Thesaurus : Doctrine
► Full Reference : E. Netter, "Les technologies de conformité pour satisfaire les exigences du droit de la compliance. Exemple du numérique" (Conformity technologies to meet the requirements of Compliance Caw. Digital example), in M.-A. Frison-Roche (dir.), L'obligation de Compliance, Journal of Regulation & Compliance (JoRC) and Dalloz, coll. "Régulations & Compliance", 2024, forthcoming.
____
📕read the general presentation of the book, L'obligation de Compliance, in which this contribution is published.
____
► English summary of this contribution (done by the Journal of Regulation & Compliance) :The author distinguishes between Compliance, which refers to Monumental Goals, and conformity, which are the concrete means that the company uses to tend towards them, through processes, check-lists in the monitoring of which the operator is accountable (art. 5.2. GRPD). Technology enables the operator to meet this requirement, as the changing nature of technology fits in well with the very general nature of the goals pursued, which leave plenty of room for businesses and public authorities to produce soft law.
The contribution focuses firstly on existing technologies. Through Compliance, Law can prohibit a technology or restrict its use because it runs counter to the goal pursued, for example the technology of fully automated decisions producing legal effects on individuals. Because it is a perilous exercise to dictate by law what is good and what is bad in this area, the method is rather one of explicability, i.e. control through knowledge by others.
Regulators are nevertheless developing numerous requirements stemming from the Monumental Goals of Compliance. Operators must update their technology or abandon obsolete technology in the light of new risks or to enable effective competition that does not lock users into a closed system. But technological power must not become too intrusive, as the privacy and freedom of the individuals concerned must be respected, which leads to the principles of necessity and proportionality.
The author stresses that operators must comply with the regulations by using certain technologies if these technologies are available, or even to counteract them if they are contrary to the goals of the regulations, but this obligation of conformity is applied only if these technologies are available. The notion of "available technology" therefore becomes the criterion of the obligation, which means that its content varies with circumstances and time, particularly in the area of cybersecurity.
In the second part of this contribution, the author examines technologies that are only potential, those that Law, and in particular the courts, might require companies to invent in order to fulfill their conformity obligation. This is quite understandable when we are talking about technologies that are in the making, but which will come to fruition, for example in the area of personal data transfer to satisfy the right to portability (GRPD), or where companies must be encouraged to develop technologies that are of less immediate benefit to them, or in the area of secure payment to ensure strong authentication (SPD 2).
This is more difficult for technologies whose feasibility is not even certain, such as online age verification or the interoperability of secure messaging systems, two requirements which appear to be technologically contradictory in their terms, and which therefore still come under the heading of "imaginary technology". But Compliance is putting so much pressure on companies, particularly digital technology companies, that considerable investment is required to achieve it.
The author concludes that this is the very ambition of Compliance and that the future will show how successful it will be.
____
🦉This article is available in full texte for persons following Professor Marie-Anne Frison-Roche teaching.
________
Feb. 8, 2025
MAFR TV : MAFR TV - Overhang
🌐suivre Marie-Anne Frison-Roche sur LinkedIn
🌐s'abonner à la Newsletter MAFR. Regulation, Compliance, Law
🌐s'abonner à la Newsletter Surplomb, par MAFR
____
► Référence complète : M.-A. Frison-Roche, "Qui est en charge de rendre effectif le dispositif de Compliance ? Plutôt l'entreprise ou plutôt l'Autorité publique ? Exemple des données : CE, 27 janvier 2025, B. c/ CNIL", in série de vidéos Surplomb, 8 févroer 2025
____
🌐visionner sur LinkedIn cette vidéo de la série Surplomb
____
____
🚧lire le document de travail bilingue sur la base duquel cette vidéo a été élaborée
____
► Résumé de ce Surplomb : Dans sa décision du 27 janvier 2025, le Conseil d'État eut à apporter une solution à un cas que les règles de Compliance applicable en matière de données n'avaient pas expressément prévu. Une personne qui estime qu'une autre a méconnu ses obligations imposées par le RGPD peut-elle saisir la CNIL et non pas le responsable de traitement ?
Le Conseil d'Etat estime que la question est claire, qu'il n'est pas utile de poser une question préjudicielle à la CJUE. En effet, les textes imposent à celui qui allègue la méconnaissance de son droit de se tourner d'abord vers le responsable du traitement pour que l'information soit effacée avant de saisir dans un second temps la CNIL. En outre, il s'agissait en l'espèce d'informations personnelles insérées par des médecins dans un rapport d'expertise versé dans une instance judiciaire. Le Conseil d'Etat approuve la CNIL d'avoir estimé qu'elle n'a pas à contrôler et à apprécier les éléments de preuve, ce qui relève de l'office du juge judiciaire.
L'on mesure ici que, si par ailleurs sur la base du droit d'alerte la saisine d'autorités administratives peut être directe, ici le spécifique l'emporte sur le général, l'esprit de la loi confiant la préservation directe des droits au responsable du traitement, la CNIL ne devant venir dans son office de supervision et de hashtag#sanction que dans un second stade. Cela illustre ce qu'est le Droit de la Compliance d'une façon plus générale, qui repose en premier lieu sur les opérateurs eux-mêmes. En outre, creuset de droits subjectifs divers, ici droit à l'hashtag#effacement mais aussi droit de verser des preuves aux débats, le Conseil d'Etat souligne que c'est ici l'office du juge judiciaire de veiller à la loyauté des débats.
____
🎬visionner ci-dessous cette vidéo de la série Surplomb⤵️
____
Surplomb, par mafr
la série de vidéos dédiée à la Régulation, la Compliance et la Vigilance
Jan. 9, 2025
Thesaurus : 05. CJCE - CJUE
► Référence complète : CJUE, Première chambre, 9 janvier 2025, aff. C‑394/23, Mousse c/ CNIL et SNCF Connect
____
________
Oct. 25, 2024
MAFR TV : MAFR TV - Overhang
🌐suivre Marie-Anne Frison-Roche sur LinkedIn
🌐s'abonner à la Newsletter MAFR. Regulation, Compliance, Law
🌐s'abonner à la Newsletter Surplomb, par MAFR
____
► Référence complète : M.-A. Frison-Roche, "Cumul et articulation Droit spécial de la Compliance et Droit commun de la concurrence déloyale : l’arrêt de la CJUE du 4 octobre 2024 ND/DR", in série de vidéos Surplomb, 25 octobre 2024
____
🌐visionner sur LinkedIn cette vidéo de la série Surplomb
____
____
► Résumé de ce Surplomb : Sur question préjudicielle, la décision ND c/ DR de la CJUE du 4 octobre 2024 articule le Droit de la concurrence déloyale et protection des données, qui croise la vente de médicaments sur Internet.... Un pharmacien prend des informations personnelles sur la santé des acheteurs, un concurrent se plaint d'une violation du RGPD qui constitue un détournement de clientèle. Le RGPD n'ouvre pas une telle action. Ne la ferme pas non plus.
Bien que la protection des données soit assurée par des organes nationaux spéciaux et qu'il s'agit de protéger des droits spécifiques des personnes protégées, la Cour pose qu'un tiers peut se baser sur un tel comportement pour se situer sur le droit commun pour s'en plaindre, en tant qu'il est concurrent et qu'il peut alléguer que cela constitue un acte de concurrence déloyale.
Pour affirmer cela, Cour souligne qu'en premier lieu le RGPD ne confère pas de compétence exclusive et que d'autre part la convergence des actions renforce le Droit de l'Union car le RGPD vise aussi le flux des données, principe de liberté que protège aussi le droit de la concurrence déloyale, qui s'applique selon les conditions du droit (faute qualité, dommage, causalité).
____
🚧Lire le document de travail sous-jacent à ce Surplomb
____
🎬visionner ci-dessous cette vidéo de la série Surplomb⤵️
____
Surplomp, par mafr
la série de vidéos dédiée à la Régulation, la Compliance et la Vigilance
Oct. 20, 2024
Publications
🌐suivre Marie-Anne Frison-Roche sur LinkedIn
🌐s'abonner à la Newsletter MAFR Regulation, Compliance, Law
🌐s'abonner à la Newsletter en vidéo MAFR Surplomb/Overhang
____
► Référence complète : M.-A. Frison-Roche, Articulation Droit de la Compliance (RGPD) et Droit commun : illustration par la décision de la CJUE du 4 octobre 2024, ND c/ DR, document de travail, octobre 2024.
____
🎤 Ce document de travail a été élaboré pour servir de base tout d'abord :
à la vidéo Surplomb👁 du 20 octobre 2024 : cliquer ICI
____
🎬🎬🎬Dans la collection des Surplomb👁 Il s'insère dans la catégorie des Actualités.
►Voir la collection complète des Surplombs👁 : cliquer ICI
____
► Résumé du document de travail :
Sur question préjudicielle, la décision ND c/ DR de la CJUE du 4 octobre 2024 articule le Droit de la concurrence déloyale et protection des données, qui croise la vente de médicaments sur Internet.... Un pharmacien prend des informations personnelles sur la santé des acheteurs, un concurrent se plaint d'une violation du RGPD qui constitue un détournement de clientèle. Le RGPD n'ouvre pas une telle action. Ne la ferme pas non plus.
Bien que la protection des données soit assurée par des organes nationaux spéciaux et qu'il s'agit de protéger des droits spécifiques des personnes protégées, la Cour pose qu'un tiers peut se baser sur un tel comportement pour se situer sur le droit commun pour s'en plaindre, en tant qu'il est concurrent et qu'il peut alléguer que cela constitue un acte de concurrence déloyale.
Pour affirmer cela, Cour souligne qu'en premier lieu le RGPD ne confère pas de compétence exclusive et que d'autre part la convergence des actions renforce le Droit de l'Union car le RGPD vise aussi le flux des données, principe de liberté que protège aussi le droit de la concurrence déloyale, qui s'applique selon les conditions du droit (faute qualité, dommage, causalité).
____
🔓lire les développements ci-dessous⤵️
Oct. 4, 2024
Thesaurus : 05. CJCE - CJUE
► Référence complète : CJUE, Grande chambre, 4 octobre 2024, aff. C-21/23, ND c/ DR
____
________
Feb. 1, 2024
Teachings
🌐follow Marie-Anne Frison-Roche on LinkedIn
🌐subscribe to the Newsletter MAFR Regulation, Compliance, Law
____
► Full Reference: F. Ancel & M.-A. Frison-Roche, Droit de la compliance (Compliance Law), École nationale de la magistrature - ENM (French National School for the Judiciary), in collaboration with the École de Formation professionnelle des Barreaux du ressort de la cour d'appel de Paris - EFB (Paris Bar School), Paris, February 1 and 2, 2024
This teaching is given in French.
____
____
► Presentation of the Teaching: The aim of this two-day conference is to enable judges and lawyers to grasp the issues, objectives and methods that define Compliance Law as it is practised in companies.
The speakers will illustrate the growing trend towards litigation, which is difficult to reconcile with the supranational dimension, or even indifference to territories, for example when disputes concern systemic climate or digital issues: the result is a renewal of the role of the judge and the role of lawyers.
This must be set against the renewal of the role and operation of companies themselves.
This is analysed from the perspective of Civil Law, in particular Contract Law and Liability Law. Company Law and Criminal Law are also addressed, as well as the way in which the legal system now integrates governance, regulation, climate and digital issues and the smooth operation of financial markets through Compliance techniques.
____
► Organisation of the Teaching: This conference is divided into two parts.
The first day is designed as a presentation of the major themes through which Compliance Law crosses the branches of traditional Law. The speakers will be professors of Law who will successively summarise the branches of Law and put into perspective the way in which Compliance imperatives give rise to new situations, new difficulties and new solutions.
This enables the second day to focus on practical and topical issues and to debate controversial questions between people of different sensibilities. The participants tend to be judges, members of regulatory authorities, lawyers, members of associations and so on.
____
► Enrolment procedure: The course is open to all judicial and consular magistrates, as well as lawyers.
Registrations can be made directly with the ENM or with the EFB.
____
► Speakers :
🎤François Ancel, Judge at the Première Chambre civile de la Cour de cassation (First Civil Chamber of the French Court of cassation)
🎤Thomas Baudesson, Attorney at the Paris Bar, Partner at Clifford Chance
🎤Guillaume Beaussonie, Full Professor at Toulouse 1 Capitole University
🎤Jacques Boulard, Premier Président de la Cour d’appel de Paris (First President of the Paris Court of Appeal)
🎤Marie Caffin-Moi, Full Professor at Paris Panthéon-Assas University
🎤Malik Chapuis, Judge at the Tribunal judiciaire de Paris (Paris First Instance Civil Court)
🎤Lucie Chatelain, Advocacy and Litigation Manager - Civil Liability of Parent Companies, Sherpa
🎤Jean-Benoît Devauges, Directeur Juridique, Ethique et Gouvernance des entreprises (Legal, Ethics and enterprises governance Director), MEDEF
🎤Marie-Anne Frison-Roche, Professor of Regulatory and Compliance Law, Director of the Journal of Regulation & Compliance (JoRC)
🎤Arnaud Gossement, Attorney at the Paris Bar, Partner at Gossement Avocats
🎤Thibault Goujon-Bethan, Full Professor at Jean Moulin Lyon 3 University
🎤Christophe Ingrain, Attorney at the Paris Bar, Partner at Darrois Villey Maillot Brochier
🎤Isabelle Jegouzo, Director of the Agence française anticorruption - AFA (French Anti-Corruption Agency)
🎤Anne-Valérie Le Fur, Full Professor at Versailles Saint-Quentin-en-Yvelines University
🎤Charlotte Michon, Attorney at the Paris Bar, partner at Charlotte Michon Avocat
🎤Jean-Baptiste Racine, Full Professor at Paris Panthéon-Assas University
🎤 Jean-Christophe Roda, Full Professor at Jean-Moulin Lyon 3 University
🎤Jérôme Simon, 1er Vice-Procureur Financier (First Financial Vice-Prosecutor)
____
🧮read below the programme put together and organised by François Ancel and Marie-Anne Frison-Roche, as well as the reports of each presentation⤵️
June 22, 2023
Thesaurus : 05. CJCE - CJUE
► Full Reference: CJUE, 1st Chamber, 22 June 2023, C-579/21, Pankki S.
____
________
March 15, 2023
Thesaurus : Doctrine
► Full Reference: I. Gavanon, "Data Protection Law in the Digital Economy Confronted to Monumental Goals", in M.-A. Frison-Roche (ed.), Compliance Monumental Goals, coll. "Compliance & Regulation", Journal of Regulation & Compliance (JoRC) and Bruylant, 2023, p. 137-146.
____
📘read a general presentation of the book, Compliance Monumental Goals, in which this article is published.
____
► Summary of the article:
________
June 18, 2021
Compliance: at the moment
► Law is slow, but firm. By its judgment of June 15, 2021, Facebook , the European Union Court of Justice widely interprets the powers of National Authorities, since they serve the people protection in the digital space (➡️📝(CJEU, June 15, 2021, Facebook).
Law is slow. The reproach is so often made. But the bottom line is that, in the noise of changing regulations, it establishes clear and firm principles, letting everyone know what to stand for. The more the world is changing, the more Law is required.
When Law degenerates into regulations, then it is up to the Judge to make Law. "Supreme Courts" appear, de jure as in the United States, de facto as in the European Union by the Court of Justice of the European Union which lays down the principles, before everyone else, as it did for the "right to be forgotten" in 2014 (➡️📝CJEU, Google Spain, May 13, 2014), and then with the impossibility of transferring data to third countries without the consent of the people concerned (➡️📝CJEU, Schrems, October 6, 2015).
Facebook litigation is kind of a novel. The company knows that it is above all to the Courts that it speaks. In Europe, it is doing it behind the walls of the Irish legal space, from which it would like to be able not to leave before better dominating the global digital space, while national regulatory authorities want to take it to protect citizens.
There is therefore a technical question of "jurisdictional competence". The texts have provided for this, but Law is clumsy because it was designed for a world still anchored in the ground: the GDPR of 2016 therefore organizes cooperation between national regulatory authorities through a "one-stop-shop", forcing the authorities to relinquish jurisdiction so that the case is only handled by the "lead" National Authority. This avoids splintering and contradiction. But before the adoption of the GDPR, the Belgian data protection regulator had opened a procedure against Facebook concerning cookies. The "one-stop-shop" mechanism, introduced in 2016, is therefore only mentioned before the Brussels Court of Appeal, which is asked to relinquish jurisdiction in favor of the Irish Regulatory Authority, since the company has in Europe its head office in this country. The Court of Appeal referred to the CJEU for a preliminary ruling.
By its judgment of June 15, 2021 (➡️📝CJUE, Facebook, June 15, 2021), it follows the conclusions of its Advocate General and maintains the jurisdiction of the Belgian National Regulator because, even after the GDPR, the case still undergoes national treatment. In this decision, the most important is its reasoning and the principle adopted. The Court notes that the "one-stop-shop" rule is not absolute and that the national regulatory authority has the power to maintain its jurisdiction, in particular if cooperation between national authorities is difficult.
Even more, will it not one day have to adjust Law more radically? We need to consider the fact that the digital space is not bound by borders and that the ambition of "cross-border cooperation" is ill-suited. It is of course on this observation of inefficiency, consubstantial with the digital space, that the European Public Prosecutor's Office (EPPO) was designed and set up, which is not a cooperation, nor a "one-stop shop", but a body of the Union, acting locally for the Union, directly linked to Compliance concerns (➡️📝Frison-Roche, M.-A. "The European Public Prosecutor's Office is a considerable contribution to Compliance Law", 2021 and ., European Public Prosecutor's Office comes on stage: the company having itself become a private prosecutor, are we going towards an alliance of all prosecutors ?, 2021).
So that's what we should be inspired by.
June 15, 2021
Thesaurus : 05. CJCE - CJUE
Full reference: CJEU, Grand chamber, Judgment Facebook Ireland e.a. v. Gegevensbeschermingsautoriteit, C-645-19, June 15, 2021
Read the abstract of the judgment done by the Court
Feb. 20, 2020
Thesaurus : Doctrine
Référence complète : Mounoussamy, L., Le smart contract, acte ou hack juridique ?, in Petites Affiches, n°37, 20 février 2020, pp. 12-19.
Résumé par les Petites Affiches : Dans cet article, l'auteur analyse l'arrivée du smart contract, système innovant né du développement des nouvelles technologies, dans un environnement juridique déjà structuré. Il commence par définir la nature du smart contract, et le positionne dans cet ensemble juridique mondialisé. Il en présente les impacts et les perspectives de développement, les forces et les faiblesses ainsi que l'intime relation que noues les technologies informatiques et le droit. Le smart contract est un outil dont l'utilisateur définira s'il viendra disrupter le contrat ou le parfaire.
Sept. 8, 2019
Blog
I go. In accordance with the European Regulation (GDPR) transposed into French legal system, the site informs that there is possibility for the user to accept or refuse the use of their personal data for the benefit of "partners".
If they continue reading, the user is supposed to accept everything, but they can click to "customize".
I click: there I find two options: "accept everything" or "reject everything". But the "reject all" option is disabled. It is only possible to click on the "accept all" option.
It is stated in a text, which can not be copied, that these "partners" can use my data without my consent and for purposes that they do not have to inform me. But, again, these things I can "refuse everything". Here again the "reject all" mention exists but the fonctionality is not active, while the mention "accept all" is an active fonctionality.
While believing to read a free article on the "right of the trees".
At the end, I do not read this article, since I did not click on the only active buttons: "accept everything".
In exchange for a whimsical article about trees and their rights, or creams to be always young, or celebrities who change spouses, or about so-called tests to find what king or queen you should be if the all recognized all your merits, etc.
Proposed on the digital news feed by unknown sites; in partnership with foreign companies that you will never reach.
And mass-viewed by Internet users who are also told that "consent" is the proven solution for effective protection ....
While these are just panels hastily built by new Potemkins ...
Updated: Sept. 5, 2019 (Initial publication: April 30, 2019)
Publications
🌐 follow Marie-Anne Frison-Roche on LinkedIn
🌐subscribe to the Newsletter MAFR Regulation, Compliance, Law
____
► Full Reference: M.-A. Frison-Roche, L'apport du Droit de la Compliance dans la Gouvernance d'Internet (The contribution of Compliance Law to the Internet Governance), Report asked by the French Government, published the 15th of July 2019, 139 p.
___
► Report Summary. Governing the Internet? Compliance Law can help.
Compliance Law is for the Policy Maker to aim for global goals that they require to be achieved by companies in a position to do so. In the digital space built on the sole principle of Liberty, the Politics must insert a second principle: the Person. The respect of this One, in balance with the Freedom, can be required by the Policy Maker via Compliance Law, which internalises this specific pretention in the digital companies. Liberalism and Humanism become the two pillars of Internet Governance.
The humanism of European Compliance Law then enriches US Compliance law. The crucial digital operators thus forced, like Facebook, YouTube, Google, etc., must then exercise powers only to better achieve these goals to protect persons (against hatred, inadequate exploitation of data, terrorism, violation of intellectual property, etc.). They must guarantee the rights of individuals, including intellectual property rights. To do this, they must be recognized as "second level regulators", supervised by Public Authorities.
This governance of the Internet by Compliance Law is ongoing. By the European Banking Union. By green finance. By the GDPR. We must force the line and give unity and simplicity that are still lacking, by infusing a political dimension to Compliance: the Person. The European Court of Justice has always done it. The European Commission through its DG Connect is ready.
► 📓 Read the reporte (in French)
📝 Read the Report Summary in 3 pages (in English)
📝 Read the Report Summary in 6 pages (in English)
____
► Plan of the Report (4 chapters): an ascertainment of the digitization of the world (1), the challenge of civilization that this constitutes (2), the relations of Compliance mechanisms as it should be conceived between Europe and the United States, not to mention that the world is not limited to them, with the concrete solutions that result from this (3) and concrete practical solutions to better organize an effective digital governance, inspired by what is particularly in the banking sector, and continuing what has already been done in Europe in the digital field, which has already made it exemplary and what it must continue, France can be force of proposal by the example (4).
____
📝 Read the written presentation of the Report done by Minister Cédric O (in French).
____
💬 Read the interview published the 18 July 2019 : "Gouvernance d'Internet : un enjeu de civilisation" ( "Governing Internet: an Issue of Civilization"), given in French,
📻 Listen the Radio broadcast of July 21, 2019 during which its consequences are applied to the cryptocurrency "Libra" (given in French)
🏛 Presentation of the Report to the Conseil Supérieur de l'Audiovisuel- CSA (French Council of Audiovisual) on Septembre 5, by a discussion with its members presentation (in French)
💬 Read the Interview published the 20 December 2019 : "Le droit de la compliance pour réguler l'Internet" ("Compliance Law for regulate Internet"), given in French
____
read below the 54 propositions of the Report ⤵️
June 5, 2019
Thesaurus : Doctrine
Référence complète : Thierache, C., RGPD vs Cloud Act : le nouveau cadre légal américain est-il anti-RGPD ?, in La Revue juridique Dalloz IP/IT, n°6, 2019, p.367
Les étudiants de Sciences po peuvent lire l'article via le Drive dans le dossier "MAFR - Régulation & Compliance"
Nov. 15, 2017
Thesaurus : Doctrine
► Référence complète : E. Daoud & G. Péronne, "Loi Sapin II, loi vigilance et RGPD. Pour une approche décloisonnée de la compliance", Dalloz IP/IT, nov. 2017
____
🦉Cet article est accessible en texte intégral pour les personnes inscrites aux enseignements de la Professeure Marie-Anne Frison-Roche
________