September.21.2022
Version Française: La loi relative aux dispositifs de contrôle parental sur les appareils connectés est désormais applicable.
This Law n°2022-300 of March 2, 2022 provides for new obligations in order to strengthen parental control and enhance the protection of children against the exposure of harmful content when using devices connected to the Internet.
The definition of the devices concerned is quite broad and includes almost all known devices as it covers devices sold in France “allowing access to online public communication services" and "likely to harm the physical, mental or moral development of minors”. Devices such as computers, smartphones, tablets, video game consoles, connected objects like televisions are in particular concerned.
The law provides for the mandatory installation of a parental control system, easily accessible and understandable, on concerned devices. The activation, use and uninstallation of this system will have to be made available free of charge to users.
The law also provides a set of rules, including technical considerations, that still need to be specified by decree after consultation with the French Data Protection Authority (the CNIL):
A public consultation concerning the content of a draft decree detailing these obligations has been launched and the final decree should be published in the coming months. However, it will probably not be applicable immediately and the legislator mentioned that manufacturers will need some time to adapt their manufacturing process.
Manufacturers, importers, order fulfillment services providers and distributors are concerned.
Manufacturers will have to ensure that the operating systems installed on their devices include the parental control feature - if necessary with the help of operating system supplier. Importers, distributors and order fulfillment services providers commercializing concerned devices must get manufacturer’s certificate establishing that the devices they commercialize are compliant.
Sellers of second-hand or reconditioned products will also have to check that the device includes the parental control feature – these sellers will only have to inform users of the existence of parental control features if they sell secondhand products placed on the market before the decree mentioned above enters into force.
The personal data of minors collected or generated when activating this parental control system shall not be used for commercial purposes, such as direct marketing, profiling and targeted advertising.
The purpose of this new regulation is in line with the CNIL’s recommendation n°5 "Promoting parental control tools that respect privacy and the interests of the child" dated 9 June 2021 in which the CNIL had identified three purposes for which parental control could be used: filtering inappropriate content, supervising the child's practices, monitoring the child's activity.
In the same recommendation, the CNIL had however pointed out several risks related to the use of parental control, in particular the risk of altering the relationship of trust between the parents and the minor, the risk of hindering the autonomy process of the minor and the risk of getting the minor used to being under constant surveillance. These risks will most likely be taken into account in the drafting of the above mentioned decree.