► Full Reference: CJUE, 1st Chamber, 22 June 2023, C-579/21, Pankki S.

____

🏛️read the judgment

________

► Full Reference: I. Gavanon, "Data Protection Law in the Digital Economy Confronted to Monumental Goals", in M.-A. Frison-Roche (ed.), Compliance Monumental Goals, coll. "Compliance & Regulation", Journal of Regulation & Compliance (JoRC) and Bruylant, 2023, p. 137-146.

____

📘read a general presentation of the book, Compliance Monumental Goals, in which this article is published.

____

► Summary of the article: 

________

► Law is slow, but firm. By its judgment of June 15, 2021, Facebook , the European Union Court of Justice widely interprets the powers of National Authorities, since they serve the people protection in the digital space (➡️📝(CJEU, June 15, 2021, Facebook). 

Law is slow. The reproach is so often made. But the bottom line is that, in the noise of changing regulations, it establishes clear and firm principles, letting everyone know what to stand for. The more the world is changing, the more Law is required.

When Law degenerates into regulations, then it is up to the Judge to make Law. "Supreme Courts" appear, de jure as in the United States, de facto as in the European Union by the Court of Justice of the European Union which lays down the principles, before everyone else, as it did for the "right to be forgotten" in 2014 (➡️📝CJEU, Google Spain, May 13, 2014), and then with the impossibility of transferring data to third countries without the consent of the people concerned (➡️📝CJEU, Schrems, October 6, 2015).

Facebook litigation is kind of a novel. The company knows that it is above all to the Courts that it speaks. In Europe, it is doing it behind the walls of the Irish legal space, from which it would like to be able not to leave before better dominating the global digital space, while national regulatory authorities want to take it to protect citizens.

There is therefore a technical question of "jurisdictional competence". The texts have provided for this, but Law is clumsy because it was designed for a world still anchored in the ground: the GDPR of 2016 therefore organizes cooperation between national regulatory authorities through a "one-stop-shop", forcing the authorities to relinquish jurisdiction so that the case is only handled by the "lead" National Authority. This avoids splintering and contradiction. But before the adoption of the GDPR, the Belgian data protection regulator had opened a procedure against Facebook concerning cookies. The "one-stop-shop" mechanism, introduced in 2016, is therefore only mentioned before the Brussels Court of Appeal, which is asked to relinquish jurisdiction in favor of the Irish Regulatory Authority, since the company has in Europe its head office in this country. The Court of Appeal referred to the CJEU for a preliminary ruling.

By its judgment of June 15, 2021 (➡️📝CJUE, Facebook, June 15, 2021), it follows the conclusions of its Advocate General and maintains the jurisdiction of the Belgian National Regulator because, even after the GDPR, the case still undergoes national treatment. In this decision, the most important is its reasoning and the principle adopted. The Court notes that the "one-stop-shop" rule is not absolute and that the national regulatory authority has the power to maintain its jurisdiction, in particular if cooperation between national authorities is difficult.

Even more, will it not one day have to adjust Law more radically? We need to consider the fact that the digital space is not bound by borders and that the ambition of "cross-border cooperation" is ill-suited. It is of course on this observation of inefficiency, consubstantial with the digital space, that the European Public Prosecutor's Office (EPPO) was designed and set up, which is not a cooperation, nor a "one-stop shop", but a body of the Union, acting locally for the Union, directly linked to Compliance concerns (➡️📝Frison-Roche, M.-A. "The European Public Prosecutor's Office is a considerable contribution to Compliance Law", 2021 and ., European Public Prosecutor's Office comes on stage: the company having itself become a private prosecutor, are we going towards an alliance of all prosecutors ?, 2021).

So that's what we should be inspired by.

Full reference: CJEU, Grand chamber, Judgment Facebook Ireland e.a. v. Gegevensbeschermingsautoriteit, C-645-19, June 15, 2021

Read the judgment

Read the abstract of the judgment done by the Court

Read the press release

Référence complète : Mounoussamy, L., Le smart contract, acte ou hack juridique ?, in Petites Affiches, n°37, 20 février 2020, pp. 12-19.

Résumé par les Petites Affiches : Dans cet article, l'auteur analyse l'arrivée du smart contract, système innovant né du développement des nouvelles technologies, dans un environnement juridique déjà structuré. Il commence par définir la nature du smart contract, et le positionne dans cet ensemble juridique mondialisé. Il en présente les impacts et les perspectives de développement, les forces et les faiblesses ainsi que l'intime relation que noues les technologies informatiques et le droit. Le smart contract est un outil dont l'utilisateur définira s'il viendra disrupter le contrat ou le parfaire.

♾️ follow Marie-Anne Frison-Roche on LinkedIn

♾️subscribe to the Newsletter MAFR Regulation, Compliance, Law 

____

► Full Reference: M.-A. Frison-Roche, L'apport du Droit de la Compliance dans la Gouvernance d'Internet  (The contribution of Compliance Law to the Internet Governance), Report asked by the French Government, published the 15th of July 2019, 139 p.

___

► Report Summary. Governing the Internet? Compliance Law can help.

Compliance Law is for the Policy Maker to aim for global goals that they require to be achieved by companies in a position to do so. In the digital space built on the sole principle of Liberty, the Politics must insert a second principle: the Person. The respect of this One, in balance with the Freedom, can be required by the Policy Maker via Compliance Law, which internalises this specific pretention in the digital companies. Liberalism and Humanism become the two pillars of Internet Governance.

The humanism of European Compliance Law then enriches US Compliance law. The crucial digital operators thus forced, like Facebook, YouTube, Google, etc., must then exercise powers only to better achieve these goals to protect persons (against hatred, inadequate exploitation of data, terrorism, violation of intellectual property, etc.). They must guarantee the rights of individuals, including intellectual property rights. To do this, they must be recognized as "second level regulators", supervised by Public Authorities.

This governance of the Internet by Compliance Law is ongoing. By the European Banking Union. By green finance. By the GDPR. We must force the line and give unity and simplicity that are still lacking, by infusing a political dimension to Compliance: the Person. The European Court of Justice has always done it. The European Commission through its DG Connect is ready.

► 📓 Read the reporte (in French)

📝 Read the Report Summary in 3 pages (in English)

📝 Read the Report Summary in 6 pages (in English)

____

►  Plan of the Report (4 chapters): an ascertainment of the digitization of the world (1), the challenge of civilization that this constitutes (2), the relations of Compliance mechanisms as it should be conceived between Europe and the United States, not to mention that the world is not limited to them, with the concrete solutions that result from this (3) and concrete practical solutions to better organize an effective digital governance, inspired by what is particularly in the banking sector, and continuing what has already been done in Europe in the digital field, which has already made it exemplary and what it must continue, France can be force of proposal by the example (4).

____

📝  Read the written presentation of the Report done by Minister Cédric O (in French).

🏛 Listen to the oral  presentation of the Report by Minister Cédric O durant the parliamentary discussion of the law against hate contente on the Internet (in French).

____

💬 Read the interview published the 18 July 2019 : "Gouvernance d'Internet : un enjeu de civilisation" ( "Governing Internet: an Issue of Civilization"), given in French, 

📻 Listen the Radio broadcast of July 21, 2019 during which its consequences are applied to the cryptocurrency "Libra" (given in French)

🏛 Presentation of the Report to the Conseil Supérieur de l'Audiovisuel- CSA (French Council of Audiovisual) on Septembre 5, by a discussion with its members presentation (in French)

💬 Read the  Interview published the 20 December 2019 : "Le droit de la compliance pour réguler l'Internet" ("Compliance Law for regulate Internet"), given in French

____

read below the 54 propositions of the Report ⤵️

Référence complète : Thierache, C., RGPD vs Cloud Act : le nouveau cadre légal américain est-il anti-RGPD ?, in La Revue juridique Dalloz IP/IT,  n°6, 2019, p.367

Les étudiants de Sciences po peuvent lire l'article via le Drive dans le dossier "MAFR - Régulation & Compliance"