► Full Reference : E. Netter, "Les technologies de conformité pour satisfaire les exigences du droit de la compliance. Exemple du numérique" (Conformity technologies to meet the requirements of Compliance Caw. Digital example), in M.-A. Frison-Roche (dir.), L'obligation de Compliance, Journal of Regulation & Compliance (JoRC) and Dalloz, coll. "Régulations & Compliance", 2024, forthcoming.

 

____

📕read the general presentation of the book, L'obligation de Compliance, in which this contribution is published.

____

► English summary of this contribution (done by the Journal of Regulation & Compliance) :The author distinguishes between Compliance, which refers to Monumental Goals, and conformity, which are the concrete means that the company uses to tend towards them, through processes, check-lists in the monitoring of which the operator is accountable (art. 5.2. GRPD). Technology enables the operator to meet this requirement, as the changing nature of technology fits in well with the very general nature of the goals pursued, which leave plenty of room for businesses and public authorities to produce soft law.

The contribution focuses firstly on existing technologies. Through Compliance, Law can prohibit a technology or restrict its use because it runs counter to the goal pursued, for example the technology of fully automated decisions producing legal effects on individuals. Because it is a perilous exercise to dictate by law what is good and what is bad in this area, the method is rather one of explicability, i.e. control through knowledge by others.

Regulators are nevertheless developing numerous requirements stemming from the Monumental Goals of Compliance. Operators must update their technology or abandon obsolete technology in the light of new risks or to enable effective competition that does not lock users into a closed system. But technological power must not become too intrusive, as the privacy and freedom of the individuals concerned must be respected, which leads to the principles of necessity and proportionality.

The author stresses that operators must comply with the regulations by using certain technologies if these technologies are available, or even to counteract them if they are contrary to the goals of the regulations, but this obligation of conformity is applied only if these technologies are available. The notion of "available technology" therefore becomes the criterion of the obligation, which means that its content varies with circumstances and time, particularly in the area of cybersecurity.

In the second part of this contribution, the author examines technologies that are only potential, those that Law, and in particular the courts, might require companies to invent in order to fulfill their conformity obligation. This is quite understandable when we are talking about technologies that are in the making, but which will come to fruition, for example in the area of personal data transfer to satisfy the right to portability (GRPD), or where companies must be encouraged to develop technologies that are of less immediate benefit to them, or in the area of secure payment to ensure strong authentication (SPD 2).

This is more difficult for technologies whose feasibility is not even certain, such as online age verification or the interoperability of secure messaging systems, two requirements which appear to be technologically contradictory in their terms, and which therefore still come under the heading of "imaginary technology". But Compliance is putting so much pressure on companies, particularly digital technology companies, that considerable investment is required to achieve it.

The author concludes that this is the very ambition of Compliance and that the future will show how successful it will be. 

 

 

 

 

____

🦉This article is available in full texte for persons following Professor Marie-Anne Frison-Roche teaching.

________

La personnalité est certes abstraitement l’aptitude à être titulaire de droits et d’obligations, mais elle est aussi intime de l’être humain. Un système juridique de plus en plus soucieux de la vie, des corps et des être humains, concrétise la notion juridique de personne. Entre en balance la naturalité et l’artificialité de cette notion complexe de personne, à travers notamment le droit du corps humain, par exemple par la question de la maternité de substitution ou celle de l’identité sexuelle. Les personnes concrètes, analysées juridiquement en situation se voient reconnaitre des droits fondamentaux qui s’étendent et se multiplient et dont le cœur du système est « le droit au droit ». Mais les droits fondamentaux changent aussi de nature, en ce qu’ils se reconceptualisent à travers la catégorie des droits de l’homme altruistes.