Nov. 1, 2020
Publications : Newsletter MAFR - Law, Compliance, Regulation
Full reference: Frison-Roche, M.-A., Due process and Personal Data Compliance Law: same rules, one Goal (CJEU, Order, October 29, 2020, Facebook Ireland Ltd v/ E.C.), Newsletter MAFR - Law, Compliance, Regulation, 1st of November 2020
Read by freely subscribing other news of the Newsletter MAFR - Law, Compliance, Regulation
Summary of the news:
As part of a procedure initiated for anti-competitive behaviors, the European Commission has three times requested, between the 13th of March and the 11th of November 2019, from Facebook the communication of information, reitarated in a decision in May 2020.
Facebook contests it alleging that the requested documents would contain sensitive personal information that a transmission to the Commission would make accessible to a too broad number of observers, while "the documents requested under the contested decision were identified on the basis of wideranging search terms, (...) there is strong likelihood that many of those documents will not be necessary for the purposes of the Commission’s investigation".
The contestation therefore evokes the violation of the principles of necessity and proportionality but also of due process because these probatory elements are collected without any protection and used afterwards. Moreover, Facebook invokes what would be the violation of a right to the respect of personal data of its employees whose the emails are transferred.
The court reminds that the office of the judge is here constraint by the condition of emergency to adopt a temporary measure, acceptable by the way only if there is an imminent and irreversible damage. It underlines that public authorities benefit of a presumption of legality when they act and can obtain and use personal data since this is necessary to their function of public interest. Many allegations of Facebook are rejected as being hypothetical.
But the Court analyzes the integrality of the evoked principles with regards with the very concrete case. But, crossing these principles and rights in question, the Court estimates that the European Commission did not respect the principle of necessity and proportionality concerning employees' very sensitive data, these demands broadening the circle of information without necessity and in a disproportionate way, since the information is very sensitive (like employees' health, political opinions of third parties, etc.).
It is therefore appropriate to distinguish among the mass of required documents, for which the same guarantee must be given in a technique of communication than in a technic of inspection, those which are transferable without additional precaution and those which must be subject to an "alternative procedure" because of their nature of very sensitive personal data.
This "alternative procedure" will take the shape of an examination of documents considered by Facebook as very sensitive and that it will communicate on a separate electronic support, by European Commission's agents, that we cannot a priori suspect to hijack law. This examination will take place in a "virtual data room" with Facebook's attorneys. In case of disagreement between Facebook and the investigators, the dispute could be solved by the director of information, communication and medias of the Directorate-General for Competition of the European Commission.
We can draw three lessons from this ordinance:
Oct. 27, 2020
Publications : Newsletter MAFR - Law, Compliance, Regulation
Full reference: Frison-Roche, M.-A., From Competition Law to Compliance Law: example of French Competition Authority decision on central purchasing body in Mass Distribution, Newsletter MAFR - Law, Compliance, Regulation, 27th of October 2020
Read by freely subscribing the other news of the Newsletter MAFR - Law, Compliance
Summary of the news: Through its decision of 22nd of October 2020, the Autorité de la concurrence (French Competition Authority) accepted the commitments proposed by retail sector's firms Casino, Auchan, Metro and Schiever so that their agreement by which a common body centralizes purchases from numerous retailers, allowing each to offer these products under private label, is admissible with regard to competitive requirements.
In this particular case, the Authority had self-sized in July 2018, estimating that such a purchase center could harm competition, opening immediately a large consultation on the terms of the contract. In October 2018, the law Egalim permitted to the Authority to take temporary measures to suspend such a contract, what the Authority did from September.
The convention parties' firms committed on the one hand to update their contract limiting the power on suppliers, especially small and very small suppliers, excluding totally of the field of the contract some kind of products, especially food products and reducing the share of bought products volume dedicated to their transformation in distributor brand.
The Autorité de la concurrence accepts this proposal of commitments, congratulates itself of the protection of small suppliers operating like that and observe the similarity with the contract consisting in a purchase center between Carrefour and Tesco, which will be examined soon.
We can draw three lessons of this innovating decision, which could be a model for after:
1. The technique of Compliance Law permits to the Autorité de la concurrence to find a reasonable solution for the future.
2. The retail sector finally regulated by Compliance technics.
3. The political nature of Compliance law in the retail sector
To go further, on the question of Compliance law permitting through indirect way the rewriting by the Conseil of a structuring contract (linking a platform created by the State to centralize health data with an American firm subsidy to manage them).
Oct. 22, 2020
Full reference: Frison-Roche, M.-A., "Health Data Hub est un coup de maître du Conseil d'Etat", interview realized by Olivia Dufour for Actu-juridiques, Lextenso, 22nd of October 2020
Read the news of 19th of October 2020 of the Newsletter MAFR - Law, Compliance, Regulation on which relies this interview: Conditions for the legality of a platform managed by an American company hosting European health data: French Conseil d'Etat decision
To go further, on the question of Compliance Law concerning Health Data Protection, read the news of 25th of August 2020: The always in expansion "Right to be Forgotten": a legitimate Oxymore in Compliance Law built on Information. Example of Cancer Survivors Protection
Oct. 21, 2020
Teachings : Compliance Law
Imaginons une scène comme celle-ci :
Albert est votre meilleur ami. Il est encore étudiant. Le Droit, c’est sa passion.
Il suit à titre principal les cours donnés par l’Ecole de l’Innovation et du Savoir Ouvert, dans la Majeure qui porte sur question de l’Interdépendance Autopoïétique des systèmes référentiels globalisés. Cette école a obtenu que le Mastère dont il aura le titre en juin de l’année prochaine en passant un oral écrit lui permette de se présenter à l’examen pour devenir avocat.
Comme Albert est très sérieux, il travaille le mardi et le jeudi matin dans un cabinet d’avocat.
Cela lui plaît beaucoup.
D’autant plus qu’il a fait la connaissance de Gustave, qui est Avocat depuis 3 ans déjà et qui lui raconte plein d’histoires, d’où il résulte toujours qu’il a gagné, dans des dossiers pourtant bien difficiles, mais il maîtrise l’art de convaincre les jurés et le Code de procédure pénale « n’a plus de secret pour lui ». C’est ce qu’il lui raconte pendant le déjeuner qu’ils prennent souvent ensemble.
Ils ne déjeunent pas avec Maître Constant, qui est l’un des associés fondateurs du cabinet. Il est beaucoup trop important. D’ailleurs il n’est jamais disponible, car il passe son temps en réunion, en avion, en conférence ou bien on ne sait pas où il est … La vie des avocats, cela a ses secrets, aussi.
Au cours d’un déjeuner, Gustave semble manquer d’appétit. Lui toujours si content de lui qu’il dévore toujours le plat du jour… Il raconte à Albert qu’il avait trouvé un client en or, Damien ! Un peu voyant dans ses costumes, peut-être, mais tout le monde ne peut pas avoir l’élégance discrète des costumes bleu nuit de Maître Constant…. Damien lui a indiqué ce matin qu’il allait transférer de l’argent pour acheter les douaniers d’un port lointain et qu’il convenait, par sécurité juridique, que ces fonds passent par un compte CARPA, le sien. Gustave, encore frais de ses cours, avait bondi et dans un élan admirable, en faisant de grands gestes, - pour un peu il aurait pris sa robe qui était sur le porte-manteau -, avait évoqué Domat, Pothier, Cicéron, Motulsky, Kelsen, Thucydide ; de guerre lasse, et ne serait-ce que pour qu’il se taise, Damien avait déclaré ne plus vouloir rien faire, afin que tous ces individus ne déboulent pas chez lui…
Il est vrai que Damien n’était peut-être pas quelqu’un de très recommandable… Le Droit contraint-il pour autant Gustave, ou Albert, à alerter les autorités ?
Car des clients peu recommandables, les cabinets d’avocats en ont parfois. Mais choisit-on vraiment ses clients ? Par exemple, Maître Constant a reçu hier Olivia qui lui a exposé avoir transféré des informations défense d’un service, pourtant sécurisé où elle est compliance officer, vers un service administratif d’un pays lointain, en échange de quoi à la fois elle dispose de beaucoup d’argent frais, mais elle craint aussi pour sa vie.
Elle est venue demander à Maître Constant ce qui va se passer si la justice française lui demande des comptes avant qu’elle ne trouve refuge dans un autre pays lointain.
Maître Constant demande à Gustave, qui demande à Albert, qui vous demande, s’il doit raconter tout cela aux autorités publiques, ou s’il peut le faire.
Comme vous êtes l’ami d’Albert, vous allez l’aider à répondre à tout cela.
Oct. 20, 2020
Référence complète : Frison-Roche, M.-A., participation à la manifestation La Compliance, outil de l'Etat de Droit européen, EuropaNova, 20 octobre 2020, Paris.
Oct. 19, 2020
Publications : Newsletter MAFR - Law, Compliance, Regulation
Full reference: Frison-Roche, M.-A., Conditions for the legality of a platform managed by an American company hosting European health data: French Conseil d'Etat decision, Newsletter MAFR - Law, Compliance, Regulation, 19th of October 2020
Read by freely subscribing the other news of the Newsletter MAFR - Law, Compliance, Regulation
News Summary: In its ordinance of 13th of October 2020, Conseil national du logiciel libre (called Health Data Hub), the Conseil d'Etat (French Administrative Supreme Court) has determined the legal rules governing the possibility to give the management of sensitive data on a platform to a non-europeans firm, through the specific case of the decree and of the contract by which the management of the platform centralizing health data to fight against Covid-19 has been given to the Irish subsidiary of an American firm, Microsoft.
The Conseil d'Etat used firstly CJEU case law, especially the decision of 16th of July 2020, called Schrems 2, in the light of which it was interpreted and French Law and the contract linking GIP and
The Conseil d'Etat concluded that it was not possible to transfer this data to United-Sates, that the contract could be only interpreted like this and that decree and contract's modifications secured this. But it observed that the risk of obtention by American public authorities was remaining.
Because public order requires the maintenance of this platform and that it does not exist for the moment other technical solution, the Conseil d'Etat maintained the principle of its management by Microsoft, until a European operator is found. During this, the control by the CNIL (French Data Regulator), whose the observations has been taken into consideration, will be operated.
We can retain three lessons from this great decision:
To go further about the question of Compliance Law concerning health data protection, read the news of 25th of August 2020: The always in expansion "Right to be Forgotten": a legitimate Oxymore in Compliance Law built on Information. Example of Cancer Survivors Protection
Oct. 15, 2020
Editorial responsibilities : Direction of the "Regulations & Compliance" series, JoRC & Dalloz
In parallel, a book in english Compliance Tools, is published in the same collection.
This volume is the continuation of the books dedicated to Compliance in this collection.
Read the other books of the collection about Compliance:
Read the other titles of the collection.
General presentation of the book
The political dimension of Compliance Law lies in the goals it aims to achieve. To achieve them, the concern for these goals are internalized in "crucial operators", who will or not have to structure themselves and act to achieve "monumental goals" set by public authorities. These control the Ex Ante reorganization that this implies for these companies and sanction Ex Post the possible inadequacy of the companies. These therefore become transparent and show the Compliance tools effectively deployed to effectively achieve these goals.
These appear to be very diverse but their substantial unity (subject which will be the subject of a forthcoming book) makes it possible to study the tools put in place from a unique perspective, by not isolating them in a particular branch of Law, Criminal Law or International Law for example, but by measuring what is common to them, in particular anticipation, trust, commitment, responsibility. If the Compliance tools vary, it is rather not only according to the sectors, finance and banking appearing then as the advanced point of the general Compliance Law, for example in environmental matter, but also according to the countries and the banks. cultures. It is in fact about them that legal cultures seem to oppose.
The book aims to understand these "tools" by going beyond the description of each instrument, for which we already have a great many monographs, to analyze them through the issues of risks, required expertise, training, claims, sovereignty, incentive to act and mechanical aptitude of technologies. It is through these themes that are analyzed by the authors, experts in the field, compliance programs, whistleblowing, mapping, sanctions, extraterritoriality, etc.
Read the summary of the book.
Read the foreword summarizing all the articles of the book.
Read the presentations of the articles of the book :
Oct. 15, 2020
Full reference: Frison-Roche, M.-A., Et si le secret de l’avocat était l’allié de la lutte contre le blanchiment ?, interview realized by Olivia Dufour for Actu-juridiques, Lextenso, 15th of October 2020
Read the interview (in French)
To go deeper on the place of the attorney in Compliance Law, read Marie-Anne Frison-Roche's working paper: The Attorney, Vector of Conviction in the New Compliance System