► Référence complète : Houtcieff, D., Les plateformes au défi des plateformes, in L'émergence d'un droit des plateformes, Dalloz, coll. « Thèmes et commentaires », 2021, pp.51-64.

_____

► Lire la présentation générale de l'ouvrage dans lequel s'insère cet article. 

► Référence complète : Amrani-Mekki, S., Les plateformes de résolution en ligne des différends, in L'émergence d'un droit des plateformes, Dalloz, coll. « Thèmes et commentaires », 2021, pp.189-203.

_____

► Lire la présentation générale de l'ouvrage dans lequel s'insère cet article. 

► Full Reference: L.-M. Augagneur, "The jurisdictionalisation of reputation by platforms", in M.-A. Frison-Roche (ed.), Compliance Jurisdictionalisation, Journal of Regulation & Compliance (JoRC) and Bruylant, coll. "Compliance & Regulation", 2023. 

____

📘read a general presentation of the book, Compliance Jurisdictionalisation, in which this article is published

____

► Summary of the article (done by the Author): The large platforms are in the position of arbiter of the reputation economy (referencing, notoriety) in which they themselves act. Although the stakes are usually low on a unit basis, the jurisdiction of reputation represents significant aggregate stakes. Platforms are thus led to detect and assess reputation manipulations (by users: SEO, fake reviews, fake followers; or by the platforms themselves as highlighted by the Google Shopping decision issued by the European Commission in 2017) that are implemented on a large scale with algorithmic tools.

The identification and treatment of manipulations is itself only possible by means of artificial intelligence tools. Google thus proceeds with an automated downgrading mechanism for sites that do not follow its guidelines, with the possibility of requesting a review through a very summary procedure entirely conducted by an algorithm. Tripadvisor, on the other hand, uses an algorithm to detect false reviews based on "fraud modeling to identify electronic patterns that cannot be detected by the human eye". It only conducts a human investigation in limited cases.

This jurisdictionality of reputation has little in common with that defined by the jurisprudence of the Court of Justice (legal origin, contradictory procedure, independence, application of the Rules of Law). It is characterized, on the one hand, by the absence of transparency of the rules and even of the existence of rules stated in predicative form and applied by deductive reasoning. It is replaced by an inductive probabilistic model by the identification of abnormal behaviors in relation to centroids. This approach of course raises the issue of statistical bias. More fundamentally, it reflects a transition from Rule of Law, not so much to "Code is Law" (Laurence Lessig), but to "Data is Law", that is, to a governance of numbers (rather than "by" numbers). It also comes back to a form of collective jurisdictionality, since the sanction comes from a computational apprehension of the phenomena of the multitude and not from an individual appreciation. Finally, it appears particularly consubstantial with compliance, since it is based on a teleological approach (the search for a finality rather than the application of principles).

On the other hand, this jurisdictionality is characterized by man-machine cooperation, whether in the decision-making process (which poses the problem of automaticity bias) or in the contradictory procedure (which poses, in particular, the problems of discussion with the machine and the explicability of the machine response).

Until now, the supervision of these processes has been based essentially on the mechanisms of transparency, a limited adversarial requirement and the accessibility of appeal channels. The French Law Loi pour une République Numérique ("Law  for a Digital Republic"), the European Legislation Platform-to-Business Regulation and the Omnibus Directive, have thus set requirements on the ranking criteria on platforms. The Omnibus Directive also requires that professionals guarantee that reviews come from consumers through reasonable and proportionate measures. As for the European Digital Services Act, it provides for transparency on content moderation rules, procedures and algorithms. But this transparency is often a sham. In the same way and for the moment the requirements of sufficient human intervention and adversarial processes appear very limited in the draft text.

The most efficient forms of this jurisdictionality ultimately emerge from the role played by third parties in a form of participatory dispute resolution. Thus, for example, FakeSpot detects false Tripadvisor reviews, Sistrix establishes a ranking index that helped establish the manipulation of Google's algorithm in the Google Shopping case by detecting artifacts based on algorithm changes. Moreover, the draft Digital Services Act envisages recognizing a specific status for trusted flaggers who identify illegal content on platforms.

This singular jurisdictional configuration (judge and party platform, massive situations, algorithmic systems for handling manipulations) thus leads us to reconsider the grammar of the jurisdictional process and its characteristics. If Law is a language (Alain Sériaux), it offers a new grammatical form that would be that of the middle way (mesotès) described by Benevéniste. Between the active and the passive way, there is a way in which the subject carries out an action in which he includes himself. Now, it is the very nature of this jurisdictionality of compliance to make laws by including oneself in them (nomos tithestai). In this respect, the irruption of artificial intelligence in this jurisdictional treatment undoubtedly bears witness to the renewal of the language of Law.

____

🦉This article is available in full text to those registered for Professor Marie-Anne Frison-Roche's courses

________

► Référence complète : G. Loiseau, "L’intensité de l’Obligation de Vigilance selon les secteurs : le cas des opérateurs numériques", in M.-A. Frison-Roche (dir.), L'obligation de Compliance, Journal of Regulation & Compliance (JoRC) et Dalloz, coll. "Régulations & Compliance", 2024, à paraître

____

📕lire une présentation générale de l'ouvrage, L'obligation de Compliance, dans lequel cet article est publié

____

► Résumé de l'article (fait par le Journal of Regulation & Compliance - JoRC) : L'auteur développe le cas des opérateurs numériques. Il souligne le paradoxe d'un Droit qui est parti d'un texte qui a posé le principe de l'irresponsabilité des hébergeurs, en raison de leur neutralité technique, pour aboutir au DSA et leur imposer des diligences, mais il rappelle que cette obligation n'apparaît qu'à partir d'un signalement qui est porté auprès de l'opérateur numérique et une interdiction expresse d'une obligation générale de surveiller les informations.

Il n'existe d'ailleurs pas d'obligation générale de vigilance à la charge des opérateurs numériques, même si la jurisprudence récente semble durcir le rôle imposé aux hébergeurs.

Le But Monumental est de lutter contre les contenus illicites, mais la liberté d'expression doit être aussi préservée et les réglementations varient selon le type de contenus, tandis que le DSA a une conception plus générale, vise une logique de responsabilisation et de prévention des risques systémiques. Mais vouloir "responsabiliser" les plateformes en Ex Ante, sans toucher au régime de responsabilité en Ex Post, peut poser difficulté.

L'obligation de vigilance va varier suivant que l'opérateur numérique a un rôle passif ou actif. Cela peut conduire les plateformes à adopter des mesures préalables qui peuvent constituer des obligations structurelles, le tiers de confiance pouvant prendre la forme d'un signaleur de confiance. La plateforme est ainsi rendue responsable de sa propre vigilance, mais malgré des hypothèses d'obligation de vigilance renforcée, cela ne doit pas aller jusqu'à des mesures d'investigation. Il faut néanmoins tenir compte d'obligations de vigilance renforcées spécifiques pour les très grandes plateformes, justifiées par les risques engendrés et les types de contenu (terrorisme, pornographie).

________

Référence complète : Jeanneney, J.-N., XIXième siècle : la haine, un ressort puissant, émission "Concordance des temps", France Culture, 29 mai 2021. 

Ecouter l'émission. 

L'émission est bâtie sur cet ouvrage : 

• Frédéric Chauvaud, Histoire de la Haine. Une passion funeste (1830-1950), PUR, 2014.

Présentation du thème par Jean-Noël Jeanneney :

"Les messages de haine qui sont charriés sur les réseaux sociaux doivent-ils être censurés par les responsables de ceux-ci ? Et peuvent-ils l’être ? Une loi récente, portée au Parlement par Laetitia Avia, députée de Paris, le leur imposait, sous peine de lourdes amendes. Et même si ce texte a été censuré, pour une large part, par le Conseil constitutionnel, il témoigne d’une inquiétude qui est aujourd’hui répandue. 

Il s’agit de la découverte que l’intensité des haines en circulation sur la Toile, qui figent le dialogue démocratique et qui exaspèrent les passions les plus sinistres et les plus délétères, constituent une grave menace pour la prédominance de la raison sur la passion, pour la sérénité des citoyens et pour la cohésion nationale. 

Je ne songe certes pas à minimiser ce souci, qui peut devenir taraudant, mais seulement, pour resituer les choses, à rappeler la violence des imprécations que nos ancêtres ont déjà échangées entre eux, dans tout le champ de la politique, de la société et même de la vie familiale. Leur support a changé, mais leurs ressorts et leurs débordements probablement pas. ".

► Référence complète : Roda, J.-Ch, Vers un droit de la concurrence des plateformes , in L'émergence d'un droit des plateformes, Dalloz, coll. « Thèmes et commentaires », 2021, pp.77-90.

_____

► Lire la présentation générale de l'ouvrage dans lequel s'insère cet article. 

► Référence complète : Les techniques de supervision des contenus numériques disponibles sur les plateformes, in cycle de conférences-débats "Contentieux Systémique Émergent", organisé à l'initiative de la Cour d'appel de Paris, avec la Cour de cassation, la Cour d'appel de Versailles, l'École nationale de la magistrature (ENM) et l'École de formation des barreaux du ressort de la Cour d'appel de Paris (EFB), sous la responsabilité scientifique de Marie-Anne Frison-Roche, 27 mai 2024, 11h-12h30, Cour d'appel de Paris, salle Cassin

____

► Présentation de la conférence : 

____

🧮Programme de cette manifestation : 

Troisième conférence-débat

LES TECHNIQUES DE SUPERVISION DES CONTENUS NUMÉRIQUES DISPONIBLES SUR LES PLATEFORMES

Cour d’appel de Paris, salle Cassin

Présentation et modération par 🕴️Marie-Anne Frison-Roche, Professeure de Droit de la Régulation et de la Compliance, Directrice du Journal of Regulation & Compliance (JoRC)

🕰️11h-11h20. 🎤Les techniques de supervision utilisées par les plateformes, intervenant à venir

🕰️11h20-11h40. 🎤Les techniques de supervision par l’autorité administrative indépendante, par 🕴️Roch-Olivier Maistre, Président de l’Autorité de régulation de la communication audiovisuelle et numérique (Arcom)

🕰️11h40-12h30. Débat

____

🔴Les inscriptions et renseignements se font à l’adresse : inscriptionscse@gmail.com

🔴Pour les avocats, les inscriptions se font à l’adresse suivante : https://evenium.events/cycle-de-conferences-contentieux-systemique-emergent/ 

⚠️Les conférences-débat se tiennent en présentiel à la Cour d’appel de Paris.

________

► Référence complète : R.-O. Maistre, "La place du Droit de la compliance dans la régulation de l’espace numérique", entretien mené par M.-A. Frison-Roche à l'occasion d'une série d'entretiens sur le Droit de la Compliance, in Fenêtres ouvertes sur la gestion, émission de J.-Ph. Denis, Xerfi Canal, enregistré le 12 décembre 2023, diffusé le 16 mars 2024

____

🌐consulter sur LinkedIn la présentation en décembre 2023 de l'entretien avec Roch-Olivier Maistre 

____

🌐 lire la Newsletter Mafr Law-Compliance-Regulation de mars 2024 sur la base de l'entretien avec Roch-Olivier Maistre 

____

🎥visionner l'interview complète sur Xerfi Canal

____

► Point de départ : En 2022, Roch-Olivier Maistre écrit une contribution sur 📝Quels buts fondamentaux pour le régulateur dans un paysage audiovisuel et numérique en pleine mutation ?, dans 📕Les Buts Monumentaux de la Compliance.

🧱lire la présentation de cette contribution ➡️cliquerICI

____

► Résumé de l'entretien : 

Marie-Anne Frison-Roche : Question : L’Arcom a un rôle central en matière de Compliance. Pourriez-vous nous présenter cette Autorité de régulation qu’est l’Arcom ?

Roch-Olivier Maistre : Réponse : le Président Roch-Olivier Maistre décrit le rôle de l'Arcom, autorité qui résulte du CSA et de l'Hadopi, le législateur décidant de créer un nouveau grand Régulateur en charge à la fois de l'audiovisuel et du numérique. Cette Autorité collégiale s'assure du bon fonctionnement de ce secteur et est engagée dans la régulation des nouveaux acteurs du numérique.

____
 

MaFR : Q. : Comment Régulation et Compliance s’articulent-elles dans la mise en œuvre des missions de l’Arcom ? 

R.O.M. : R. : Il répond qu'il s'agit d'une approche complémentaire. Coercition, sanctions s'y articulent. Il s'agit de préserver la liberté d'expression et de communication. Pour cela, objectifs de valeur constitutionnelle, les opérateurs doivent agir pour que ces objectifs soient atteints. Pour cela, ils sont supervisés par l'Autorité qu'est l'Arcom, qui intervient qu'ils ne se conforment à ces obligations de compliance. Lorsqu'il ne s'agit pas de l'audiovisuel, où le contenu est encore possible car il s'agit d'un "monde fini", mais qu'il s'agit du monde numérique, où les contenus se répandent d'une façon virale, c'est aux opérateurs d'agir : la Régulation et la Compliance agissent donc d'une façon complémentaire.

________

► Full Reference: L.-M. Augagneur, "La juridictionnalisation de la réputation par les plateformes" ("The jurisdictionalisation of reputation by platforms"), in M.-A. Frison-Roche (ed.), La juridictionnalisation de la Compliance, coll. "Régulations & Compliance", Journal of Regulation & Compliance (JoRC) and Dalloz, 2023, p. 97-113. 

____

📕read a general presentation of the book, La juridictionnalisation de la Compliance, in which this article is published.

____

► Summary of the article (done by the author): The large platforms are in the position of arbiter of the reputation economy (referencing, notoriety) in which they themselves act. Although the stakes are usually low on a unit basis, the jurisdiction of reputation represents significant aggregate stakes. Platforms are thus led to detect and assess reputation manipulations (by users: SEO, fake reviews, fake followers; or by the platforms themselves as highlighted by the Google Shopping decision issued by the European Commission in 2017) that are implemented on a large scale with algorithmic tools.

The identification and treatment of manipulations is itself only possible by means of artificial intelligence tools. Google thus proceeds with an automated downgrading mechanism for sites that do not follow its guidelines, with the possibility of requesting a review through a very summary procedure entirely conducted by an algorithm. Tripadvisor, on the other hand, uses an algorithm to detect false reviews based on "fraud modeling to identify electronic patterns that cannot be detected by the human eye". It only conducts a human investigation in limited cases.

This jurisdictionality of reputation has little in common with that defined by the jurisprudence of the Court of Justice (legal origin, contradictory procedure, independence, application of the Rules of Law). It is characterized, on the one hand, by the absence of transparency of the rules and even of the existence of rules stated in predicative form and applied by deductive reasoning. It is replaced by an inductive probabilistic model by the identification of abnormal behaviors in relation to centroids. This approach of course raises the issue of statistical bias. More fundamentally, it reflects a transition from Rule of Law, not so much to "Code is Law" (Laurence Lessig), but to "Data is Law", that is, to a governance of numbers (rather than "by" numbers). It also comes back to a form of collective jurisdictionality, since the sanction comes from a computational apprehension of the phenomena of the multitude and not from an individual appreciation. Finally, it appears particularly consubstantial with compliance, since it is based on a teleological approach (the search for a finality rather than the application of principles).

On the other hand, this jurisdictionality is characterized by man-machine cooperation, whether in the decision-making process (which poses the problem of automaticity bias) or in the contradictory procedure (which poses, in particular, the problems of discussion with the machine and the explicability of the machine response).

Until now, the supervision of these processes has been based essentially on the mechanisms of transparency, a limited adversarial requirement and the accessibility of appeal channels. The French Law Loi pour une République Numérique ("Law for a Digital Republic"), the European Legislation Platform-to-Business Regulation and the Omnibus Directive, have thus set requirements on the ranking criteria on platforms. The Omnibus Directive also requires that professionals guarantee that reviews come from consumers through reasonable and proportionate measures. As for the European Digital Services Act, it provides for transparency on content moderation rules, procedures and algorithms. But this transparency is often a sham. In the same way and for the moment the requirements of sufficient human intervention and adversarial processes appear very limited in the draft text.

The most efficient forms of this jurisdictionality ultimately emerge from the role played by third parties in a form of participatory dispute resolution. Thus, for example, FakeSpot detects false Tripadvisor reviews, Sistrix establishes a ranking index that helped establish the manipulation of Google's algorithm in the Google Shopping case by detecting artifacts based on algorithm changes. Moreover, the draft Digital Services Act envisages recognizing a specific status for trusted flaggers who identify illegal content on platforms.

This singular jurisdictional configuration (judge and party platform, massive situations, algorithmic systems for handling manipulations) thus leads us to reconsider the grammar of the jurisdictional process and its characteristics. If Law is a language (Alain Sériaux), it offers a new grammatical form that would be that of the middle way (mesotès) described by Benevéniste. Between the active and the passive way, there is a way in which the subject carries out an action in which he includes himself. Now, it is the very nature of this jurisdictionality of compliance to make laws by including oneself in them (nomos tithestai). In this respect, the irruption of artificial intelligence in this jurisdictional treatment undoubtedly bears witness to the renewal of the language of Law.

________

🌐suivre Marie-Anne Frison-Roche sur LinkedIn

🌐s'abonner à la Newsletter MAFR Regulation, Compliance, Law 

____

► Référence complète : M.-A. Frison-Roche, " Youporn : Le Droit doit se renouveler face à la transformation du monde par l'espace numérique", entretien avec Olivia Dufour, Actu-juridique, 5 octobre 2022.

___

💬Lire l'entretien dans son intégralité

____

Lire l'entretien précédent : 💬L'efficacité de la Compliance illustrée par l'affaire Youporn

____

► Questions posées :

• Dans l'affaire Youporn, la décision du tribunal judiciaire de renvoyer le dossier vers la médiation a suscité un certain émoi. N'est-ce pas le signe d'une forme de renoncement de la justice, avec tout ce que cela implique d'un point de vue symbolique ?

• En quoi le droit de la compliance serait-il plus efficace que les méthodes traditionnelles ?

• Mais n’est-ce pas, d’une certaine façon leur permettre de s’autoréguler, solution que précisément le rapport sénatorial écarte radicalement, estimant qu’elle n’est pas efficace ?

• Le problème, à en croire les sites concernés, c’est qu’il n’y aurait pas de solution qui soit à la fois efficace et respectueuse de la protection de la vie privée…

• Pensez-vous que la compliance ait une chance de réussir là où les outils plus traditionnels connaissent un échec relatif ?

________

Référence complète : Frison-Roche, M.-A., L'efficacité de la compliance illustrée par l'affaire Youporn, entretien avec Olivia Dufour, 21 juin 2022.

____

💬 Lire l'entretien 

____

► Référence complète : Delpech, X. (dir.), L'émergence d'un droit des plateformes, coll. "Thèmes et Commentaires", Dalloz, 2021, 239 p.

____

► Présentation de l'ouvrage en 4ième de couverture : De Uber à Parcoursup en passant par Amazon, le phénomène des plateformes est au cœur de notre vie quotidienne. S’il reflète des réalités diverses, il semble néanmoins possible, d’une plateforme à l’autre, d’observer quelques constantes : toutes sont des dispositifs de mise en relation faisant appel aux nouvelles technologies (internet, un algorithme, etc.).

Les plateformes suscitent cependant de multiples interrogations – et même inquiétudes, compte tenu de la puissance de certaines d’entre elles – auxquels tentent de répondre économistes et bien entendu juristes. Elles constituent ainsi un champ de recherche qui reste encore largement à explorer. Il faudra en particulier s’interroger sur le point de savoir si notre arsenal juridique, y compris européen, est suffisamment armé pour les appréhender, voire même les domestiquer, ou s’il doit être réinventé. Plus profondément, il est légitime de se demander si les plateformes ne sont pas en train de faire émerger une nouvelle branche du droit.

C'est à ces questions que tente de répondre cet ouvrage issu des actes du colloque du 21 octobre 2020 organisé par l'équipe de recherche Louis Josserand de l'Université de Jean Moulin Lyon 3. 

____

► Lire la présentation des articles :

📝Roda, J.-Ch, Vers un droit de la concurrence des plateformes

📝Houtcieff, D., Les plateformes au défi des qualifications

📝Amrani-Mekki, S., Les plateformes de résolution en ligne des différents

📝Douville, Th., Quel droit pour les plateformes ? 

____

► Référence complète : Douville, T., Quel droit pour les plateformes ?, in Delpech, X. (dir.), L'émergence d'un droit des plateformes, coll. « Thèmes et commentaires », Dalloz, 2021, pp.217-239.

_____

► Lire la présentation générale de l'ouvrage dans lequel est publié cet article. 

Full Reference : Akman, P., A web of Paradox: Empirical Evidences on Online Platform Users and Implications for Competition and Regulation in Digital Markets, Paper, June 2021.

Abstract (done by the author) :This article presents and analyses the results of a large-scale empirical study in which over 11,000 consumers from ten countries in five continents were surveyed about their use, perceptions and understanding of online platform services. To the author’s knowledge, this is the first cross-continental empirical study on consumers of online platform services of its kind. Among others, the study probed platform users about their multi-homing and switching behaviour; engagement with defaults; perceptions of quality, choice, and well-being; attitudes towards targeted advertising; understanding of basic platform operations and business models; and, valuations of ‘free’ platform services. The empirical evidence from the consumer demand side of some of the most popular multi-sided platforms reveals a web of paradoxes that needs to be navigated by policymakers and legislatures to reach evidence-led solutions for better functioning and more competitive digital markets. This article contributes to literature and policy by, first, providing a multitude of novel empirical findings and, second, analyzing those findings and their policy implications, particularly regarding competition and regulation in digital markets. These contributions can inform policies, regulation, and enforcement choices in digital markets that involve services used daily by billions of consumers and are subjected to intense scrutiny, globally. 

Lire le document de travail.

Full reference: Frison-Roche, M.-A., "Let's Use the Power of GAFAMs in the Service of General Interest!" ("Utilisons la puissance des GAFAMs au service de l'intérêt général!"), interview done by Olivia Dufour, Actu-juridiques Lextenso, 11st of January 2021

Read the interview (in French)

To read the article translated in English by us, read the working paper on which this interview is based

Summary of the interview by Olivia Dufour:

Marie-Anne Frison-Roche, Professor of Regulation and Compliance Law, reported to the government in 2019 about Internet governance. For this expert, giving a disciplinary power to GAFAMs is the only effective solution. And the suppression of Donald Trump's account is not likely to call this analysis into question.

The three questions (translated in English here by ourselves) asked by Olivia Dufour are: 

• The deletion of Donald Trump's Twitter account arouses strong emotions on social networks, and not only among his supporters. What do you think about this ?
• However, this incident does raise concern. Are we not giving too much power to these private companies? This raises the question in France of the relevance of the Avia system ...
• Should we therefore resolve by default to give our freedoms to private and opaque mastodons?

Read the answers to these three questions (in French)

To go further, especially about the logics that guide the Avia system, see:

• Frison-Roche, M.-A., "Hate on internet: we need to responsibilize digital operators" ("Haine sur internet: il faut responsabiliser les opérateurs numériques"), 2020
• Frison-Roche, M.-A., The contribution of Compliance Law to Internet Governance, report to Government, 2019

Full reference: Frison-Roche, M.-A., Conditions for the legality of a platform managed by an American company hosting European health data​: French Conseil d'Etat decision, Newsletter MAFR - Law, Compliance, Regulation, 19th of October 2020

Read by freely subscribing the other news of the Newsletter MAFR - Law, Compliance, Regulation

___

News Summary: In its ordinance of 13th of October 2020, Conseil national du logiciel libre (called Health Data Hub), the Conseil d'Etat (French Administrative Supreme Court) has determined the legal rules governing the possibility to give the management of sensitive data on a platform to a non-europeans firm, through the specific case of the decree and of the contract by which the management of the platform centralizing health data to fight against Covid-19 has been given to the Irish subsidiary of an American firm, Microsoft. 

The Conseil d'Etat used firstly CJEU case law, especially the decision of 16th of July 2020, called Schrems 2, in the light of which it was interpreted and French Law and the contract linking GIP and

The Conseil d'Etat concluded that it was not possible to transfer this data to United-Sates, that the contract could be only interpreted like this and that decree and contract's modifications secured this. But it observed that the risk of obtention by American public authorities was remaining. 

Because public order requires the maintenance of this platform and that it does not exist for the moment other technical solution, the Conseil d'Etat maintained the principle of its management by Microsoft, until a European operator is found. During this, the control by the CNIL (French Data Regulator), whose the observations has been taken into consideration, will be operated. 

We can retain three lessons from this great decision:

• There is a perfect continuum between Ex Ante and Ex Post, because by a referred, the Conseil d'Etat succeed in obtaining an update of the decree, a modification of the contractual clauses by Microsoft and of the words of the Minister in order to, as soon as possible, the platform is managed by an European operator. Thus, because it is Compliance Law, the relevant time of the judge is the future. 
• The Conseil d'Etat put the protection of people at the heart of its reasoning, what is compliant to the definition of Compliance Law. It succeeded to solve the dilemma: either protecting people thanks to the person to fight against the virus, or protecting people by preventing the centralization of data and their captation by American public authorities. Through a "political" decision, that is an action for the future, the Conseil found a provisional solution to protect people against the disease and against the dispossession of their data, requiring that an European solution is found. 
• The Conseil d'Etat emphasized the Court of Justice of The European Union as the alpha and omega of Compliance Law. By interpreting the contract between a GIP (Public interest Group) and an Irish subsidy of an American group only with regards to the case law of the Court of Justice of European Union, the Conseil d'Etat shows that sovereign Europe of Data can be built. And that courts are at the heart of this. 

___________

Read the interview given on this Ordinance Health Data Hub

To go further about the question of Compliance Law concerning health data protection, read the news of 25th of August 2020: The always in expansion "Right to be Forgotten"​: a legitimate Oxymore in Compliance Law built on Information. Example of​ Cancer Survivors Protection 

Full reference: Frison-Roche, M.-A., Judge between Platform and Regulator: current example of Uber case in U.K., Newsletter MAFR - Law, Compliance, Regulation, 29th of September 2020

Read by freely subscribing the other news of the Newsletter MAFR - Law, Compliance, Regulation

Summary of the news:

On 22nd of September 2017, Transport of London (TFL), London Transport Regulator, refused to renew the licence, granted on 31st of May 2012 for 5 years, authorizing Uber to transport people because of criminal offenses committed by Uber's drivers. On 26th of June 2018, The Westminster Court prolonged Uber's licence for 15 months under the condition that the platform prevent the reproachable behaviors of its drivers. After these 15 months, the TFL refused once again to prolonge Uber's licence because of the persistence of aggressions against passengers. Uber, once again, contest this decision before the Westminster Court. 

In a decision of 28th of September 2020, the Court observes that during the 15 months, the platform implemented many measures to prevent aggressions, that the level of maturity of these measures has improved over time and that the number of offenses was reduced over the period (passing from 55 in 2018 to 4 in 2020). The Court estimated the the implementation of this actions is sufficient to grant a new licence to Uber. 

We can learn three lessons from this decision: 

1. The Compliance obligation is not a result obligation but a mean obligation, which means that it is not reasonable to expect from a crucial operator (Uber, for instance) that it prevent every cases of agression but that it is salient to judge it on the effort it deploys to try to be closer to this ideal situation. Moreover, the crucial operator must be proactive, that is going away from the figure of passive subject of Law who apply measures enacted by the regulator in terms of fighting against aggressions to be an actor of the research of the best way to fight abusive behaviors, internalizing this "monumental goal. 
2. The judge appreciates the violation committed by those whose the firm is responsible "in context", that is evaluates the concrete situation in a reasonable way. 
3. It is the judge who decides in last resort and like the crucial operator, it must be reasonable. 

Read to go further:

• Frison-Roche, M.-A., Firm, Regulator and Judge: thinking Compliance through these three characters, 2018
• The report of the Assemblée nationale (French Parliament chamber) on the question 

🌐follow Marie-Anne Frison-Roche on LinkedIn

🌐subscribe to the Newsletter MAFR Regulation, Compliance, Law 

____

Full reference: M.-A. Frison-Roche, Se tenir bien dans l'espace numérique, in Penser le droit de la pensée. Mélanges en l'honneur de Michel Vivant, Lexis Nexis and Dalloz, 2020, pp. 155-168.

____

📝Read the article (in French)

____

🚧Read the working paper, written in English, on which this article is based, with additional developments, technical references, and hyperlinks

English summary of the article: The digital space is one of the scarce spaces not framed by a specific branch of Law, Freedom also offering opportunity to its actors to not "behave well", that is to express and diffuse broadly and immediately hateful thoughts through Hate speechs, which remained before in private or limited circles. The intimacy of Law and of the legal notion of Person is broken: Digital permits to individuals or organizations to act as demultiplied and anonymous characters, digital depersonalized actors who carry behaviors that are hurtful to other's dignity. 

Against that, Compliance Law offers an appropriate solution: internalizing in digital crucial operators the mission to disciplinary and substantially hold the digital space. The digital space has been structured by powerful firms able to maintain order. Because Law must not reduce digital space to be only a neutral market of digital prestations, these crucial operators, like social networks or search engines, must be forced to substantially control behaviors. It could be about an obligation of internet users to act with their face uncover, "real identity" policy controlled by firms, and to respect others' rights, privacy rights, dignity, intellectual property rights. In their Regulatory function, digital crucial firms must be supervised by public authorities. 

Thus, Compliance law substantially defined is the protector of the person as "subject of law" in the digital space, by the respect that others must have, this space passing from the status of free space to the one of civilized space, in which everyone is obliged to behave well. 

______

Read to go further: 

• Frison-Roche, M.-A., L'apport du Droit de la Compliance à la gouvernance d'Internet, 2019
• Frison-Roche, M.-A. (dir.), Internet, un espace d'interrégulation, 2016

Full reference: Faure-Muntian, Valeria and Fasquelle, Daniel, Information Report of the Commission des Affaires économiques (committee on economic affairs) on digital platforms, Assemblée National (National Assembly), June 2020, 104p.

Read the Report

The Finance Bill has proposed to the Parliament to vote an article 57 whose title is: Possibilité pour les administrations fiscales et douanières de collecter et exploiter les données rendues publiques sur les sites internet des réseaux sociaux et des opérateurs de plateformes (translation: Possibility for the tax and customs administrations to collect and exploit the data made public on the websites of social networks and platform operators).

Its content is as is in the text voted on in the National Assembly as follows:

"(1) I. - On an experimental basis and for a period of three years, for the purposes of investigating the offenses mentioned in b and c of 1 of article 1728, in articles 1729, 1791, 1791 ter, in 3 °, 8 ° and 10 ° of article 1810 of the general tax code, as well as articles 411, 412, 414, 414-2 and 415 of the customs code, the tax administration and the customs administration and indirect rights may, each as far as it is concerned, collect and exploit by means of computerized and automated processing using no facial recognition system, freely accessible content published on the internet by the users of the online platform operators mentioned in 2 ° of I of article L. 111-7 of the consumer code.

(2) The processing operations mentioned in the first paragraph are carried out by agents specially authorized for this purpose by the tax and customs authorities.

(3) When they are likely to contribute to the detection of the offenses mentioned in the first paragraph, the data collected are kept for a maximum period of one year from their collection and are destroyed at the end of this period. However, when used within the framework of criminal, tax or customs proceedings, this data may be kept until the end of the proceedings.

(4) The other data are destroyed within a maximum period of thirty days from their collection.

(5) The right of access to the information collected is exercised with the assignment service of the agents authorized to carry out the processing mentioned in the second paragraph under the conditions provided for by article 42 of law n ° 78-17 of January 6, 1978 relating to data processing, the files and freedoms.

(6) The right to object, provided for in article 38 of the same law, does not apply to the processing operations mentioned in the second paragraph.

(7) The terms of application of this I are set by decree of the Council of State.

(8) II. - The experiment provided for in I is the subject of an evaluation, the results of which are forwarded to Parliament as well as to the National Commission for Data Protection at the latest six months before its end. "

This initiative provoked many comments, rather reserved, even after the explanations given by the Minister of Budget to the National Assembly.

What to think of it legally?

Because the situation is quite simple, that is why it is difficult: on the one hand, the State will collect personal information without the authorization of the persons concerned, which is contrary to the very object of the law of 1978 , which results in full disapproval; on the other hand, the administration obtains the information to prosecute tax and customs offenses, which materializes the general interest itself.

So what about it?

Read below.

In what it presents as a set of guidelines designed by a risk-driven approach, the FATF published on 21 June 2019 recommendating to fight the use of crypto-assets and cryptocurrency platforms for launderind money and financing terrorism.

This fight against money laundering is (with the fight against corruption) often presented as the core of the Compliance Law. The FATF takes a large part of it. Even if this new branch of Law aims to crystallize other ambitions, such as the fight against tax fraud or climate change, or even the promotion of diversity or education and the preservation of democratie, the legislation of Compliance Law are mature in the matter of money laundering and the terrorism financing, as they are in the fight against corruption.

The news comes then not from the new legal mechanisms but rather from the new technological tools that could allow the realization of the behaviors against which these obligations of compliance have been inserted in the legal system. It is then to these technologies that the law must adapt. This is the case with crypto-assets and cryptocurrency platforms. Because these are rapidly evolving technologies, with the exercise of written guidelines in 2019 to inform the meaning of the provisions adopted in 2018, the FATF is taking the opportunity to change the definition it provides of crypto-assets and cryptocurrencies. So that a too narrow definition by the texts does not allow the operators to escape the supervision (phenomenon of "hole in the racket" - loophole)..  

___

In fact, in October 2018, the FATC (Financial Action Task Force) developed 15 principles applying to these platforms, to allow this intergovernmental organization to carry out its general mission to combat money laundering and the financing of terrorism. These June 2019 recommendations are to interpret them.

In this very important document, where it is expressly stated that it is a matter of fixing the obligations of those who propose crypto-assets and crypto-currencies, the notion of self-regulation is rejected. Il est writter : "Regarding VASP (virtual assets services providers) supervision, the Guidance makes clear that only competent authorities can act as VASP supervisory or monitoring bodies!footnote-1628, and not self-regulatory bodies. They should conduct risk-based supervision or monitoring, with adequate powers, including the power to conduct inspections, compel the production of information and impose sanctions. There is a specific focus on the importance of international co-operation between supervisors, given the cross-border nature of VASPs’ activities and provision of services."

On the contrary, it is a matter of elaborating the control obligations that these service providers must exercise over products and their customers (Due Diligences), which must be supervised by public authorities. 

In order to exercise this supervision and monitoring, the national authorities themselves must ensure that they work together : "As the Virtual Assets Services Providers (VASP) sector evolves, countries should consider examining the relationship between AML/CF (Anti-Money Laundering and Counter Terrorist Financint) measures for covered VA activities and other regulatory and supervisory measures (e.g., consumer protection, prudential safety and soundness, network IT security, tax, etc.), as the measures taken in other fields may affect the ML/TF risks. In this regard, countries should consider undertaking short- and longer-term policy work to develop comprehensive regulatory and supervisory frameworks for covered VA activities and VASPs (as well as other obliged entities operating in the VA space) as widespread adoption of VAs continues".

After particularly interesting comparative law information on Italy, the Scandinavian countries and the United States, the report concludes: "International Co-operation is Key", because of the global nature of this activity.

Since the issue is not the global Regulation of these platforms and types of products, but only the possible modes of money laundering and terrorist financing to which they may give rise, the FATF recalls that neither crypto-products nor product suppliers are not referred to as such. As the guidance's title recalls, common to the 2018 document adopting the 15 principles and this interpretive document, these are "risk-based" rules. Thus, it is according to the situations that these - products and suppliers - that they may or may not present risks of laundering and financing of terrorism: depending on the type of transaction, the type of client, the type of country, etc. For example, from the moment that the transaction is anonymous, that is impossible to know the "beneficiary", or that it is transnational and instantaneous, which makes it difficult to supervise because of the heterogeneity of national supervisions little articulated between them.

In reports that public supervisors must have with crypto-product suppliers, they must adjust according to the level of risk presented by them, higher or lower: "Adjusting the type of AML/CFT supervision or monitoring: supervisors should employ both offsite and onsite access to all relevant risk and compliance information.However, to the extent permitted by their regime, supervisors can determine the correct mix of offsite and onsite supervision or monitoring of Virtual Assets Services Providers (VASPs). Offsite supervision alone may not be appropriate in higher risk situations. However, where supervisory findings in previous examinations (either offsite or onsite) suggest a low risk for ML/TF, resources can be allocated to focus on higher risk VASPs. In that case, lower risk VASPs could be supervised offsite, for example through transaction analysis and questionnaires".

This "adjustment" required does not prevent a very broad conception of the power of supervision. So, for nothing escapes the recommendations (and in particular the obligations that ensue for the suppliers of these products), the definition of the crypo-assets and crypo-currencies is this one: “Virtual asset” as a digital representation of value that can be digitally traded or transferred and can be used for payment or investment purposes. Virtual assets do not include digital representations of fiat currencies, securities, and other financial assets that are already covered elsewhere in the FATF Recommendations."

And for the same reason of effectiveness is posited the principle of technological neutrality: "Whether a natural or legal person engaged in Virtual Assets (VA) activities is a Virtual Asset Services Provider (VASP) depends on how the person uses the VA and for whose benefit. As emphasized above, ...  then they are a VASP, regardless of what technology they use to conduct the covered VA activities. Moreover, they are a VASP, whether they use a decentralized or centralized platform, smart contract, or some other mechanism.".

The interpretative guidelines then formulate the obligations that these platforms have with regard to the supervisors they obey(question of the "jurisdiction", ratione loci ; ratione materiae): " The Guidance explains how these obligations should be fulfilled in a VA context and provides clarifications regarding the specific requirements applicable regarding the USD/EUR 1 000 threshold for virtual assets occasional transactions, above which VASPs must conduct customer due diligence (Recommendation 10); and the obligation to obtain, hold, and transmit required originator and beneficiary information, immediately and securely, when conducting VA transfers (Recommendation 16). As the guidance makes clear, relevant authorities should co-ordinate to ensure this can be done in a way that is compatible with national data protection and privacy rules. ".

These platforms are not uniformly defined due to the diversity of their activities. Because it is their activity that makes them responsible for this or that regulator. For example from the Central Bank or the Financial Regulator: "For example, a number of online platforms that provide a mechanism for trading assets, including VAs offered and sold in ICOs, may meet the definition of an exchange and/or a security-related entity dealing in VAs that are “securities” under various jurisdictions’ national legal frameworks. Other jurisdictions may have a different approach which may include payment tokens. The relevant competent authorities in jurisdictions should therefore strive to apply a functional approach that takes into account the relevant facts and circumstances of the platform, assets, and activity involved, among other factors, in determining whether the entity meets the definition of an “exchange”!footnote-1626 or other obliged entity (such as a securities-related entity) under their national legal framework and whether an entity falls within a particular definition. In reaching a determination, countries and competent authorities should consider the activities and functions that the entity in question performs, regardless of the technology associated with the activity or used by the entity".

____

Reading this very important document, it is possible to make 6 observations: 

1. Interpretative documents are often more important than rules interpretated themselves. En these guidances, first and foremost, these are major obligations that are stated, not only for platforms but also for national laws, and well beyond the issue of money laundering. So, it is laid: "Countries should designate one or more authorities that have responsibility for licensing and/or registering VASPs. ...  at a minimum, VASPs should be required to be licensed or registered in the jurisdiction(s) where they are created. ".This is a general prescription, involving a general regulation of these platform, which registered in a general way, will probably be supervised in a general way.

Secondly, it is a series of binding measures that is required of the National legal systems, for example the possibility of seizing crypto-values.

It shows that the soft Law illustrates the continuum of the texts, and allows their evolution. Here the evolution of the definition of the object itself: the definition of crypto-assets and crypto-currencies is widened, so that the techniques of money laundering and terrorist financing are always countered, without it being necessary to adopt new binding rules. We are beyond mere interpretation. And even more of the principle of restrictive interpretation, classically attached to the Repressive Law ...

2. Fort the effectiveness of the Compliance Law, definition become extremely broad. Thus, to follow the FATF, the definititon off a financial institution is as follows: "“Financial institution” as any natural or legal person who conducts as a business one or more of several specified activities or operations for or on behalf of a customer". This is more the definition of a company in Competition Law!footnote-1627....Why ? Because otherwise, an operator finds a status allowing him to escape the category and obligations listed. The principle of efficiency implies it. The principle of "legality", derived from criminal law, has hardly any existence. But this also corresponds to the general evolution of the financial world, in which one no longer stars from the organ (for example to be a"bank") but of activity, but from an activity or a fonction whose metamorphoses are so rapid that it is almost impossible to define them ....

3. In the same way, the definition of crypto-assets or crypto-currencies: "“Virtual asset” as a digital representation of value that can be digitally traded or transferred and can be used for payment or investment purposes. Virtual assets do not include digital representations of fiat currencies, securities, and other financial assets that are already covered elsewhere in the FATF Recommendations". This definition is purely operational because nothing can escape the FATF: all that is financial or monetary, whatever its form or support, its traditional form or a form that will be invented tomorrow, is within its competence and, through a such definition, is under national supervisors. In Compliance Law, and since everything is based on risk analysis, the idea is simple: nothing must escape obligations and supervision.

4. Platform apprehension is done by the criterion of activity, according to the "functional" method. Thus, its supervision, or even its regulation, and its obligations of compliance, will apply, depending on what it does, to the Financial Regulator (if it does ICO) or to others if it only uses tokens as an instrument of exchange. If it makes several uses, then it would fall under several Regulators (criterion ratione materiae).

5. The principle of "technological neutrality" is a classic principle in Telecommunications Law. Here we measure the interference between the principles of Telecommunications Law and Financial Law, which is logical because crypto-financial objects are born of digital technology. This neutrality allows both technological innovation to develop and supervision to be unhindered for not having foreseen an innovative technology appearing after the adoption of the legal text. Here again, the effectiveness of Compliance and risk management are served, without the innovation being thwarted, which is often opposed.

6. What is expected of national public authorities is a very wide "interregulation". This is both "positive". Indeed, this includes financial matters but also the security of networks, or the protection of consumers. It can be called equilibrium interregulation in that all goals converge. But this is also an "interregulation" that can be described as balance. Indeed, the FATF is concerned about the protection of personal data. However, it emphasizes that the effectiveness of the Compliance system must stop. But the protection of personal data is also a part of Compliance Law.... This is one of the major challenges in the future: the balance between security and the fight against global evils(here the fight against money laundering and terrorism) and the protection of the privacy of individuals, as both fall under Compliance, but both have opposite legal effects: one the transmission of information, and the other the secret of the information. 

____

Référence complète : Parachkévova, I., et Teller, M., (dir.) Quelles régulations pour l'économie collaborative ? Un défi pour le droit économique, Dalloz, coll. "Thèmes et commentaires", 2018, 202 p.

Lire la quatrième de couverture.

Lire le sommaire.

Référence complète : Derieux, E., Données à caractère personnel et communication publique . Règlement (UE) 2016/79 du 27 avril 2016 relatif à la protection des personnes physiques à l'égard du traitement des données à caractère personnel et à la libre circulation de ces données in Études en l'honneur du Professeur Jérôme Huet. Liber amicorum, LGDJ - Lextenso, 2017, pp. 127-138.

Consulter une présentation générale de l'ouvrage.

Les étudiants de Sciences po peuvent lire l'article via le Drive dans le dossier "MAFR - Régulation & Compliance".

Référence complète : Warusfel, B., La transversalité du droit du numérique, in Études en l'honneur du Professeur Jérôme Huet. Liber amicorum, LGDJ - Lextenso, 2017, pp. 411-423.

Consulter une présentation générale de l'ouvrage.

Les étudiants de Sciences po peuvent lire l'article via le Drive dans le dossier "MAFR - Régulation".

Référence complète : Seidowsky, O., Audits logiciels et conformité digitale, in Études en l'honneur du Professeur Jérôme Huet. Liber amicorum, LGDJ - Lextenso, 2017, pp. 329-338.

Consulter une présentation générale de l'ouvrage.

Les étudiants de Sciences po peuvent lire l'article via le Drive dans le dossier "MAFR - Régulation".