IT Glossary
The host, or hosting company, refers to any person ensuring, even free of charge, the storage of signals, writings, images, sounds or messages of any kind.
There are several categories of accommodation offered by the hosts, the main ones are the following:
- Shared hosting, where the servers are shared among several users;
- Dedicated hosting, whose servers are used by a single user.
The law ° 2004-575 of June 21, 2004 for the confidence in the digital economy makes a distinction between a host and a content publisher.
Thus, hosting providers cannot be held liable for the information they store if they did not have actual knowledge of the unlawful activity or information or if, as soon as they became aware of it, they acted promptly to remove the information or to make access to it impossible.
However, hosting providers are not subject to a general obligation to monitor the information they store, nor are they under any obligation to seek out facts or circumstances indicating illegal activity.
Their role is therefore essentially limited to providing the public with efficient reporting procedures, and to deal quickly with these reports when the information or activity reported is clearly illegal.
As a matter of principle, as soon as a hosting company stores personal data on behalf of its customers, it will be considered as a subcontractor of the latter within the meaning of the GDPR.
It is therefore important to ensure the compliance of any data transfers made by this host, as well as its submission to the Cloud Act, if applicable.
In any case, the responsible for the processing will only be able to call upon hosting companies that offer sufficient guarantees regarding the implementation of appropriate technical and organizational measures so that the storage of personal data meets the requirements of the RGPD and guarantees the protection of the data subject’s rights.
Point of legislation
” The natural or legal persons who ensure, even on a purely free basis, for provision of the public by services of communication to the public on line, the storage of signals, writings, images, of sounds or messages of any kind provided by recipients of these services may not be held civilly liable for activities or information stored at the request of a recipient of these services if they did not have actual knowledge of their manifestly illicit nature or of facts and circumstances revealing this nature or if, as soon as they had such knowledge, they acted promptly to remove this data or to make access to it impossible. “
Article 6. I. 2 of the Law n° 2004-575 (LCEN)
Point of jurisprudence
The Versailles Court of Appeal was able to consider that ” the assessment of this “manifestly illicit” character is made in relation to French law and not to the law of the place of residence of the site’s editor, the law referring to access to the contents and not to their transmission […], that this manifestly illicit character can only be the consequence of a deliberate breach of an explicit and unambiguous provision of positive law.
Court of Appeal of Versailles, October 13, 2020, n° 19/02573
The Bouchara firm assists you in particular in :
- Removal of illegal content on the Internet;
- Judicial and extra-judicial actions against hosting companies;
- Making your organization RGPD compliant;
- The drafting of data protection policies (privacy policy, computer charter …);
- Documentation of your processing (register of processing activities, register of violations, privacy impact analysis, prior consultation…);
- Obtaining certifications and adhering to codes of conduct;
- The study of the legal feasibility of the implementation of a new personal data processing;
- The drafting and transmission of your codes of conduct to the CNIL for approval;
- Legal analysis of the compliance of your data processing, including data transfers outside the European Economic Area;
- Drafting and negotiating your data processing agreements (DPA);
- Drafting your Binding Corporate Rules (BCR) and Codes of Conduct;
- Training and awareness of your employees.
We are also the external Data Protection Officer of many data processors and subcontractors.