Pour lire en français le rapport et sa présentation, cliquer sur le drapeau français
Reference : Frison-Roche, M.-A., L'apport du Droit de la Compliance dans la Gouvernance d'Internet (The contribution of Compliance Law to the Internet Governance), Report asked by the French Government, published the 15th July 2019, 139 pages ; report fully translated in English later.
Report Summary. Governing the Internet? Compliance Law can help.
Compliance Law is for the Policy Maker to aim for global goals that they requires to be achieved by companies in a position to do so. In the digital space built on the sole principle of Liberty, the Politics must insert a second principle: the Person. The respect of this One, in balance with the Freedom, can be required by the Policy Maker via Compliance Law, which internalises this specific pretention in the digital companies. Liberalism and Humanism become the two pillars of Internet Governance.
The humanism of European Compliance Law then enriches US Compliance law. The crucial digital operators thus forced, like Facebook, YouTube, Google, etc., must then exercise powers only to better achieve these goals to protect persons (against hatred, inadequate exploitation of data, terrorism, violation of intellectual property, etc.). They must guarantee the rights of individuals, including intellectual property rights. To do this, they must be recognized as "second level regulators", supervised by Public Authorities.
This governance of the Internet by Compliance Law is ongoing. By the European Banking Union. By green finance. By the GDPR. We must force the line and give unity and simplicity that are still lacking, by infusing a political dimension to Compliance: the Person. The European Court of Justice has always done it. The European Commission through its DG Connect is ready.
Plan of the Report (4 chapters): an ascertainement of the digitization of the world (1), the challenge of civilization that this constitutes (2), the relations of Compliance mechanisms as it should be conceived between Europe and the United States, not to mention that the world is not limited to them, with the concrete solutions that result from this (3) and concrete practical solutions to better organize an effective digital governance, inspired by what is particularly in the banking sector, and continuing what has already been done in Europe in the digital field, which has already made it exemplary and what it must continue, France can be force of proposal by the example (4).
Read below the 54 propositions that conclude the Report.
1.Distinguish the US Compliance Law with local purpose but yet global effect, that we must criticize and against which we must react, from Compliance Law, here concerned with the digital, with a global effect because global purpose
2. Promote through a culture of Digital Compliance what is common in Western Law: the principle of Freedom and the principle of the Person
3. Promote and complete the construction of a Western Law and Culture of Compliance, appropriate to the digital world
4. Acknowledge the factual appropriation of data by some operators to react
5. Reject the abstract conception of "data" as neutral
6. Remain attached to the pragmatism of European Law which, in transparency of the "data", attaches "concerning the Person" to its concrete origin, its concrete use and the purpose of this use
7. Even if the circulation of the data is producted by a transmission order resulting from, for example, a Compliance system, it is still necessary that it does not run counter to the protection of the "person concerned" by the data to be transmitted.
8. Ask the organization that orders the forced circulation of data under a compliance program to prove that it does not "concern" a person, unless the person actually agrees
9. The use of Artificial Intelligence will enable the crucial digital operator to respect the obligation to show that the information it circulates and of which it is the guardian, does not "concern" a person
10. Express the second principle, the Person, through the effectiveness of their rights, articulated in the first principle of equal level: the principle of Freedom
11. Associate the population with the enactment of the Principle of Person through the effectiveness of their rights, articulated with the Principle of Freedom
12. Consult on "matters of principle", for example anonymity
13. Consult the population, consult the networks of jurisdictions and authorities, establish a high-level group of experts, without ever losing sight of the goal: a simple and intelligible principle = the Person through the effective respect of their rights
14. Organize regular meetings between the ECHR and the European Commission on the issue of digital "behaviors", leading to flexible law
15. Integrate jurisdictions and prosecutorial authorities from the outset, Ex Ante and Ex Post being a continuum
16. When a thing appears in violation of an intellectual property right, is reported to the operator, not only this operator must be forced to withdraw it (current positive law) but it still he must in Ex Ante do so that this thing no longer appears on the media, neither in itself nor in reference
17. Recognize crucial digital operators an autonomous Ex Ante power of withdrawal of any content or access contrary to the right of intellectual property, corresponding to an obligation of effectiveness of the intellectual property rights rendered ineffective by the digital
18. Confer such an Ex-Ante blocking power to crucial digital operators on access to content only by associating an immediate mechanism of release for the benefit of the owner of the right unlawfully blocked
19. Organize a deferred dispute for the benefit of the blocked person, who can seize a "trusted third party"
20. If the operator who refuses to insert the content or withdraws it in Ex Ante and persists in not inserting it or in withdrawing it, a litigation procedure may be opened at the request of the user, holder of the "right" access »
21. After a withdrawing by a crucial digital operator, this very fast ex post procedure must start with a request to restore visibility in the digital space, a request made to the digital operator
22. As in any Compliance Law, the aim - the effectiveness of the rights of the Person - can not constitute an obligation of result for the crucial digital operator
23. Only the structural obligation to organize for the effectiveness of intellectual property rights is an "obligation of result" for the crucial digital operators, efficient Ex Ante, regardless of the diligence of third parties
24. Develop the general category of "negative subjective rights" whose "right to be forgotten" is just an example (right not to be found)
25. Include in the obligations of means of crucial digital operators the task of educating Internet users to the proper use of tools for digital inclusion
26. Develop "negative subjective rights", such as the "right not to be misinformed", whose effectiveness must be immediate, through the Ex Ante intervention of operators who will not give false information
27. The fact of anonymity must be countered by the existence of the right of Persons to know who is addressed to them, anonymity becoming the exception
28. Create the subjective right to the real identity of the digital interlocutor, a subjective right whose crucial digital operators are accountable, which does not exclude anonymity but requires that this anonymity must be justified by the one who wants to take advantage of it
29. The subjective right to know who put the content is the basis of the fundamental subjective right to be able to answer it, falls under the rights of the defense, fundamental right sprayed by the digital, right which must be restored in principle
30. The right to moderation of the speeches of the other when there is an exchange is also a matter of the rights of the defense, because they are similar contents which are inserted; they must generate the same obligations for the crucial digital operator
31. Propose a combination of the exercise of an Ex Ante obligation to control comments that does not differ from obligations on content and an incentive to exercise "moderation" of comments, operated by humans in borderline cases , moderation lending itself to discussion
32. "Comments" must be subject to obligations of result and obligations of means of the same nature and scope as for the original messages
33. Affirm the principle for the crucial digital operators of custody of the information concerning the Persons; exceptions to this principle (making available to others, processing, etc.) must be justified
34. In borderline cases, some telecom operators may become crucial digital operators, becoming accountable for Content Compliance Law, due to massification or systematism of messages.
35. In principle, the private messaging activity does not warrant a compliance mechanism. It is by Ex Post processes and upon request of an alleged damage that the operator must be submitted regarding the message to the mechanism of Compliance
36. Concerning the imperative of effectiveness of the Principle of Person, put the notion of "endangering the person" at the same level as the notion of "putting the system at risk" in the systemic perspective of Compliance Law
37. For the effectiveness of the negative subjective right of Persons not to be endangered by the digital world, Compliance Law must provide crucial digital operators with the means to assist Public Authorities whose purpose is security. In this perspective public order and security is the mirror of this subjective right of persons
38. Recalling the distinction between truth and opinion, give crucial digital operators the general obligation to fight against false information
39. Not to renounce the ideal of education, leading to hatred no longer being felt, stealing the work of others is not desired, and solicit the help of crucial digital operators for this educational purpose of a political nature
40. Internalize by Compliance (obligation of means) education, both to fight against confinement (communitarianism) and isolation (especially geographical confinement)
41. Rely on the permanent and sometimes unique contact that crucial digital operators have with an isolated population for a more equal education, in connection with the public authorities
42. Use about critical digital operators the legal qualification, which is very common in Regulatory Sectorial Law, of a "second-level regulator" applied to the crucial operator who holds part of the system (for example, the transmission network or the financial place)
43. Second-level regulators derive their powers from Legislation and not from charters or their contractual relationship, and are supervised by a Public Supervisor.
44. Bring the Compliance obligations of crucial digital operators to their status as second-level regulators, their internal documents merely duplicating these obligations
45. If the subjective rights of the Person are not at stake, the crucial digital operators must be able to develop in Ex Ante by economic behaviors, notably in BtoB, under the supervision of a Public Authority and with regard to the purpose, supervision as an alternative to the lack of a traditional form of European industrial policy
46. At the same time that the power of the crucial digital operators is increased, so that they fulfill their new obligations of Compliance, compel them to the procedural obligations correlated to their Regulator status, making their increased power bearable
47. To take just one example, crucial digital operators, when acting as second-level regulators, must "show" their absence of "conflicts of interest", a common concern with the Regulatory Law and Compliance Law; when exercising a disciplinary power to perform their Compliance obligations, the operator must give to see its "impartiality" since it acts as a Tribunal, all of its decisions can be challenged in civil and criminal matters
48. On behalf of the European Commission, appointing DG Connect as supervisor of crucial digital operators, in the implementation of the effectiveness of the Principle of Person, is putting the human being at the center of the governance of the Internet and the digital industry market, not the periphery
49. Design DG Connect's powers on crucial digital operators by soft law (encouragement, support, help) in a continuum of visiting, collaboration, engagement, set prefiguring hard law, on models such as the relationships between the European Securities and Markets Authorities (ESMA) and rating agencies, for example.
50. Producing a European horizontal "cross-linking" allows information exchange between the ECHR and DG Connect to obtain a more unified and strongly European vision of a digital world civilized by public oversight Ex Ante and Ex Post
51. Give the European Prosecutor the power to forward a case for DG Connect to exercise supervisory power on behalf of the European Commission
52. As part of the "private enforcement", integrate the technique of launching the alert to DG Connect on the model of the French Act known as "Sapin 2" (2016), an example of a balance of effectiveness of Compliance Law, so that the DG does exercise its supervisory power
53. In the event of a concentration of crucial digital operators, devise a new legal technique, the "decisive opinion", formulated by DG Connect that DG Competition should adopt or refute in its examination of the merger envisaged, the "supervision" and "regulation" offices being reconciled as in banking merger rules
54. Without substantial change insert the legal system into the already very dense vertical interplay between the European level, the Regulators and National Authorities and their national networks, the secretariat of the meetings, events, even "positions taken" being ensured by the DG Connect