This Law n°2022-300 of March 2, 2022 provides for new obligations in order to strengthen parental control and enhance the protection of children against the exposure of harmful content when using devices connected to the Internet.
- The law entered into force on September 5, 2022 and applies to a broad range of companies but the implementation of several obligations still needs to be clarified.
- This law was subject to the European Commission approval as it contains provisions likely to affect the single market since it will apply to all concerned products sold to consumers established in France even if manufacturers, distributors or sellers are established abroad.
- The new obligations will be monitored by the Agence Nationale des Fréquences (ANFR) and devices that do not comply may be banned or withdrawn from the market.
Which devices are concerned?
The definition of the devices concerned is quite broad and includes almost all known devices as it covers devices sold in France “allowing access to online public communication services” and “likely to harm the physical, mental or moral development of minors”. Devices such as computers, smartphones, tablets, video game consoles, connected objects like televisions are in particular concerned.
What are the key obligations?
The law provides for the mandatory installation of a parental control system, easily accessible and understandable, on concerned devices. The activation, use and uninstallation of this system will have to be made available free of charge to users.
The law also provides a set of rules, including technical considerations, that still need to be specified by decree after consultation with the French Data Protection Authority (the CNIL):
- the minimum functionalities and technical characteristics of the parental control system and how the manufacturer shall facilitate the use of this parental control system;
- the conditions applicable to the certification of the operating system embedding the parental control system and related obligations;
- enforcement measures; and
- how manufacturers shall contribute to the dissemination of information on the risks associated with the use of online public communication services by minors, the early exposure of children to screens, and the means of preventing these risks.
A public consultation concerning the content of a draft decree detailing these obligations has been launched and the final decree should be published in the coming months. However, it will probably not be applicable immediately and the legislator mentioned that manufacturers will need some time to adapt their manufacturing process.
Who is concerned?
Manufacturers, importers, order fulfillment services providers and distributors are concerned.
Manufacturers will have to ensure that the operating systems installed on their devices include the parental control feature – if necessary with the help of operating system supplier. Importers, distributors and order fulfillment services providers commercializing concerned devices must get manufacturer’s certificate establishing that the devices they commercialize are compliant.
Sellers of second-hand or reconditioned products will also have to check that the device includes the parental control feature – these sellers will only have to inform users of the existence of parental control features if they sell secondhand products placed on the market before the decree mentioned above enters into force.
What about personal data of minors?
The personal data of minors collected or generated when activating this parental control system shall not be used for commercial purposes, such as direct marketing, profiling and targeted advertising.
The purpose of this new regulation is in line with the CNIL’s recommendation n°5 “Promoting parental control tools that respect privacy and the interests of the child” dated 9 June 2021 in which the CNIL had identified three purposes for which parental control could be used: filtering inappropriate content, supervising the child’s practices, monitoring the child’s activity.
In the same recommendation, the CNIL had however pointed out several risks related to the use of parental control, in particular the risk of altering the relationship of trust between the parents and the minor, the risk of hindering the autonomy process of the minor and the risk of getting the minor used to being under constant surveillance. These risks will most likely be taken into account in the drafting of the above mentioned decree.