Basic privacy law: "Law on Informatics, Records, and Freedoms" (Loi relative à l'informatique, aux fichiers et aux libertés) (January 6, 1978) (Law No. 78-17). Authority: National Commission on Informatics and Freedoms (Commission Nationale de l'Informatique et des Libertés(CNIL)).
Most French commentators say that the French safeguards in place are sufficiently protective that they meet the requirements of the E.U. Directive, and that no changes in the basic law will be required.
In 1994 an Amendment to the basic law was adopted, on "Computerized Processing of Name-Linked Data for the Purpose of Research in the Health Sector" (Loi du 1er juillet relative au traitement des données nominatives ayant pour fin la recherche dans le domaine de la santé) (Law No. 94-548). There is some controversy about implementation of the Amendment, which probably will be brought into effect during the course of 1997. A national committee has been appointed to give the CNIL its opinion on the scientific aspects of protocols that have been submitted (Comité Consultatif sur le Traitement de l'Information en Matière de Recherche dans le Domaine de la Santé). One aspect at issue is whether each research protocol must be submitted for approval in advance by the Comité Consultatif. Among others involved in discussions over implementation, the pharmaceutical industry association is negotiating for a streamlined process which might involve approval of some general research-protocol provisions, and perhaps for annual or other periodic review rather than study-by-study, to simplify and speed the approval process.86
(86) A recent recommendation on the handling of personally identifiable health data generally was Commission nationale de l'informatique et des libertés, "Deliberation no. 97-008 du 4 février 1997 portant adoption d'une recommandation sur le traitement des données de la santé à caractere personnel," Journal Officiel de la République Française, 5806–5808 (April 12, 1997).