In mid-December, the new audiovisual policeman, Arcom, born from the merger between the CSA and Hadopi, decided to attack pornographic sites to protect minors. Today, only a window asking on the honor if the visitor is of age hinders their content. Arcom has given notice to five sites, which are PornHub, Tukif, xHamster, xVideos and XNXX to reliably prevent minors from accessing their content within two weeks. The time limit is now over. Maître Anne-Sophie Revers, lawyer specializing in digital, computer and Internet law at the bar of Versailles, explains to Release the contours of French law, the risks incurred by the sites and the potential solutions to the problem.
What is the legal framework governing access to pornographic sites in France?
Since 2020, French law has clearly said that the publisher of a pornographic site cannot be satisfied with a box to be checked by the visitor to certify his majority. But the law does not explain how to do otherwise. There is a big legal vacuum. Neither the authorities nor the CSA are able to define the legally acceptable way to verify the identity, in any case the age, of the person who wishes to connect. The National Commission for Informatics and Liberties (Cnil) refused last June the idea of asking for an identity card from site visitors, because this would not comply with the regulations on personal data and would open up the door to terrible drifts in the event of a data leak. Ditto for biometric data, since it had been considered to request facial recognition to determine the age of the Internet user. This is impossible to set up because there is a risk of overlap between the identity of the person and the visit of a pornographic site.
What are the sites at risk if they do not find a solution?
If they do not get in the nails, the Arcom can seize the judicial judge to request measures aimed at the blocking of the site and its delisting on the search engines. Article 227-24 of the penal code says that “The fact of making, transporting, disseminating by any means whatsoever and whatever the medium, a message […] pornographic […], or to trade in such a message, is punished by three years’ imprisonment and a fine of 75,000 euros when this message is likely to be seen or perceived by a minor ”. Moreover, the sites are also in violation when they have only a simple declarative system asking the visitor if he is at least 18 years old. So, the moment they fail to comply, they incur jail time and a fine. But it would be necessary that Arcom lodge a complaint and that a public prosecutor considers that this violation of the law justifies an investigation and the initiation of criminal proceedings against the publishers. At this point, I don’t think it’s happening. The idea of Arcom with this formal notice is to put pressure, see if something happens and, if nothing happens, go back to the court to ask for blocking measures or de-listing. But I sincerely think that the lawyers of the sites will use the absence of solution in the text of the law to defend themselves.
The CNIL nonetheless proposed to call on a trusted third party …
For the moment, the CNIL has not ruled on any decision. She mentioned the establishment of a third-party certifier. That is to say that, as when an electronic signature is used, the conscientious third party would be the recipient of the identifying data, like an identity card, which he would certify having consulted before forward the information to the publisher, without giving him the identity of the person. The third-party certifier is not itself aware of the site consulted. It was also a question of registering a valid credit card to access the sites. It would be a sword strike in water because a miner can own one. Especially since it is more a question of controlling the 14-18 year olds, who often have cards, than the 6-10 year olds. Unless we consider that it is not extremely serious that a minor of 16 years old can access a porn site. For the moment, the law rules that it is prohibited for minors and you are a minor up to 18 years old.
But the sexual majority is at 15, right?
The sexual majority is at 15 years old, but the simple majority is at 18 years old. The notion of minority and sexual majority is a question of consent to the act. Now, the question of knowing whether it would be relevant to create a special minority, from the age of 16, for this type of service, why not. This is what happens with the use of online public communication services, such as social networks. The regulations in France consider that from the age of 15, you are able to register on Facebook on your own without asking your parents’ permission. For porn sites, in the state of our legislation, this is not possible.
Four of the five sites put on notice have updated the code of their pages to comply with the RTA charter, which allows content to be blocked on demand via parental controls. It’s enough ?
Legally, no, because that would require parental action. This is not stupid on the part of the sites, but that does not prevent minors who have parents who do not take care of setting up parental controls from viewing the sites. There will always be children who can connect. However, the offense is characterized as soon as only one minor arrives there.
Is it really possible to prevent minors from connecting to these sites?
There will always be a way around, it is the principle of the Internet. But setting up a third-party certifier would significantly reduce the number of connections. Of course, there will always be minors who will take Mum and Dad’s card to pretend to be them. That being said, between ticking a box and having to give your identity card, there is a gulf that many minors would not cross.