Full reference : Granier, C., The Normative originality of Compliance by Design, in Frison-Roche, M.-A. (ed.), Compliance Tools, serie "Régulations & Compliance", Journal of Regulation & Compliance and Bruylant, 2021, p. 287-298.
Summary of the article by Marie-Anne Frison-Roche: The author develops the idea that Compliance by design represents a "normative originality", in that it aims, through a complex relationship between the obligatory and the voluntary, to ensure the effectiveness of the "primary standards" contained in the "monumental goals" set by public authorities. The normativity of Compliance by design is original because these processes are situated since the implementation of technical processes, what is referred to by the expression "by design", which reinforces the Ex Ante dimension of Compliance Law, IT embedding this normativity in the structures themselves, by a marriage between technology and Compliance.
It results from that an "automatized" application of the norm, integrated in an IT program, which for example blocks the access to some data if the user has nor correctly expressed his or her consent, chain of events mechanically caused by the effect of previous events (or non-events) (as in smart-contracts), a whole functioning in total Ex Ante, outside any feared state sanction perspective, the constraint being reinstated in technical aptitude. This primacy of the technique asks the question of the interpretation of norms thus incorporated, question that the authors let opened because it could lead to machines which interpret themselves the norms.
This automatized application is presented as more "efficient", essential quality in the Compliance atmosphere since like that the norm does not depend on private actors and can benefit from their technical power. But we measure now the author of secondary technical norms inserts itself norms that should be only at the first level, the firm integrating its own practices and values, Compliance by design being related to auto regulation.
Moreover, the author shows that in the conception of the norm, in its design, the question is to designate the author of the norm's integration in the algorithm and the modalities of the integration. The author being intern to the firm, this would constitute a privatization of the norm, since the norm, even secondary, cannot be totally deprived of value's integration, Compliance overwhelming the organization of Law sources. In a situation that the author calls an "unknown", except that "jurists-coders" appear, the lawyer is disqualified by its technical inability because it is about a technological integration, the transfer of the legal toward the algorithm, by the translation in a coding and then by the integration in the IT architecture of the firm, transforming the legal rules. For example, through the choice of the severity of the mechanical sanction chosen at the secondary level to give effectivity to an interdiction educated at the primary level. The author shows thus that this effectivity control of primary level norms, effectivity control that is implemented at the second level, directly impacts primary level norms. For example, deciding to ask the authorization, or the expression of a consent, or forbidding the access, when a content has been reproved by a primary level norm which does not precise the mode of control of this reprobation that Compliance by design must associate to it. But Compliance by design being not an auto regulation, public authorities control its implementation, as did the CNIL (French Data Regulator) for Androïd. This type of control will be developed.