France

Free
76
100
A Obstacles to Access 23 25
B Limits on Content 29 35
C Violations of User Rights 24 40
Last Year's Score & Status
78 100 Free
Scores are based on a scale of 0 (least free) to 100 (most free). See the research methodology and report acknowledgements.

header1 Overview

France registered a slight decline in internet freedom during the coverage period. Its regulator blocked Russian state-linked websites in response to an order from the European Union (EU). Additionally, the government enacted a law that criminalizes publishing details about individuals’ private lives and anticipates EU transparency and content removal measures. New legislation also expanded security agencies’ surveillance capabilities. Journalists faced harassment and physical attacks, particularly when covering antivaccination rallies. On the positive side, access to the internet continues to grow, with better and faster connectivity across the country.

The French political system features vibrant democratic processes and generally strong protections for civil liberties and political rights. However, due to a number of deadly terrorist attacks in recent years, successive governments have been willing to curtail constitutional protections and empower law enforcement to act in ways that impinge on personal freedoms.

header2 Key Developments, June 1, 2021 - May 31, 2022

  • Internet access continued to improve and the “New Deal” met its goal of expanding fourth-generation (4G) mobile coverage across the country, with a particular focus on rural areas (see A1 and A2).
  • In March 2022, amid Russia’s invasion of Ukraine, France complied with an EU order mandating member states to block Russian state-owned online media outlets in an effort to combat war propaganda (see B1).
  • In August 2021, the Guaranteeing the Respect of Republican Principles Law—which allows the government to block mirror websites, establishes a notice-and-action procedure for online platforms, and criminalizes publishing an individual’s personally identifiable information—came into effect (see B1, B3, B4, C2).
  • In July 2021, Autorité de la concurrence, France’s competition authority, fined Google €500 million ($566 million) because the company failed to negotiate licensing fees “in good faith” with French media outlets, as it had been mandated to do in April 2020 (see B6). Throughout the coverage period, the Commission Nationale de l’Informatique et des Libertés (CNIL), France’s data protection authority, fined multiple online platforms, including Google and Facebook, for making it more difficult for users to refuse cookies than it was to accept them (see C6).
  • In July 2021, the parliament passed a new Antiterrorism Law, renewing security agencies’ surveillance powers and further enabling them to intercept satellite communications and use algorithms to scan internet connection and browsing data (see C5).
  • Violence and harassment against journalists have increased, particularly against journalists covering antivaccination rallies (see C7).

A Obstacles to Access

A1 1.00-6.00 pts0-6 pts
Do infrastructural limitations restrict access to the internet or the speed and quality of internet connections? 6.006 6.006

Infrastructural limitations generally do not restrict access to the internet in France. According to Organization for Economic Co-operation and Development (OECD) data from December 2021, France has a fixed-broadband internet penetration rate of 46.13 percent, and a mobile broadband penetration rate of 99.3 percent, both figures showing slight increases from the June 2021 data.1 As of 2021, the International Telecommunication Union (ITU) estimated internet penetration at 84.8 percent.2

Committed to providing widespread access to high-speed broadband with connection speeds of at least 30 megabits per second (Mbps), the government has been implementing a national plan to deploy fiber-optic cables, very high-speed digital subscriber line (VDSL), terrestrial, and satellite networks throughout the country by 2022, mobilizing public and private investments totaling €20 billion ($22.6 billion) over 10 years.3 In 2021, very high-speed broadband coverage accounted for 56 percent of high-speed broadband connections (17.5 million out of 31.3 million), according to a December 2021 report by the Regulatory Authority for Electronic Communications and Post (ARCEP), the telecommunications regulator.4

In January 2018, ARCEP and the government conceived a mobile “New Deal,” enacted in July 2018, to develop 4G networks by 2022. According to a 2022 report from ARCEP, the project met its goal of 90 percent of rural areas having 4G coverage by January 2022.5 The 4G networks of the four mobile service providers cover a vast majority (99 percent) of the metropolitan French population.6 Networks have been piloting fifth-generation (5G) technology across France since 2020. The rollout is concentrated in the largest cities, including Paris, Lyon, Nice, Marseille, Montpellier, and Bordeaux.7

According to a June 2022 report from ARCEP, the average mobile download speed increased dramatically from 2020 to 2021, climbing from 64 Mbps in 2020 to 96 Mbps in 2021 in dense areas, from 59 Mbps in 2020 to 74 Mbps in 2021 in areas with medium density, and from 31 Mbps in 2020 to 47 Mbps in 2021 in rural areas.8 According to May 2022 data from Ookla’s Speedtest, France has a median fixed broadband download speed of 113 Mbps and a median mobile broadband download speed of 61.1 Mbps.9

While many cities benefit from a high broadband connection speed, the promised “universal telecommunications service” has not yet ensured such access for rural areas, and stakeholders have criticized the failure of Orange, the market-dominating service provider in which the government owns the majority of shares, to increase access, citing its monopolistic market position.10

A2 1.00-3.00 pts0-3 pts
Is access to the internet prohibitively expensive or beyond the reach of certain segments of the population for geographical, social, or other reasons? 3.003 3.003

Internet connections are relatively affordable. In 2022, Economist Impact’s Inclusive Internet Index ranked France 10th of 100 countries for affordability of internet connections.1 In December 2020, a provision was added to the Post and Electronic Communications Code to ensure a “universal electronic communications service” at a reasonable price.2 According to 2021 ITU data, a monthly 5 gigabyte (GB) fixed-line broadband subscription cost 1.28 percent of gross national income (GNI) per capita, while a 2 GB mobile broadband plan cost 0.66 percent of GNI per capita.3

There are a number of Internet Exchange Points (IXPs) in France,4 which contribute to improved access and lower consumer prices.5

However, demographic disparities in internet usage persist, though the government has attempted to reduce them. A map produced by ARCEP illustrates some of the regional disparities in mobile penetration, showing patchy 4G coverage in rural areas and overseas territories.6 Most at-home users have access to broadband connections, while the remaining households, usually in rural areas, must rely on dial-up or satellite services.7 The mobile “New Deal” aims to reduce these disparities, and in September 2021, mobile operators deployed 1,046 4G sites in targeted areas out of a planned 3,043 sites.8 Additionally, the government also provides support to the lowest-income households to install broadband access. In February 2022, then Prime Minister Jean Castex announced that the support would increase from €150 ($170) to €300 ($340).9 There are no significant digital divides in terms of gender or income.

In November 2021, parliament passed a law allowing Copie France, the institution that collects private copyright remuneration, to collect a copyright tax on second-hand smartphones,10 which could make it more expensive for low-income people to buy smartphones and access the internet. This measure was initially introduced by Copie France in May 2020.11

A3 1.00-6.00 pts0-6 pts
Does the government exercise technical or legal control over internet infrastructure for the purposes of restricting connectivity? 6.006 6.006

There were no restrictions on connectivity reported during the coverage period. There is no central internet backbone, and ISPs are not required to lease bandwidth from a monopoly holder, as is the case in other countries. Instead, the backbone consists of several interconnected networks run by ISPs and shared through peering or transit agreements. The government does not have the legal authority to restrict the domestic internet during emergencies.

A4 1.00-6.00 pts0-6 pts
Are there legal, regulatory, or economic obstacles that restrict the diversity of service providers? 4.004 6.006

There are no significant business hurdles to providing access to digital technologies in France. Service providers do not need to obtain operating licenses.1 However, the use of frequencies for mobile networks is subject to strict licensing by ARCEP.2 Only four providers are licensed in this regard: Orange, Free, Bouygues Telecom, and Société française du radiotéléphone (SFR).3 Others, such as NRJ Mobile, make use of these providers’ networks, reselling internet and mobile services.4

Orange, Free, Bouygues Telecom, and SFR dominate both the fixed and mobile markets. Competition between these four providers is fierce, but there is little room for other players to compete.

Discussions between ARCEP, Orange, and other telecommunications providers around the cost of network maintenance continued in 2021 and 2022.5 In February 2022, Orange announced that the replacement of its copper network with fiber would be completed by 2030.6

A5 1.00-4.00 pts0-4 pts
Do national regulatory bodies that oversee service providers and digital technology fail to operate in a free, fair, and independent manner? 4.004 4.004

The telecommunications industry is regulated by ARCEP,1 while competition is regulated by the Competition Authority and, more broadly, the European Commission (EC).2 ARCEP is an independent and impartial body.

ARCEP is governed by a seven-member panel. Three members are appointed by the French president, while the National Assembly and Senate appoint two each.3 All serve six-year terms. In January 2021, member of Parliament Laure de la Raudière was nominated as the agency’s president.4 As a member state of the EU, France must ensure the independence of its telecommunications regulator. Given that the government is the main shareholder in Orange, the leading telecommunications company, the EC stated in 2011 that it would closely monitor the situation in France to ensure that European regulations were met.5

The Digital Republic Act enacted in 2016 broadened ARCEP’s mandate, granting the body investigatory and sanctioning powers to ensure compliance with the law’s principle of net neutrality.6 In July 2019, ARCEP reiterated its commitment to promote net neutrality, digital transformation, and technological innovation in France.7

B Limits on Content

B1 1.00-6.00 pts0-6 pts
Does the state block or filter, or compel service providers to block or filter, internet content, particularly material that is protected by international human rights standards? 4.004 6.006

Score Change: The score declined from 5 to 4 to reflect the government’s implementation of an EU regulation ordering member states to block the websites of Russia Today and Sputnik, as well as their local subsidiaries.

The government does not generally block web content in a politically motivated manner. However, during the coverage period, it did block access to Russian state-owned websites. All major social media platforms are accessible.

In early March 2022, following the Russian government’s brutal invasion of Ukraine, the EU Council issued Regulation 2022/350, ordering member states to “urgently suspend the broadcasting activities” of RT, Sputnik, RT France, RT Germany, RT Spanish, and RT UK, and to block their websites because they “engaged in continuous and concerted propaganda actions targeted at civil society.”1 Soon after, the Authority for Audiovisual and Digital Communication (ARCOM) confirmed that it was complying with the decision in a press release.2 In June 2022, after the coverage period, the EU adopted a new package of sanctions, which also included directives to block Rossiya RTR/RTR Planeta, Rossiya 24/Russia 24 and TV Centre International.3

In July 2022, after the coverage period, RT France appealed the EU decision to block it to the European Court of Justice,4 but the court upheld the suspension later in the month.5

France is also one of the countries that has blocked two well-known websites engaged in piracy, Sci-Hub and LibGen, which offer free access to millions of paywalled academic books, journals, and papers. Following a complaint from academic publishers Elsevier and Springer Nature, a court ordered the four major ISPs to block the two websites in April 2019.6

Since the 2015 terrorist attacks in Paris, terrorist-related content and incitements to hatred have been subject to blocking. In November 2018, a Paris court ordered nine French ISPs to block Participatory Democracy, a racist, antisemitic, and anti-LGBT+ French-language website hosted in Japan that was found to be inciting hatred.7 As of April 2021, the website was accessible at a different URL.8

A decree issued in 2015 outlined administrative measures to block websites containing materials that incite or condone terrorism, as well as sites that display child abuse.9 Shortly after the decree was promulgated, five websites were blocked, with no judicial or public oversight, for containing terrorism-related information.10 In the ensuing years, many more websites have been blocked in France. According to a June 2021 annual report from the CNIL,11 France’s data protection agency, the Central Office for the Fight against Crime Related to Information and Communication Technology (OCLCTIC) issued 519 blocking orders to ISPs between January 2020 and December 2020, compared to 420 between February 2019 and December 2019. Among the orders were 28 sites targeted for hosting terrorism-related information; the remaining 491 were targeted for displaying child abuse.12 The reports did not offer details on the content of the blocked websites, but they disclosed OCLCTIC decisions that have been disputed in the past.

The Guaranteeing the Respect of Republican Principles Law gives the ARCOM—a new agency that resulted from the January 2022 merger of the Audiovisual Council (CSA) and the High Authority for the Dissemination of Works and the Protection of Rights on the Internet (HADOPI)—power to oversee the compliance obligations against hate speech for very large platforms.13

In March 2022, ARCOM filed a blocking request to the Paris Judicial Court targeting five pornographic websites (Pornhub, Xnxx, Xvidéos, Tukif, and xHamster),14 but the court has not ruled yet because of multiple procedural issues.15 The request is based on a law against domestic violence passed in 2020 that requires websites to verify the age of their users.

B2 1.00-4.00 pts0-4 pts
Do state or nonstate actors employ legal, administrative, or other means to force publishers, content hosts, or digital platforms to delete content, particularly material that is protected by international human rights standards? 2.002 4.004

The French government continues to actively legislate the online environment (see B3) and issue content-removal requests to online platforms based on these laws.

Recent EU regulations will also facilitate the removal of online content. In June 2021, the EU enacted the regulation on preventing the dissemination of terrorist content online, often referred to as the “terrorist regulation,” which obligates platforms to remove “terrorist” content in under one hour.1 After the coverage period, in August 2022, the Constitutional Council “dismissed a challenge” from members of parliament to the bill adapting French law to this regulation.2 The bill will give ARCOM the authority to issue an injunction to platforms for the removal of terrorist content. This bill has been criticized by French nongovernmental organization (NGO) La Quadrature du Net as unconstitutional and posing a risk of excessive censorship.3

The government sometimes orders online platforms to delete or deindex content. For example, in December 2018, after a year of heated debate, a French court ordered Google to deindex for one year search engine results related to seven illegal streaming websites.4 In June 2019, the French government asked Google to delete a Google+ picture depicting two French officials as dictators. Google did not comply with this request.

According to Google’s transparency report, the government issued 581 requests to remove content in 2021, invoking national security or copyright violations in a majority of the cases.5 Between January and December 2021, Facebook restricted access to 205 pieces of content based on requests from the French government and requests originating in France that concerned private instances of defamation.6 Between January and June 2021, Twitter received 178 removal requests, complying with 39 percent of them, and between July and December 2021, Twitter received 260 requests, complying with 53 percent of them.7

A government decree issued in 2015 allows for the deletion or deindexing of online content related to child abuse and terrorism using an administrative procedure, previously supervised by the CNIL.8 Beginning in June 2022, this power has been transferred to the ARCOM.9 According to the CNIL, between January and December 2021, the OCLCTIC issued 133,295 removal requests targeting such content, a 264 percent increase over the previous year, as well as 4,219 deindexing requests.10 Content was deleted in response to 129,037 removal requests, or in response to almost 96 percent of the total requests issued; of those, 115,802 related to child abuse and 13,235 related to terrorism. The CNIL did not dispute any OCLCTIC decisions in 202111

The right to be forgotten (RTBF) was recognized in a 2014 ruling from the Court of Justice12 and was later institutionalized throughout Europe with the implementation of the General Data Protection Regulation (GDPR) in May 2018.13 Between January and December 2021, Google deindexed some 75,113 URLs in France under the RTBF, complying with approximately 60 percent of requests.14 Between January and June 2021, Microsoft deindexed 990 URLs under the RTBF, accounting for around 40 percent of the total requests). From July to December 2021, Microsoft deindexed 885 URLs, or about 35 percent of total requests.15

In March 2022, far-right presidential candidate Éric Zemmour was found guilty of copyright infringement by the Paris Judicial Court16 over his unauthorized use of film clips and newsreels in a video launching his campaign.17 YouTube removed the video from the platform due to these concerns.

B3 1.00-4.00 pts0-4 pts
Do restrictions on the internet and digital content lack transparency, proportionality to the stated aims, or an independent appeals process? 3.003 4.004

Historically, authorities have been fairly transparent about what content is prohibited and the reasons behind specific content removal requests. Incitement of hatred, racism, Holocaust denial, child abuse and child sexual abuse imagery, copyright infringement, and defamation1 are illegal and may be grounds for blockings or takedowns. Article R645-1 of the criminal code outlaws the display of the emblems, uniforms, or badges of criminal organizations under penalty of a fine and can justify blockings or takedowns of such symbols when they appear online.2

In August 2021, the Guaranteeing the Respect of Republican Principles Law (see C2), often referred to as the antiseparatism law, was enacted.3 In addition to placing broad constraints on religious freedom, especially concerning Islam, the law enables an administrative authority to block mirror websites, including websites that contain “substantially the same” content, without a review from a magistrate.4 Additionally the law anticipates some of the notice-and-action procedures included in the EU’s Digital Services Act,5 which was adopted by the European Parliament in July 2022, after the coverage period. For example, the Guaranteeing the Respect of Republican Principles Law requires platforms to publish risk assessments, make their terms of service accessible, remove “illegal content” at the request of the CSA, and establish an appeals system for content removal. The law does not require judicial oversight of government requests for content removal. Platforms that fail to comply can be fined up to six percent of their turnover or €20 million ($22.6 million).6

The law resembles the Avia law, which was voided by the Constitutional Council in June 2020 after it was adopted by Parliament in May 2020.7 Unlike the voided measures in the Avia law, the Guaranteeing the Respect of Republican Principles Law does not compel platforms to remove “illegal content” within 24 hours.8 The provisions of the Avia law that remain in force after the Constitutional Council voided the majority of its provisions simplify systems for the notification of disputed content, strengthen the prosecution of online hate speech, and create an “online hate observatory.”9

In May 2021, the government transposed the EU Copyright Directive, which, among other things, establishes ancillary copyright for digital publishers and makes “online content sharing service providers” partially liable for copyright violations on their platforms (See B6).10

In December 2018, Parliament passed a law that aims to combat disinformation around elections by empowering judges to order the removal of “fake news” within three months of an election.11 The proposal was rejected twice by the Senate before it was passed. The law places a significant strain on judges, who have 48 hours to decide whether a website is spreading false news, following a referral by a public prosecutor, political party, or interested individual. Under the law, social media platforms are also required to disclose who is paying for sponsored advertisements during electoral campaigns.12 There was no significant application of this law during elections in 2019, 2020 and 2022.13 In July 2022, after the coverage period, the ARCOM published the annual reports platforms are required to complete under the law. The reports from Twitter and Meta have been criticized for providing vague answers about the type and scope of false information that was removed.14

A set of decrees issued in 2015 outlined administrative measures to block websites containing materials that incite or condone terrorism, as well as sites that display child sexual abuse images (see B1). The decrees implemented Article 6-1 of the 2004 Law on Confidence in the Digital Economy (LCEN), as well as Article 12 of the 2014 antiterrorism law.15 The parliament is currently discussing a bill adapting French law to the European regulation imposing a swift removal of terrorist content (see B2).

The OCLCTIC is responsible for maintaining a denylist of sites that contain prohibited content and must review the list every four months to ensure that such sites continue to contravene French law. The OCLCTIC can ask editors or hosts to remove the offending content, and after a 24-hour period, it can order ISPs to block sites that do not comply.16 Users attempting to access sites on a denylist are redirected to a website from the Ministry of the Interior providing avenues for appeal. Another decree also allows for the deletion or deindexing of online content from search results using an administrative procedure supervised by the ARCOM (see B2).17 Under this decree, the OCLCTIC submits requests to search engines, which then have 48 hours to comply.18 The OCLCTIC is responsible for reevaluating deindexed websites every four months and requesting the reindexing of websites when the incriminating content has been removed.

The lack of judicial oversight in the blocking of websites that allegedly incite or condone terrorism remains a concern. The procedures outlined above are supervised by the ARCOM. The CNIL, like all other administrative authorities, can refer requests to the administrative court system, should it object to or dispute any action taken or order given by the OCLCTIC. In May 2019, a CNIL official asserted that the body lacks the technical means and human resources to efficiently supervise the OCLCTIC, which remains a concern.19

Legal debates over the RTBF have also escalated in recent years. The CNIL initially attempted to compel Google to enforce the RTBF ruling across the world,20 but Google resisted.21 A September 2019 judgment from the Court of Justice of the European Union (CJEU) decided Google was not required to scrub search results worldwide.22 However, search-scrubbing transparency is not required from search engines, thus allowing Qwant, a France-based search engine, to conceal its delistings.

B4 1.00-4.00 pts0-4 pts
Do online journalists, commentators, and ordinary users practice self-censorship? 4.004 4.004

Online self-censorship is minimal. However, new laws aimed at countering online hate speech might lead to increased government oversight of internet users, raising concerns that it could cause greater self-censorship (see B2 and B3). In January 2019, President Macron said, “We should move progressively toward the end of anonymity” online.1 Politicians regularly express that sentiment, especially after domestic incidents that cause public outrage.2

Additionally, articles 36 and 38 of the Guaranteeing the Respect of Republican Principles Law3 criminalize the publication of information about private life and family life (see B3 and C2), which could foster self-censorship. Prior to the passage of this law, a May 2021 Constitutional Council ruling voided several articles of the Law on Global Security,4 including Article 24, which would have criminalized the publication of images of on-duty police officers; violators would have been liable to face up to five years in prison or a €75,000 ($84,900) fine.5

B5 1.00-4.00 pts0-4 pts
Are online sources of information controlled or manipulated by the government or other powerful actors to advance a particular political interest? 3.003 4.004

Content manipulation remains a problem in some areas, especially concerning the Russian invasion of Ukraine. During the height of the COVID-19 pandemic, false reports and misinformation about the virus spread online,1 as did conspiracy theories propagated by far-right and extremist political parties.2

Disinformation was not particularly prevalent in the run-up to the April 2022 presidential election. A report from the EU Disinfolab found 169 “debunks” based on reports by fact-checking organizations, but concluded none “reached a magnitude that could have altered the integrity of the voting process or jeopardized its outcome.” Additionally, the report found that there was no significant foreign interference in the election.3

A September 2022 Meta report noted that a Russian influence operation used “false media sites” mimicking those of prominent publications in the EU, including the French publication 20 Minutes, to target Facebook users in France and elsewhere in the EU with Russian propaganda. The pages spread narratives about the potential energy crisis in Europe and claimed that war crimes committed by the Russian military in Ukraine, which have been documented by rights groups, did not happen. Ultimately, the network had little influence within the EU.4

In December 2020, Facebook reported that it detected a network of fake accounts, linked to the French military, which posed as residents of Francophone countries in Africa, to spread messages in French and Arabic that aligned with France’s regional policies.5 French officials “raised doubt” about the coordinated inauthentic behavior report, though the government did not deny the findings.6

B6 1.00-3.00 pts0-3 pts
Are there economic or regulatory constraints that negatively affect users’ ability to publish content online? 3.003 3.003

France has a long history of antipiracy laws and regulatory constraints on online content publication. However, users face few obstacles to publishing online.

Recently, journalists have raised concerns about media concentration. In December 2021, more than 250 journalists and media professionals signed a column in the daily Le Monde calling on presidential candidates to oppose the “scourge” of hyperconcentration in the media.1 The Senate, one of the two chambers of Parliament, has opened an inquiry to examine the state of media ownership concentration.2 Owners of prominent media outlets, including Bernard Arnault, Vincent Bolloré, and Arnaud Lagardère, were summoned to the Senate to answer questions by the commission conducting the inquiry.

As of January 2022, HADOPI and the CSA merged into a new regulatory body with a broader scope of action: the ARCOM (see B1).3 Some commentators have critiqued the ARCOM’s missions as overly broad.4

An antipiracy law administered by HADOPI was originally passed in 20095 and was supplemented by a second law also passed that year.6 ARCOM, which assumed HADOPI’s role in enforcing copyright infringement, employs a graduated response with copyright infringers, starting with an email warning for the first offense, followed by a registered letter if a second offense occurs within six months. If a third offense occurs within a year of the registered letter, the case can be referred to a court, and the offender may receive a fine.7 In 2019, HADOPI filed more than 1,748 referrals to prosecutors (compared to 1,045 in 2018). Most fines ranged from €50 to €1,500 ($57 to $1,700).8

In December 2020, the parliament empowered the government to adopt a new copyright proposal, which increases HADOPI’s power by implementing the newly passed EU Copyright Directive (see B3), and the proposal was enacted in May 2021.9 The May 2021 law contains an ad hoc liability system for platforms hosting copyrighted content.10

The principle of net neutrality is enshrined in the law. In November 2018, a joint study published by ARCEP and Northeastern University indicated that net neutrality was better respected in France than in the rest of the EU.11

In July 2021, Autorité de la concurrence, France’s competition authority, fined Google €500 million ($566 million) for failing to negotiate licensing fees “in good faith” with French news outlets, which it had been mandated to do in April 2020.12 In January 2021, Google had reached a preliminary agreement with a group of media outlets, but it reportedly refused to engage in the subsequent negotiations. The ruling also stated that Google must agree to present an offer to the media outlets within two months.13 Google announced that it would appeal the ruling in September 2021,14 but the company dropped the appeal in June 2022.15

B7 1.00-4.00 pts0-4 pts
Does the online information landscape lack diversity and reliability? 4.004 4.004

France is home to a highly diverse online media environment. There are no restrictions on access to independent online media. There is no censorship of platforms providing content produced by different ethnic, religious, or social groups, including LGBT+ people. However, commentators have observed increased online harassment of LGBT+ users (see C7).1

B8 1.00-6.00 pts0-6 pts
Do conditions impede users’ ability to mobilize, form communities, and campaign, particularly on political and social issues? 6.006 6.006

There are no restrictions on digital mobilization in France. The state and other actors do not block online organizing tools and collaboration websites.

A number of digital rights and advocacy groups, such as La Quadrature du Net, are active and play a significant role in protesting the government’s recent moves to expand censorship and surveillance measures without judicial oversight.1

The COVID-19 pandemic temporarily changed the landscape of activism in France. Various strike movements were diminished by the legislative and administrative measures related to COVID-19 starting in March 2020. A few protests moved online, including a protest in May 2020, which demanded improved rights for workers.2 In July 2020, the French Council of State suspended a decree forbidding protests of more than 10 people, agreeing with critics that it violated freedom of assembly.3

In November 2020, an estimated 500,000 people came together to protest Article 24 of the Global Security Bill, which criminalized posting images of on-duty police officers online and was ultimately voided by the Constitutional Council (see C2 and B4).4

In April 2021, young protesters organized on social media and congregated in front of the National Assembly to demand the passage of the Climate Bill, an ambitious environmental law, defying an administrative order forbidding them to protest in front of the building. They judicially contested the order, which the Paris administrative court suspended.5

C Violations of User Rights

C1 1.00-6.00 pts0-6 pts
Do the constitution or other laws fail to protect rights such as freedom of expression, access to information, and press freedom, including on the internet, and are they enforced by a judiciary that lacks independence? 5.005 6.006

The French constitution expressly protects press freedom and access to information and guarantees freedom of speech and the protection of journalists.1

However, the government’s response to the 2015 terror attacks has curtailed human rights online in practice. The European Convention on Human Rights, to which France is a signatory, provides for freedom of expression, subject to certain restrictions considered “necessary in a democratic society.”2 Since the Charlie Hebdo attack and November 2015 terrorist attacks in Paris, the government has adopted various laws, decrees and administrative provisions limiting fundamental rights, justifying the measures on public safety grounds.3

Broad new powers under the state of emergency proclaimed in 2015 raised concerns among human rights and digital rights activists.4 While then–prime minister Manuel Valls declared that it was a “short term response,”5 the state of emergency was subsequently extended six times until November 2017.6 The counterterrorism law that came into effect in 2017 has also raised concerns among civil rights campaigners for giving prefects and security forces wide-ranging powers with limited judicial oversight. It also introduced a new legal framework for surveillance of wireless communications (see C5).7

France has an independent judiciary, and the rule of law generally prevails in court proceedings. In some cases, the Constitutional Council has made decisions that protect free expression and access to information in practice (see B2, B3, and C2).

C2 1.00-4.00 pts0-4 pts
Are there laws that assign criminal penalties or civil liability for online activities, particularly those that are protected under international human rights standards? 2.002 4.004

Several laws assign criminal or civil penalties for potentially legitimate online activities. In particular, myriad counterterrorism laws threaten to punish users for such activities. Measures to address terrorism were already in place prior to the 2015–17 state of emergency. The counterterrorism law passed in 2014 penalizes online speech deemed to sympathize with terrorist groups or acts with up to seven years in prison and a €100,000 ($113,000) fine. Speech that incites terrorism is also penalized. Penalties for online offenses are harsher than offline offenses, which are punishable by up to five years in prison and a €75,000 ($85,000) fine.1

The Constitutional Court rejected two versions of laws that attempted to criminalize visiting websites that glorify or incite terrorist acts. A 2016 counterterrorism and organized crime law imposed up to two years in prison or a €30,000 ($34,000) fine for frequently visiting such sites, unless the visits are in “good faith,” such as for the purpose of conducting research.2 The Constitutional Council rejected this law in 2017, arguing that the notion of “good faith” was unclear and that the law was not “necessary, appropriate, and proportionate.”3 An amended version was reintroduced as part of a public security law—imposing prison sentences on users who also “manifest adherence” to the ideology expressed at the visited sites4 —but was once again struck down by the Constitutional Court in December 2017.5

Defamation can be a criminal offense in France, punishable by fines or—in circumstances such as “defamation directed against a class of people based on their race, ethnicity, religion, sex, sexual orientation or handicap”—prison time.6

Article 36 of the Guaranteeing the Respect of Republican Principles Law, which was enacted in August 2021, also criminalizes the publication of information about private life, family life, and professional life that can identify individuals or expose their family members to a risk. In most cases, violators face three years’ imprisonment and a €45,000 ($51,000) fine, but in cases when this information is revealed about public officials, violators can face up to five years in prison or a €75,000 ($85,000) fine. The higher penalties when these offenses are committed against public officials raise concerns that the law could be used to suppress legitimate criticism of public officials.7 The measure bears resemblance to a provision in the Law on Global Security criminalizing the publication of images of on-duty police officers, which was ultimately declared unconstitutional (see B4 and B8).8

C3 1.00-6.00 pts0-6 pts
Are individuals penalized for online activities, particularly those that are protected under international human rights standards? 5.005 6.006

While no citizens faced politically motivated arrests or prosecutions in retaliation for online activities protected under international human rights standards, users have been convicted of inciting or sympathizing with terrorism online. The law’s broad use of the terms “inciting” and “glorifying” risks targeting speech that has tenuous connections to terrorist acts.

In February 2020, a court convicted an elected member of the Brittany regional legislature, who had previously been expelled from the far-right National Front (FN) party, of sympathizing with terrorist acts for posting an Islamophobic message on Twitter following the attack by a far-right activist in Christchurch, New Zealand, on two mosques. The regional legislator was sentenced to one year’s suspended sentence and three years of ineligibility to contest elections.1

In June 2019, Marine Le Pen, leader of the far-right National Rally party (formerly known as the FN), was ordered to stand trial by a correctional court for sharing on Twitter videos of Islamic State (IS) terrorists beheading a journalist.2 In January 2022, presidential candidate Éric Zemmour was found guilty of hate speech after he described unaccompanied migrant children as “thieves,” “rapists” and “murderers.”3

A growing number of individuals, including minors,4 are investigated, and given fines and prison sentences, for “glorifying” terrorism.5 In October 2021, a 19 year-old man was sentenced to 13 months in prison for glorifying terrorism on Twitter, after he repeatedly made tweets praising the Islamic State and claiming that terrorist attacks in France had been “reprisals” for French attacks abroad. He was also arrested on weapons charges.6

Penalties for threatening state officials are applied to online activities. In May 2019, a man was fined €500 ($570) for sending President Macron a death threat on Facebook.7 In January 2017, a court sentenced a 42-year-old houseless man to three months in jail for a Twitter post that threatened parliamentarian Eric Ciotti.8

C4 1.00-4.00 pts0-4 pts
Does the government place restrictions on anonymous communication or encryption? 2.002 4.004

Users are not prohibited from using encryption services to protect their communications, including through tools such as Tor, although mobile users must provide identification when purchasing a SIM card, potentially reducing anonymity for mobile communications.1 There are no laws requiring providers of encryption services to install backdoors, but providers are required to turn over decryption keys to investigating authorities.2 In October 2020, the Court of Cassation ruled that any person who is asked, even by a police officer, to turn over decryption keys should comply with the request or face incrimination, overturning a June 2019 ruling.3 The case concerned a drug dealer who was using encryption services, refused to unlock his phone during his arrest, and was charged for this refusal.4

In October 2020, following the murder of middle school teacher Samuel Paty, a group of politicians argued that online anonymity should be restricted (see B4).5

C5 1.00-6.00 pts0-6 pts
Does state surveillance of internet activities infringe on users’ right to privacy? 2.002 6.006

Surveillance has escalated in recent years, including through the enactment of a surveillance law in 2015, which was passed in the wake of the attack on Charlie Hebdo.

The 2015 Intelligence Law allows intelligence agencies to conduct electronic surveillance without a court order.1 An amendment passed in 2016 authorized real-time collection of metadata not only from individuals “identified as a terrorist threat,” but also those “likely to be related” to a terrorist threat and those who belong to the “entourage” of the individuals concerned.2

The Constitutional Council declared three of the Intelligence Law’s provisions unconstitutional in 2015, including one that would have allowed the interception of all international electronic communications. However, an amendment enabling surveillance of electronic communications sent to or received from abroad was adopted later in 2015, shortly after the Paris attacks.3 In 2016, the Constitutional Council struck down part of the Intelligence Law related to the monitoring of hertz wave communications, ruling it “disproportionate.”4 Article 15 of the 2017 Counterterrorism Law reintroduced a legal regime for monitoring wireless communications, but limited surveillance to certain devices such as walkie-talkies.5

In July 2021, the parliament passed a new Antiterrorism Law renewing measures from the 2017 law and expanding the scope of security agencies’ surveillance powers, enabling them to use newer technologies.6 For instance, French intelligence services will be able to intercept satellite communications until 2025 and use algorithms to scan internet-connection and -browsing data to detect possible terrorist activity.7 Though the law was passed quickly, it received strong criticism from civil society and academics.8

Following an October 2020 CJEU decision confirming the ban on indiscriminate metadata collection and retention,9 the French government asked the Council of State to ignore the four EU rulings on that issue, claiming France’s national sovereignty.10 In April 2021, the Council of State ruled that the current data-retention regime was justified due to threats to national security, stipulating that the government should regularly reevaluate whether the security situation justified the continued retention of metadata (see C6).11 In the new Antiterrorism Law, this regime was modified, according to the government, to respond to some of the Council of State’s concerns. The NGO La Quadrature du Net considered this modification as insufficient to protect individuals’ right to privacy.12

The state of emergency imposed between 2015 and 2017 included provisions on electronic searches13 and empowered the minister of the interior to take “any measure to ensure the interruption of any online public communication service that incites the commission of terrorist acts or glorifies them.”14 Under the July 2021 Antiterrorism Law, the government is also allowed to use an increasing number of algorithms to identify individuals who have visited extremist websites.15

In 2019, an amendment to the military spending bill (the Military Planning Law, or LPM) expanded access to data collected outside France’s borders by providing domestic antiterrorism investigators with information obtained by the General Directorate for External Security, France’s foreign intelligence agency.16 According to Article 37 of the LPM, it is possible to perform within intercepted communications “data spot checks for the sole purpose of detecting a threat to the fundamental interests of the nation” on any individual or entity that can be traced to French territory.17

The LPM covering 2014–19 extended administrative access to user data by enabling designated officials to request such data from ISPs for “national security” reasons, to protect France’s “scientific and economic potential,” and to prevent “terrorism” or “criminality.”18 The office of the prime minister authorizes surveillance, and the National Commission for Security Interception (CNCIS, later renamed the National Intelligence Control Commission, or CNCTR) must be informed within 48 hours in order to approve it.19 While the government argued that the law provided an improved legal framework for practices that had been in place for years,20 at the end of 2015 it finally responded to criticisms that the three-member organization was prone to political interference21 by enlarging its composition from three members to nine, making room for judges.22

A law related to the fight against organized crime and terrorism, enacted in 2016, also elicited strong reactions from the public.23 The law notably expanded the range of special investigation methods available to prosecutors and investigating judges to ones that had previously been reserved for intelligence services. These include bugging private locations, using phone eavesdropping devices such as international mobile subscriber identity–catchers (IMSI–catchers), and conducting nighttime searches.24 Relatedly, Article 23 of the Law on Guidelines and Programming for the Performance of Internal Security (LOPPSI 2), adopted in 2011, granted the police the authority to install malware—such as keystroke-logging software and Trojan horses—on suspects’ computers in the course of counterterrorism investigations, although a court order must first be obtained.25

Since the European GDPR came into force in 2018, individuals are deemed to have better rights to control the use of their personal data. Companies face hefty fines if they fail to comply (see C6).26

In September 2021, French news outlet Mediapart reported that at least five French cabinet members had had their phones infected with Pegasus spyware. This report came just two months after the Pegasus Project revealed that French president Emmanuel Macron and the majority of his cabinet were included in a database that was used to target individuals with the spyware.27

In January 2022, the Constitutional council validated a controversial law authorizing police drones.28 Police use of drones has been hotly debated in France for the past few years and drones were declared illegal four times in a row before the advent of this law.29

The COVID-19 pandemic and ensuing national lockdown raised the specter of the monitoring of confined and sick people without their consent. In April 2020, the government announced the development of a Bluetooth contact-tracing app that deploys pseudonymized identifiers and relies on centralized data storage.30 StopCovid was released in June after receiving parliamentary approval in May.31 As of March 2021, 13 million French citizens had downloaded the app.32 In April 2021, the government added a feature to store health information (Green Pass) including proof of vaccination raising privacy concerns.33

C6 1.00-6.00 pts0-6 pts
Does monitoring and collection of user data by service providers and other technology companies infringe on users’ right to privacy? 3.003 6.006

Service providers are required to aid the government in monitoring their users’ communications under certain circumstances. For instance, they must retain user metadata for criminal investigations.1 Although the CJEU ruled against this practice, in April 2021, the Council of State determined that the retention practices were justified (see C5).2

The 2015 Intelligence Law requires ISPs to install so-called “black boxes,” algorithms that analyze users’ metadata for “suspicious” behavior in real time.3 The first black box was set in 20174 and two more were added in 2018.5 Related to this increase in surveillance capabilities, 12,574 “security interceptions” were undertaken in 2019—an increase of 19 percent from 2018. Real-time geolocation tracking in the context of individual surveillance ostensibly for national security purposes increased by 18.3 percent from 2020 to 2021 (from 8,394 uses to 9,920). The number of individuals subject to this surveillance slightly increased during the same period from 21,958 to 22,958.6

In March 2020, Orange shared public statistics on mobile users’ travels out of the Paris region in response to a government request, in order to aid contact-tracing efforts of people with symptoms of COVID-19 (see C5).7 The telecommunications industry then invited the government to adopt legislation in case more advanced measures were needed. The government created a consultation committee in March 2020 to assess the use of geolocation data to surveil the spread of COVID-19,8 raising concerns among privacy activists that the movements of every patient or confined person would be mapped without their consent.9

In June 2019, the Ministry of the Interior proposed an intelligence law in order to extend the use of black boxes, with the aim of improving automation, prolonging data collection, and taking into account new technologies, such as 5G networks.10

The French data protection authority continued to regularly enforce the data protection measures enshrined in the EU’s GDPR and e-privacy directive, and to enforce competition measures related to the protection of personal data. In November 2020, the CNIL fined supermarket chain Carrefour €3 million ($3.4 million) because it failed to provide adequate information on data use in their loyalty reward and credit card programs, among other issues.11 In December 2020, the CNIL fined Google €100 million ($113 million) and Amazon €35 million ($40 million) for violating the e-privacy directive.12 In June 2021, the Autorité de la concurrence fined Google €220 million ($249 million) for self-preferencing via its dominant position in the ad-tech market; the authority also compelled Google to adopt new interoperability measures.13 In January 2022, the CNIL fined Google €150 million ($170 million) and Facebook €60 million ($68 million) for making it difficult for website visitors to refuse cookies.14 In February 2022, the CNIL ordered website managers and operators to refrain from using Google Analytics because it transferred data to the United States in violation of the GDPR.15

C7 1.00-5.00 pts0-5 pts
Are individuals subject to extralegal intimidation or physical violence by state authorities or any other actor in relation to their online activities? 3.003 5.005

Score Change: The score declined from 4 to 3 to reflect the increased attacks on journalists at rallies, particularly those concerning vaccine mandates.

Violence against journalists, including online journalists, has increased in the past two years.1 During the coverage period, journalists were subject to physical violence on multiple occasions. In July 2021, journalists were spit at and insulted while covering a protest against the Green Pass, an application that contains the users’ COVID vaccination status.2 In January 2022, two AFP journalists and their security guards were attacked during an anti–Green Pass protest organized by Florian Philippot’s The Patriots political party, after one of the protestors identified them as AFP journalists, causing a horde of people to attack the videographer until security intervened.3

Radio BIP, a left-leaning independent radio station in Besancon, also faced threats and experienced vandalism, some of which concerned viral videos posted by one of its journalists on social media.4

In April 2019, journalists from the investigative online outlet Disclose were summoned to the General Directorate for Internal Security (DGSI), France’s domestic intelligence agency, after publishing confidential documents about the export of weapons later used by Saudi Arabia and the United Arab Emirates (UAE) in the war in Yemen.5

In February 2019, a group of mostly male journalists were accused of online harassment against women, obese people, and LGBT+ people. Though the group carried out harassment campaigns primarily on Twitter, the members coordinated their activities in a private Facebook group called the “League of LOL.”6

Online harassment of LGBT+ people remains a problem in France. In its 2021 report, the NGO SOS Homophobia highlighted a slight decrease of anti-LGBT+ content on social networks, from 596 cases reported in 2019 to 318 in 2020.7 However, homophobia is still prevalent on the internet. In January 2019, two associations defending LGBT+ rights filed 213 complaints related to insults, incitements to hatred, and calls to murder LGBT+ users on social networks.8

C8 1.00-3.00 pts0-3 pts
Are websites, governmental and private entities, service providers, or individual users subject to widespread hacking and other forms of cyberattack? 2.002 3.003

Government-affiliated websites somewhat regularly experience cyberattacks. Businesses routinely experience hacking attempts.

Medical institutions, including hospitals, routinely face ransomware attacks1 and breaches of patients’ personal data. For instance, In March 2022, l’Assurance Maladie, the main insurance body, declared that data for more than half a million people had been stolen. Hackers illegally accessed accounts of 19 health care professionals, allowing them to access users’ personal data, including social security numbers. In February 2021, Zataz, a cybersecurity blog, and Libé,2 a newspaper, revealed a data breach affected 30 medical laboratories in northwestern France, exposing the data of 500,000 patients. Additionally, in March 2020, l’Assistance publique-Hôpitaux, which manages 39 hospitals in Paris and the surrounding region, experienced a distributed denial-of-service (DDoS) attack, leading the hospital network to shut down its internet access for a day.3

In June 2020, the national France Télévision group experienced a malware attack, though it had no effect on broadcasting.4

In 2020, the National Cybersecurity Agency (ANSSI) received 2,089 reports of cyberattack events, including 8 major incidents.5 According to the ANSSI’s chairperson, 40 public institutions experience hacking every week.6

During the 2017 presidential campaign, Macron’s campaign team announced that they were the “victim of a massive and coordinated hacking attack” after thousands of leaked emails and documents were dumped on the internet in a last-minute effort to destabilize the race.7 Macron had previously confirmed being the target of phishing operations by a group of hackers and had denounced the “interference.”8 Later, a Le Monde investigation found that the cyberattack was directed by a US-based neo-Nazi group.9 Observers noted that there was no real police investigation into the leaks10 and that, after Macron was elected, the government did not follow up on the investigation into the cyberattack’s origins.

On France

See all data, scores & information on this country or territory.

See More
  • Global Freedom Score

    89 100 free
  • Internet Freedom Score

    76 100 free
  • Freedom in the World Status

    Free
  • Networks Restricted

    No
  • Websites Blocked

    Yes
  • Pro-government Commentators

    No
  • Users Arrested

    No