#PRMJ1819224ADecree of November 8, 2018 Related to the 'FranceConnect' Tele-service
AI-generated summary for informational purposes only. Not legal advice. See the original source for the authoritative text.
This decree establishes 'FranceConnect', a digital identification service helping users authenticate themselves for various online services, both within France and in other EU countries. It aims to simplify administrative procedures, ensure secure data exchanges, and enhance access to partner services. Personal data handling and retention protocols are outlined, emphasizing security and user consent.
AI-generated summary. May contain errors. Refer to official sources for legal decisions.
Key Changes
- Establishment of the FranceConnect tele-service for digital identification.
- Defined protocols for managing and retaining personal data.
- Facilitation of secure access to both national and EU partner services.
Obligations
What this law requires
Collect and record mandatory personal data for user identification including: sex, family name, first name(s), complete date and place of birth, email address, and where applicable, SIREN/SIRET number verified per commercial code articles R. 123-220 et seq.
Generate and use irreversibly hashed technical aliases from personal data exclusively for FranceConnect system needs, without distribution or disclosure to third parties.
Destroy identification data without delay once the user session ends; do not retain beyond session duration.
Delete access traceability data (IP address, connection dates/times, tokens) after six months of user inactivity.
Delete federation keys and unique technical aliases after thirty-six months of user inactivity; apply six-month deletion period for data related to cross-EU member state service access.