain sensitive data (i.e., data relating to the passenger’s racial or ethnic origin, religious or philosophical beliefs, political opinions, trade union membership, health, or sexual orientation. The French data protection authority, the CNIL, was consulted in connection with these new PNR provisions).
The second and more controversial government data collection provision is article 20 of the December 18 law that permits French intelligence and security agencies to collect metadata from telecom operators and hosting providers, including in real time.
Read more on Hogan Lovells Chronicle of Data Protection.