Paris Tribunal, interim order n° 21-51823 dated 4 march 2021

On March 4, 2021, the Paris Judicial Court ordered the main French internet service providers (ISPs) to immediately block access to a site hosting a file which discloses health data of nearly 500,000 people.

A result of cyber-attacks targeting the information systems of 28 French laboratories, the file had initially been shared on the Darknet, before being made available to the public. It contained “sensitive” data, such as medical treatment and medical pathologies.

Informed of this leak by the media, the CNIL, the French Data protection authority, first, requested the publisher of the site based in Guernsey, then from its host based in California, to withdraw the file. As this first action prove unsuccessful, the CNIL issued the four major French Internet Service Providers (Orange, SFR, Free and Bouygues Telecom) with an issued TPH with an emergency writ of summons, so that said providers make the disclosed file inaccessible.

By an order of March 4, 2021, the first vice-president of the Paris Judicial Court granted the CNIL’s requests and ordered the Internet Service Providers to implement “all appropriate and effective targeted surveillance measures in order to ensure, without delay, the effective blocking of the litigious content, for a period of eighteen months”.

This emergency decision illustrates the powers of the CNIL, which can refer a request to the competent jurisdiction to order any necessary measure, in cases of serious breach of privacy rights.