The recent news

Nov. 1, 2020

Publications : Newsletter MAFR - Law, Compliance, Regulation

Full reference: Frison-Roche, M.-A., Due process and Personal Data Compliance Law: same rules, one Goal (CJEU, Order, October 29, 2020, Facebook Ireland Ltd v/ E.C.)Newsletter MAFR - Law, Compliance, Regulation, 1st of November 2020

Read by freely subscribing other news of the Newsletter MAFR - Law, Compliance, Regulation

Read Marie-Anne Frison-Roche's interview in Actu-juridiques about this decision (in French)


Summary of the news: 

As part of a procedure initiated for anti-competitive behaviors, the European Commission has three times requested, between the 13th of March and the 11th of November 2019, from Facebook the communication of information, reitarated in a decision in May 2020.  

Facebook contests it alleging that the requested documents would contain sensitive personal information that a transmission to the Commission would make accessible to a too broad number of observers, while "the documents requested under the contested decision were identified on the basis of wideranging search terms, (...) there is strong likelihood that many of those documents will not be necessary for the purposes of the Commission’s investigation". 

The contestation therefore evokes the violation of the principles of necessity and proportionality but also of due process because these probatory elements are collected without any protection and used afterwards. Moreover, Facebook invokes what would be the violation of a right to the respect of personal data of its employees whose the emails are transferred. 

The court reminds that the office of the judge is here constraint by the condition of emergency to adopt a temporary measure, acceptable by the way only if there is an imminent and irreversible damage. It underlines that public authorities benefit of a presumption of legality when they act and can obtain and use personal data since this is necessary to their function of public interest. Many allegations of Facebook are rejected as being hypothetical. 

But the Court analyzes the integrality of the evoked principles with regards with the very concrete case. But, crossing these principles and rights in question, the Court estimates that the European Commission did not respect the principle of necessity and proportionality concerning employees' very sensitive data, these demands broadening the circle of information without necessity and in a disproportionate way, since the information is very sensitive (like employees' health, political opinions of third parties, etc.). 

It is therefore appropriate to distinguish among the mass of required documents, for which the same guarantee must be given in a technique of communication than in a technic of inspection, those which are transferable without additional precaution and those which must be subject to an "alternative procedure" because of their nature of very sensitive personal data. 

This "alternative procedure" will take the shape of an examination of documents considered by Facebook as very sensitive and that it will communicate on a separate electronic support, by European Commission's agents, that we cannot a priori suspect to hijack law. This examination will take place in a "virtual data room" with Facebook's attorneys. In case of disagreement between Facebook and the investigators, the dispute could be solved by the director of information, communication and medias of the Directorate-General for Competition of the European Commission. 


We can draw three lessons from this ordinance: 

  1. This decision shows that Procedural Law and Compliance Law are not opposed. Some often say that Compliance guarantees the efficacy and that Procedure guarantees fundamental rights, the protection of the one must result in the diminution of the guarantee of the other. It is false. As this decision shows it, through the key notion of sensitive personal data protection (heart of Compliance Law) and the care for procedure (equivalence between communication and inspection procedures; contradictory organization of the examination of sensitive personal data), we see once again that two branches of Law express the same care, have the same objective: protecting people. 
  2. The judge is able to immediately find an operational solution, proposing "an alternative procedure" axed around the principle of contradictory and conciliating Commision's and Facebook's interests has shown that it was able to bring alternative solutions to the one it suspends the execution, appropriate solution to the situation and which equilibrate the interest of both parties. 
  3. The best Ex Ante is the one which anticipate the Ex Post by the pre-constitution of evidence. Thus the firm must be able to prove later the concern that it had for human rights, here of employees, to not being exposed to sanctioning pubic authorities. This Ex Ante probatory culture is required not only from firms but also from public authorities which also have to give justification of their action. 





Oct. 27, 2020

Publications : Newsletter MAFR - Law, Compliance, Regulation

Full reference: Frison-Roche, M.-A., From Competition Law to Compliance Law: example of French Competition Authority decision on central purchasing body in Mass DistributionNewsletter MAFR - Law, Compliance, Regulation, 27th of October 2020

Read by freely subscribing the other news of the Newsletter MAFR - Law, Compliance





Summary of the news: Through its decision of 22nd of October 2020, the Autorité de la concurrence (French Competition Authority) accepted the commitments proposed by retail sector's firms Casino, Auchan, Metro and Schiever so that their agreement by which a common body centralizes purchases from numerous retailers, allowing each to offer these products under private label, is admissible with regard to competitive requirements. 

In this particular case, the Authority had self-sized in July 2018, estimating that such a purchase center could harm competition, opening immediately a large consultation on the terms of the contract. In October 2018, the law Egalim permitted to the Authority to take temporary measures to suspend such a contract, what the Authority did from September. 

The convention parties' firms committed on the one hand to update their contract limiting the power on suppliers, especially small and very small suppliers, excluding totally of the field of the contract some kind of products, especially food products and reducing the share of bought products volume dedicated to their transformation in distributor brand. 

The Autorité de la concurrence accepts this proposal of commitments, congratulates itself of the protection of small suppliers operating like that and observe the similarity with the contract consisting in a purchase center between Carrefour and Tesco, which will be examined soon. 



We can draw three lessons of this innovating decision, which could be a model for after: 

1. The technique of Compliance Law permits to the Autorité de la concurrence to find a reasonable solution for the future. 

  • Indeed, rather than punishing much later by a simple fine or to annihilate the performing mechanism of the purchase center, the Authority obtains contract modifications. 
  • The contract is structured and the obtained modifications are also structural. 
  • The commitments are an Ex Ante technique, imposed to operators, for the future, in an equilibrium between competition, operators and consumers protection and the efficacy of the coordination between powerful operators. 
  • The nomination of a monitor permits to build the future of the sector, thanks to the Ex Ante nature of Compliance Law. 

2. The retail sector finally regulated by Compliance technics.

  • "Distribution law" always struggle to find its place, between Competition law and Contract Law, especially because we cannot consider it as a common "sector". 
  • The Conseil constitutionnel (French constitutional court) refused a structural injunction power to the authority because it was contrary to business freedom and without any doubt ethics of business is not sufficient to the equilibrium of the sector.
  • Through commitments given against a stop of pursuits relying on structuring contracts, it is by Compliance law that a Regulation law free of the condition of existence of a sector could leave.

3. The political nature of Compliance law in the retail sector

  • As for digital space, which is not a sector, Compliance law can directly impose to actors imperatives that are strangers to them. 
  • In the digital space, the care for fighting against Hate and for protecting private life; here the care for small and very small suppliers. 




See in counterpoints the pursuit of a contentious procedure against Sony, whose the proposals of commitments, made after a public consultation, were not found satisfying.

To go further, on the question of Compliance law permitting through indirect way the rewriting by the Conseil of a structuring contract (linking a platform created by the State to centralize health data with an American firm subsidy to manage them).

Oct. 22, 2020


Full reference: Frison-Roche, M.-A., "Health Data Hub est un coup de maître du Conseil d'Etat", interview realized by Olivia Dufour for Actu-juridiques, Lextenso, 22nd of October 2020

Read the news of 19th of October 2020 of the Newsletter MAFR - Law, Compliance, Regulation on which relies this interview: Conditions for the legality of a platform managed by an American company hosting European health data​: French Conseil d'Etat decision 

To go further, on the question of Compliance Law concerning Health Data Protection, read the news of 25th of August 2020: The always in expansion "Right to be Forgotten"​: a legitimate Oxymore in Compliance Law built on Information. Example of​ Cancer Survivors Protection 

Oct. 21, 2020

Teachings : Compliance Law

Imaginons une scène comme celle-ci :




Albert est votre meilleur ami. Il est encore étudiant. Le Droit, c’est sa passion.

Il suit à titre principal les cours donnés par l’Ecole de l’Innovation et du Savoir Ouvert, dans la Majeure qui porte sur question de l’Interdépendance Autopoïétique des systèmes référentiels globalisés. Cette école a obtenu que le Mastère dont il aura le titre en juin de l’année prochaine en passant un oral écrit lui permette de se présenter à l’examen pour devenir avocat.

Comme Albert est très sérieux, il travaille le mardi et le jeudi matin dans un cabinet d’avocat.

Cela lui plaît beaucoup.

D’autant plus qu’il a fait la connaissance de Gustave, qui est Avocat depuis 3 ans déjà et qui lui raconte plein d’histoires, d’où il résulte toujours qu’il a gagné, dans des dossiers pourtant bien difficiles, mais il maîtrise l’art de convaincre les jurés et le Code de procédure pénale « n’a plus de secret pour lui ». C’est ce qu’il lui raconte pendant le déjeuner qu’ils prennent souvent ensemble.

Ils ne déjeunent pas avec Maître Constant, qui est l’un des associés fondateurs du cabinet. Il est beaucoup trop important. D’ailleurs il n’est jamais disponible, car il passe son temps en réunion, en avion, en conférence ou bien on ne sait pas où il est … La vie des avocats, cela a ses secrets, aussi.

Au cours d’un déjeuner, Gustave semble manquer d’appétit. Lui toujours si content de lui qu’il dévore toujours le plat du jour… Il raconte à Albert qu’il avait trouvé un client en or, Damien ! Un peu voyant dans ses costumes, peut-être, mais tout le monde ne peut pas avoir l’élégance discrète des costumes bleu nuit de Maître Constant…. Damien lui a indiqué ce matin qu’il allait transférer de l’argent pour acheter les douaniers d’un port lointain et qu’il convenait, par sécurité juridique, que ces fonds passent par un compte CARPA, le sien. Gustave, encore frais de ses cours, avait bondi et dans un élan admirable, en faisant de grands gestes, - pour un peu il aurait pris sa robe qui était sur le porte-manteau -, avait évoqué Domat, Pothier, Cicéron, Motulsky, Kelsen, Thucydide ; de guerre lasse, et ne serait-ce que pour qu’il se taise, Damien avait déclaré ne plus vouloir rien faire, afin que tous ces individus ne déboulent pas chez lui…

Il est vrai que Damien n’était peut-être pas quelqu’un de très recommandable… Le Droit contraint-il pour autant Gustave, ou Albert, à alerter les autorités ?

Car des clients peu recommandables, les cabinets d’avocats en ont parfois. Mais choisit-on vraiment ses clients ? Par exemple, Maître Constant a reçu hier Olivia qui lui a exposé avoir transféré des informations défense d’un service, pourtant sécurisé où elle est compliance officer, vers un service administratif d’un pays lointain, en échange de quoi à la fois elle dispose de beaucoup d’argent frais, mais elle craint aussi pour sa vie.

Elle est venue demander à Maître Constant ce qui va se passer si la justice française lui demande des comptes avant qu’elle ne trouve refuge dans un autre pays lointain.

Maître Constant demande à Gustave, qui demande à Albert, qui vous demande, s’il doit raconter tout cela aux autorités publiques, ou s’il peut le faire.

Comme vous êtes l’ami d’Albert, vous allez l’aider à répondre à tout cela.

Oct. 20, 2020


Référence complète : Frison-Roche, M.-A., participation à la manifestation La Compliance, outil de l'Etat de Droit européen, EuropaNova, 20 octobre 2020, Paris.


Lire la présentation de la manifestation.

Oct. 19, 2020

Publications : Newsletter MAFR - Law, Compliance, Regulation

Full reference: Frison-Roche, M.-A., Conditions for the legality of a platform managed by an American company hosting European health data​: French Conseil d'Etat decisionNewsletter MAFR - Law, Compliance, Regulation, 19th of October 2020

Read by freely subscribing the other news of the Newsletter MAFR - Law, Compliance, Regulation



News Summary: In its ordinance of 13th of October 2020, Conseil national du logiciel libre (called Health Data Hub), the Conseil d'Etat (French Administrative Supreme Court) has determined the legal rules governing the possibility to give the management of sensitive data on a platform to a non-europeans firm, through the specific case of the decree and of the contract by which the management of the platform centralizing health data to fight against Covid-19 has been given to the Irish subsidiary of an American firm, Microsoft. 

The Conseil d'Etat used firstly CJEU case law, especially the decision of 16th of July 2020, called Schrems 2, in the light of which it was interpreted and French Law and the contract linking GIP and

The Conseil d'Etat concluded that it was not possible to transfer this data to United-Sates, that the contract could be only interpreted like this and that decree and contract's modifications secured this. But it observed that the risk of obtention by American public authorities was remaining. 

Because public order requires the maintenance of this platform and that it does not exist for the moment other technical solution, the Conseil d'Etat maintained the principle of its management by Microsoft, until a European operator is found. During this, the control by the CNIL (French Data Regulator), whose the observations has been taken into consideration, will be operated. 

We can retain three lessons from this great decision:

  • There is a perfect continuum between Ex Ante and Ex Post, because by a referred, the Conseil d'Etat succeed in obtaining an update of the decree, a modification of the contractual clauses by Microsoft and of the words of the Minister in order to, as soon as possible, the platform is managed by an European operator. Thus, because it is Compliance Law, the relevant time of the judge is the future. 
  • The Conseil d'Etat put the protection of people at the heart of its reasoning, what is compliant to the definition of Compliance Law. It succeeded to solve the dilemma: either protecting people thanks to the person to fight against the virus, or protecting people by preventing the centralization of data and their captation by American public authorities. Through a "political" decision, that is an action for the future, the Conseil found a provisional solution to protect people against the disease and against the dispossession of their data, requiring that an European solution is found. 
  • The Conseil d'Etat emphasized the Court of Justice of The European Union as the alpha and omega of Compliance Law. By interpreting the contract between a GIP (Public interest Group) and an Irish subsidy of an American group only with regards to the case law of the Court of Justice of European Union, the Conseil d'Etat shows that sovereign Europe of Data can be built. And that courts are at the heart of this. 



Read the interview given on this Ordinance Health Data Hub


To go further about the question of Compliance Law concerning health data protection, read the news of 25th of August 2020: The always in expansion "Right to be Forgotten"​: a legitimate Oxymore in Compliance Law built on Information. Example of​ Cancer Survivors Protection 


Oct. 15, 2020

Editorial responsibilities : Direction of the "Regulations & Compliance" series, JoRC & Dalloz

  • General reference : Frison-Roche, M.-A. (dir.), Les outils  de la Compliance, série "Régulations & Compliance", Journal of Regulation & Compliance (JoRC) et Dalloz, 2020, to be published.

In parallel, a book in english Compliance Tools, is published in the same collection. 

This book follows a cycle of conferences organized by the Journal of Regulation & Compliance and by its partner universities



This volume is the continuation of the books dedicated to Compliance in this collection.

Read the other books of the collection about Compliance:


Read the other titles of the collection.



General presentation of the book

The political dimension of Compliance Law lies in the goals it aims to achieve. To achieve them, the concern for these goals are internalized in "crucial operators", who will or not have to structure themselves and act to achieve "monumental goals" set by public authorities. These control the Ex Ante reorganization that this implies for these companies and sanction Ex Post the possible inadequacy of the companies. These therefore become transparent and show the Compliance tools effectively deployed to effectively achieve these goals.

These appear to be very diverse but their substantial unity (subject which will be the subject of a forthcoming book) makes it possible to study the tools put in place from a unique perspective, by not isolating them in a particular branch of Law, Criminal Law or International Law for example, but by measuring what is common to them, in particular anticipation, trust, commitment, responsibility. If the Compliance tools vary, it is rather not only according to the sectors, finance and banking appearing then as the advanced point of the general Compliance Law, for example in environmental matter, but also according to the countries and the banks. cultures. It is in fact about them that legal cultures seem to oppose.

The book aims to understand these "tools" by going beyond the description of each instrument, for which we already have a great many monographs, to analyze them through the issues of risks, required expertise, training, claims, sovereignty, incentive to act and mechanical aptitude of technologies. It is through these themes that are analyzed by the authors, experts in the field, compliance programs, whistleblowing, mapping, sanctions, extraterritoriality, etc.



Read the summary of the book


Read the foreword summarizing all the articles of the book. 

Read the presentations of the articles of the book :

























Oct. 15, 2020


Full reference: Frison-Roche, M.-A., Et si le secret de l’avocat était l’allié de la lutte contre le blanchiment ?, interview realized by Olivia Dufour for Actu-juridiques, Lextenso, 15th of October 2020

Read the interview (in French)

To go deeper on the place of the attorney in Compliance Law, read Marie-Anne Frison-Roche's working paper: The Attorney, Vector of Conviction in the New Compliance System