Full reference: Frison-Roche, M.-A., When Compliance Law is violated, does the "right to be (re)compensated"​ exist, and must it be encouraged or not? - The Marriott case, Newsletter MAFR - Law, Compliance, Regulation, 20th of August 2020

Read by freely subscribing the other news of the Newsletter MAFR - Law, Compliance, Regulation

Summary of the news

In August 2020, Marriott International, online hotel room booking platform, has be sued before an English court by a consulting firm through a "class action" technic. The firm ask to Marriott International compensates the clients whose personal data jas been hacked while Marriott International which was in charge of this data, did not implement all it could to protect these data. According to the plaintiff firm, making the online platform responsible in Ex Ante of the clients' data security and constraint it to compensate injured clients in case of failure is a more important incentive for the firm to do its best to protect this data than a simple fine.    

Many similar actions are ongoing, especially during English Courts where the practice of "class action" is more developed. The question is therefore to know whether it is interesting to encourage the development of this kind of process in France. Concretly, a substantial subjective right (here the right to have its data protected) exists only if it is accompanied by a procedural right to size the judge in order to he or she activates it. The right to ask for a compensation in case of violation of these Compliance obligations but also is therefore not only a strong incentive for firms but also a condition of effectivity of these same obligations, knowing that the effectivity is the major care of Compliance Law.