Blog
The Blog

Legal obligations and filtering implementation

Cyber news
March 28, 2023

Legal requirements for web filtering

In France, there are a number of legal obligations concerning Internet filtering and logging. At a time when case law is multiplying with regard to the Internet in the office, the duty to filter, log and implement charters is no longer in question, whether in terms of legislation, case law, good practice or custom.

Today, many laws require or legitimize the filtering and retention of logs, exposing companies to a number of risks if they are not respected.

Failure to comply with these obligations exposes the company to various risks:

The risk of not complying with legal requirements:

The obligation to set up filters and retain connection data for one year, imposed on Internet Service Providers (ISPs) by article 6 of the French law on confidence in the digital economy (LCEN), was extended to all those offering Internet access by the anti-terrorism law of January 23, 2006.

In addition, article L.34 of the French Post and Electronic Communications Code (CPCE), supplemented by the law on the fight against terrorism (2006), stipulates that: "Persons who, in the course of a professional activity [...] offer to the public a connection enabling online communication [...], including free of charge, are subject to the provisions applicable to electronic communications operators".

As a result, the anti-terrorism law equates companies with telecoms operators, and it was this provision that was taken as a reference in the case of BNP Paribas, which was condemned for failing to provide logs in response to a court order.

The risk of illicit access :

The illicit nature of a site under French law does not necessarily stem from Internet-related law, but from texts applicable to everyday life.

There is a real risk of not having implemented the necessary means to prohibit illicit access:

  • A sites because of their content: protection of minors, copyright protection, illegal online games, etc.
  • To sites that exceed the limits of freedom of expression: racism, Holocaust denial...
  • A sites with regard to the products and services they market: sale of medicines, tobacco or alcohol online...

The special risk associated with Hadopi :

The owner of the Internet access is obliged to ensure that this access does not enable infringement of intellectual property rights by illegal downloading of copyright-protected works.

The subscriber's obligation is "merely" to ensure that Internet access does not enable infringement of intellectual property rights through illegal downloading of copyright-protected works.

To do this, they must set up a means of securing their network access, which, according to Hadopi, consists of content recognition and filtering.

This means that companies and public authorities need to set up network access filtering systems.

How do you implement and deploy a web filtering solution?

Today, it's the duty of every establishment to set up a content filtering tool and log users' Internet use, in order to comply with current legislation.

So the question is no longer "can we filter and log? but rather "how can we deploy such solutions in compliance with French law?

Since 2009, Olfeo has been working closely with the Lexing law firm Alain Bensoussan to offer its customers legal expertise and develop a solution offering optimum legal protection.

On the strength of this partnership, Olfeo is co-writing a legal white paper with the firm, covering the deployment plan for web filtering.

White paper
Protect your business from ransomware
5 min reading