Feb. 8, 2025
MAFR TV : MAFR TV - Overhang
🌐suivre Marie-Anne Frison-Roche sur LinkedIn
🌐s'abonner à la Newsletter MAFR. Regulation, Compliance, Law
🌐s'abonner à la Newsletter Surplomb, par MAFR
____
► Référence complète : M.-A. Frison-Roche, "Qui est en charge de rendre effectif le dispositif de Compliance ? Plutôt l'entreprise ou plutôt l'Autorité publique ? Exemple des données : CE, 27 janvier 2025, B. c/ CNIL", in série de vidéos Surplomb, 8 févroer 2025
____
🌐visionner sur LinkedIn cette vidéo de la série Surplomb
____
____
🚧lire le document de travail bilingue sur la base duquel cette vidéo a été élaborée
____
► Résumé de ce Surplomb : Dans sa décision du 27 janvier 2025, le Conseil d'État eut à apporter une solution à un cas que les règles de Compliance applicable en matière de données n'avaient pas expressément prévu. Une personne qui estime qu'une autre a méconnu ses obligations imposées par le RGPD peut-elle saisir la CNIL et non pas le responsable de traitement ?
Le Conseil d'Etat estime que la question est claire, qu'il n'est pas utile de poser une question préjudicielle à la CJUE. En effet, les textes imposent à celui qui allègue la méconnaissance de son droit de se tourner d'abord vers le responsable du traitement pour que l'information soit effacée avant de saisir dans un second temps la CNIL. En outre, il s'agissait en l'espèce d'informations personnelles insérées par des médecins dans un rapport d'expertise versé dans une instance judiciaire. Le Conseil d'Etat approuve la CNIL d'avoir estimé qu'elle n'a pas à contrôler et à apprécier les éléments de preuve, ce qui relève de l'office du juge judiciaire.
L'on mesure ici que, si par ailleurs sur la base du droit d'alerte la saisine d'autorités administratives peut être directe, ici le spécifique l'emporte sur le général, l'esprit de la loi confiant la préservation directe des droits au responsable du traitement, la CNIL ne devant venir dans son office de supervision et de hashtag#sanction que dans un second stade. Cela illustre ce qu'est le Droit de la Compliance d'une façon plus générale, qui repose en premier lieu sur les opérateurs eux-mêmes. En outre, creuset de droits subjectifs divers, ici droit à l'hashtag#effacement mais aussi droit de verser des preuves aux débats, le Conseil d'Etat souligne que c'est ici l'office du juge judiciaire de veiller à la loyauté des débats.
____
🎬visionner ci-dessous cette vidéo de la série Surplomb⤵️
____
Feb. 5, 2025
Publications
🌐follow Marie-Anne Frison-Roche sur LinkedIn
🌐subscribe to the Newsletter MAFR Regulation, Compliance, Law
🌐subscribe to the Video Newsletter MAFR Surplomb
____
► Full Reference: M.-A. Frison-Roche, Who is responsible for making the Compliance provision effective? Is it the company or the public authority? Example of data: CE, 27 January 2025, B. c/ CNIL, Working Paper, February 2025.
____
🎤 This Working Paper was developed as a basis for the Overhang👁 video on 8 February 2025 : click HERE (in French)
____
🎬🎬🎬In the collection of the Overhangs👁 It falls into the News category.
►Watch the complete collection of the Overhangs👁 : click HERE
____
► Summary of this Working Paper: In its decision of 27 January 2025, B. v CNIL, the French Administrative Supreme Court (Conseil d'État ) had to provide a solution to a case that the Compliance rules applicable to data had not expressly provided for. Can a person who believes that another person has failed to fulfill their obligations under the GDPR refer the matter to the French Data Protection Regulator (CNIL) and not the data controller?
The Conseil d'État considers that the question is clear and that there is no point in referring a preliminary question to the ECJ. Indeed, the texts require the person alleging that his or her right has been infringed to first contact the data controller to have the information deleted before subsequently referring the matter to the CNIL. Furthermore, this case involved personal information inserted by doctors in an expert report submitted to a court. The Conseil d'Etat agreed with the CNIL that it was not required to review and assess the evidence, which is the role of the court.
This shows that, while the right to alert can be used to refer cases directly to the administrative authorities, here the specific takes precedence over the general, with the spirit of the Law entrusting the direct preservation of rights to the data controller, with the CNIL's supervisory and sanctioning role coming only at a later stage. This illustrates the more general nature of Compliance Law, which relies primarily on the operators themselves. Furthermore, as a melting pot of various subjective rights, in this case the right to erasure but also the right to contribute to the debates, the Conseil d'Etat stresses that it is the role of the judicial judge to ensure the fairness of the debates.
____
🔓read the developments below⤵️
Jan. 9, 2025
Thesaurus : 05. CJCE - CJUE
► Référence complète : CJUE, Première chambre, 9 janvier 2025, aff. C‑394/23, Mousse c/ CNIL et SNCF Connect
____
________
July 15, 2023
Newsletter MAFR - Law, Compliance, Regulation
♾️suivre Marie-Anne Frison-Roche sur LinkedIn
♾️s'abonner à la Newsletter MAFR Regulation, Compliance, Law
____
► Référence complète : M.-A. Frison-Roche, "Compliance & Contrat / lien entre Consentement et Volonté ; enjeu de responsabilité personnelle : CNIL, 15 juin 2023, Criteo", Newsletter MAFR Law, Compliance, Regulation, 15 juillet 2023.
____
📧Lire par abonnement gratuit d'autres news de la Newsletter MAFR - Law, Compliance, Regulation
____
🧱L'obligation légale de Compliance doit être exécutée grâce à des contrats, mais l'on ne peut s'en décharger par des contrats : CNIL, 15 juin 2023, Criteo
____
📧lire l'article ⤵️
March 15, 2023
Thesaurus : Doctrine
► Full Reference: I. Gavanon, "Data Protection Law in the Digital Economy Confronted to Monumental Goals", in M.-A. Frison-Roche (ed.), Compliance Monumental Goals, coll. "Compliance & Regulation", Journal of Regulation & Compliance (JoRC) and Bruylant, 2023, p. 137-146.
____
📘read a general presentation of the book, Compliance Monumental Goals, in which this article is published.
____
► Summary of the article:
________
Feb. 2, 2023
Thesaurus : Doctrine
► Full Reference: A. Linden, "Motivation et publicité des décisions de la formation restreinte de la Commission nationale de l’informatique et des libertés (CNIL) dans une perspective de compliance" ("Motivation and publicity of the decisions of the restricted committee of the French Personal Data Protection Commission (Commission nationale de l'informatique et des libertés-CNIL) in a compliance perspective"), in M.-A. Frison-Roche (ed.), La juridictionnalisation de la Compliance, coll. "Régulations & Compliance", Journal of Regulation & Compliance (JoRC) and Dalloz, 2023, p. 235-239.
____
📕read a general presentation of the book, La juridictionnalisation de la Compliance, in which this article is published
____
► Summary of the article (done by the Journal of Regulation and Compliance): In the event of a breach of the personal data protection rules, the restricted formation of the French personal data protection Commission (CNIL) pronounces fines, injunctions of "compliance" or calls to order. It can order the publication of these measures, which can be contested before the French High Administrative supreme court (Conseil d'État).
It is essential that these decisions be justified, not only in order to respect this principle of law but also concretely to obtain the public concerned, being very heterogeneous, understand them, the educational role of the CNIL also being applicable.
The principle of publicity is handled with nuance, the data controllers often requesting a closed door and, in fact, very few public attending the hearing. The publicity of decisions is in itself a sanction. The publication may moreover not be total or may only have a time, anonymization often allowing the balance between necessary pedagogy and preservation of interests, the CNIL taking great attention to the very modalities of publication, even if it cannot control the circulation and the media use which is then made of it.
_________
June 21, 2022
Thesaurus : Soft Law
Référence complète : Equinet : Pour une IA européenne protectrice et garante du principe de non-discrimination, Avis établissant des recommandations et des principes essentiels pour la future législation européenne portant sur l'intelligence artificielle, 21 juin 2022.
____
Sept. 23, 2021
Thesaurus
► Full Reference : A. Linden, "Motivation and publicity of the decisions of the Restricted formation of the French Data Protection Authority (Commission nationale de l'informatique et des libertés – CNIL) in a compliance perspective", in M.-A. Frison-Roche (ed.), Compliance Jurisdictionalisation, Journal of Regulation & Compliance (JoRC) and Bruylant, coll. "Compliance & Regulation", to be published.
____
📘read a general presentation of the book, Complinace Jurisdictionalisation, in which this article is published
____
► Summary of the article (done by the Journal of Regulation and Compliance): In the event of a breach of the personal data protection rules, the restricted formation of the French personal data protection Commission (CNIL) pronounces fines, injunctions of "compliance" or calls to order. It can order the publication of these measures, which can be contested before the French High Administrative supreme court (Conseil d'État).
It is essential that these decisions be justified, not only in order to respect this principle of law but also concretely to obtain the public concerned, being very heterogeneous, understand them, the educational role of the CNIL also being applicable.
The principle of publicity is handled with nuance, the data controllers often requesting a closed door and, in fact, very few public attending the hearing. The publicity of decisions is in itself a sanction. The publication may moreover not be total or may only have a time, anonymization often allowing the balance between necessary pedagogy and preservation of interests, the CNIL taking great attention to the very modalities of publication, even if it cannot control the circulation and the media use which is then made of it.
____
🦉This article is available in full text to those registered for Professor Marie-Anne Frison-Roche's courses
________
Oct. 1, 2020
Thesaurus : Soft Law
Full reference of the guidelines: Commission Nationale de l'Informatique et des Libertés (CNIL), Délibération n°2020-091 du 17 septembre 2020 portant adoption de lignes directrices relatives à l'application de l'article 82 de la loi du 6 janvier 1978 modifiée aux opérations de lecture et écriture dans le terminal d'un utilisateur (notamment aux "cookies et autres traceurs") et abrogeant la délibération n°2019-093 du 4 juillet 2019
Full reference of the recommendation: Commission Nationale de l'Informatique et des Libertés (CNIL), Délibération n°2020-092 du 17 septembre 2020 portant adoption d'une recommandation proposant des modalités pratiques de mise en conformité en cas de recours aux "cookies et autres traceurs".
Read the guidelines (in French)
Read the recommendation (in French)
Read the presentation of these guilines and of this recommendation by the CNIL (in French)
Read Marie-Anne Frison-Roche's comment about this in the Newsletter MAFR - Law, Regulation & Compliance of 1st of October 2020
Dec. 4, 2019
MAFR TV : MAFR TV - case
Regarder le film de 5 minutes sur le contenu, le sens et la portée de l'arrêt rendu par la première chambre civile de la Cour de cassation du 27 novembre 2019, M.X.A. c/ Google.
Cet arrêt casse l'arrêt de la Cour d'appel de Paris qui valide le non-déférencement, après que la CNIL a demandé l'interprétation des textes, notamment du RGPD, parce que le droit à l'oubli doit limiter l'exception ici invoquée, à savoir le droit à l'information, même s'il s'agit d'une décision pénale concernant un commissaire-aux-comptes, car il s'agit d'une affaire privée et non pas ce qui concerne l'exercice de sa profession réglementée coeur du système financier.
Oct. 16, 2019
Thesaurus : 03. Conseil d'Etat
Updated: Sept. 5, 2019 (Initial publication: April 30, 2019)
Publications
🌐 follow Marie-Anne Frison-Roche on LinkedIn
🌐subscribe to the Newsletter MAFR Regulation, Compliance, Law
____
► Full Reference: M.-A. Frison-Roche, L'apport du Droit de la Compliance dans la Gouvernance d'Internet (The contribution of Compliance Law to the Internet Governance), Report asked by the French Government, published the 15th of July 2019, 139 p.
___
► Report Summary. Governing the Internet? Compliance Law can help.
Compliance Law is for the Policy Maker to aim for global goals that they require to be achieved by companies in a position to do so. In the digital space built on the sole principle of Liberty, the Politics must insert a second principle: the Person. The respect of this One, in balance with the Freedom, can be required by the Policy Maker via Compliance Law, which internalises this specific pretention in the digital companies. Liberalism and Humanism become the two pillars of Internet Governance.
The humanism of European Compliance Law then enriches US Compliance law. The crucial digital operators thus forced, like Facebook, YouTube, Google, etc., must then exercise powers only to better achieve these goals to protect persons (against hatred, inadequate exploitation of data, terrorism, violation of intellectual property, etc.). They must guarantee the rights of individuals, including intellectual property rights. To do this, they must be recognized as "second level regulators", supervised by Public Authorities.
This governance of the Internet by Compliance Law is ongoing. By the European Banking Union. By green finance. By the GDPR. We must force the line and give unity and simplicity that are still lacking, by infusing a political dimension to Compliance: the Person. The European Court of Justice has always done it. The European Commission through its DG Connect is ready.
► 📓 Read the reporte (in French)
📝 Read the Report Summary in 3 pages (in English)
📝 Read the Report Summary in 6 pages (in English)
____
► Plan of the Report (4 chapters): an ascertainment of the digitization of the world (1), the challenge of civilization that this constitutes (2), the relations of Compliance mechanisms as it should be conceived between Europe and the United States, not to mention that the world is not limited to them, with the concrete solutions that result from this (3) and concrete practical solutions to better organize an effective digital governance, inspired by what is particularly in the banking sector, and continuing what has already been done in Europe in the digital field, which has already made it exemplary and what it must continue, France can be force of proposal by the example (4).
____
📝 Read the written presentation of the Report done by Minister Cédric O (in French).
____
💬 Read the interview published the 18 July 2019 : "Gouvernance d'Internet : un enjeu de civilisation" ( "Governing Internet: an Issue of Civilization"), given in French,
📻 Listen the Radio broadcast of July 21, 2019 during which its consequences are applied to the cryptocurrency "Libra" (given in French)
🏛 Presentation of the Report to the Conseil Supérieur de l'Audiovisuel- CSA (French Council of Audiovisual) on Septembre 5, by a discussion with its members presentation (in French)
💬 Read the Interview published the 20 December 2019 : "Le droit de la compliance pour réguler l'Internet" ("Compliance Law for regulate Internet"), given in French
____
read below the 54 propositions of the Report ⤵️