Standards, Regulations & Compliance
France Closes in on Digital Safety Bill
Lawmakers May Limit VPN UseFrench lawmakers on Wednesday will mull limits on virtual private networks as part of an anti-cybercrime measure that would also require web browsers to notify users when they access websites listed on a government blacklist.
See Also: Using the Netskope HIPAA Mapping Guide
The bill, widely known as SREN, is part of a Macron administration push to decrease online crime. It passed the French Senate in June. The bill lays down nearly 20 proposals intended to ensure the digital safety of French internet users from cyberthreats and harassment, internet scams, hate speech, and access to pornographic sites to minors.
On Wednesday, the bill returns to a special committee created to promote tit, where lawmakers will vote on amendments or propose new bill language. It will later go to the National Assembly for further consideration.
The bill proposes an anti-scam cybersecurity filter for online intermediaries including web browsers. The intent is to protect users from banking and other cyber frauds such as phishing sites, to obtain age verification for access to pornographic sites and to more easily detect individuals engaged in cyber harassment.
As the bill heads toward passage, 30 French lawmakers from the French centrist parties Renaissance Group and Horizon are backing an amendment requiring that app stores not offer virtual private networks allowing users to access the internet in parts of the globe unregulated by Paris or the European Union. The limit is necessary, backers say, to prevent uses from circumventing regulations such as age verification for pornographic sites.
Some lawmakers from the same parties have pushed back against the proposal, Lawmakers Eric Bothorel and Philippe Latombe, both from the French Renaissance Party, wrote in an opinion published by La Tribune that there is no evidence that the use of VPNs by criminals hinders police in identifying online criminals.
Web browser maker Mozilla is among the critics of the bill. Mozilla in June called an earlier version of the bill, which would have required that websites block content at the browser level, a "playbook for authoritarian governments that will easily negate the existence of censorship circumvention tools."
Tasos Stampelos, Mozilla's EU public policy and government relations lead, said the company is currently optimistic about the bill. The most recent version of it "only requires browsers to alert users before attempting to access a potentially fraudulent or malicious website. Nonetheless, we remain vigilant as discussions begin in the National Assembly's plenary," Stampelos told Information Security Media Group.