Full reference: Frison-Roche, M.-A., "Health Data Hub est un coup de maître du Conseil d'Etat", interview realized by Olivia Dufour for Actu-juridiques, Lextenso, 22nd of October 2020

Read the news of 19th of October 2020 of the Newsletter MAFR - Law, Compliance, Regulation on which relies this interview: Conditions for the legality of a platform managed by an American company hosting European health data​: French Conseil d'Etat decision 

To go further, on the question of Compliance Law concerning Health Data Protection, read the news of 25th of August 2020: The always in expansion "Right to be Forgotten"​: a legitimate Oxymore in Compliance Law built on Information. Example of​ Cancer Survivors Protection 

Full reference: Frison-Roche, M.-A., Conditions for the legality of a platform managed by an American company hosting European health data​: French Conseil d'Etat decision, Newsletter MAFR - Law, Compliance, Regulation, 19th of October 2020

Read by freely subscribing the other news of the Newsletter MAFR - Law, Compliance, Regulation

___

News Summary: In its ordinance of 13th of October 2020, Conseil national du logiciel libre (called Health Data Hub), the Conseil d'Etat (French Administrative Supreme Court) has determined the legal rules governing the possibility to give the management of sensitive data on a platform to a non-europeans firm, through the specific case of the decree and of the contract by which the management of the platform centralizing health data to fight against Covid-19 has been given to the Irish subsidiary of an American firm, Microsoft. 

The Conseil d'Etat used firstly CJEU case law, especially the decision of 16th of July 2020, called Schrems 2, in the light of which it was interpreted and French Law and the contract linking GIP and

The Conseil d'Etat concluded that it was not possible to transfer this data to United-Sates, that the contract could be only interpreted like this and that decree and contract's modifications secured this. But it observed that the risk of obtention by American public authorities was remaining. 

Because public order requires the maintenance of this platform and that it does not exist for the moment other technical solution, the Conseil d'Etat maintained the principle of its management by Microsoft, until a European operator is found. During this, the control by the CNIL (French Data Regulator), whose the observations has been taken into consideration, will be operated. 

We can retain three lessons from this great decision:

• There is a perfect continuum between Ex Ante and Ex Post, because by a referred, the Conseil d'Etat succeed in obtaining an update of the decree, a modification of the contractual clauses by Microsoft and of the words of the Minister in order to, as soon as possible, the platform is managed by an European operator. Thus, because it is Compliance Law, the relevant time of the judge is the future. 
• The Conseil d'Etat put the protection of people at the heart of its reasoning, what is compliant to the definition of Compliance Law. It succeeded to solve the dilemma: either protecting people thanks to the person to fight against the virus, or protecting people by preventing the centralization of data and their captation by American public authorities. Through a "political" decision, that is an action for the future, the Conseil found a provisional solution to protect people against the disease and against the dispossession of their data, requiring that an European solution is found. 
• The Conseil d'Etat emphasized the Court of Justice of The European Union as the alpha and omega of Compliance Law. By interpreting the contract between a GIP (Public interest Group) and an Irish subsidy of an American group only with regards to the case law of the Court of Justice of European Union, the Conseil d'Etat shows that sovereign Europe of Data can be built. And that courts are at the heart of this. 

___________

Read the interview given on this Ordinance Health Data Hub

To go further about the question of Compliance Law concerning health data protection, read the news of 25th of August 2020: The always in expansion "Right to be Forgotten"​: a legitimate Oxymore in Compliance Law built on Information. Example of​ Cancer Survivors Protection 

Full reference: CJEU, Grand Chamber, 6th of October 2020, Privacy International c/ Secretary of State for Foreign and Commonwealth Affairs, C-623/17.

Read the judgment 

Read the summary of the judgment (in French)

Read the opinion of the Advocate General 

Read the reference for a preliminary ruling from the Investigatory Powers Tribunal - London (United Kingdom)

Full reference of the guidelines: Commission Nationale de l'Informatique et des Libertés (CNIL), Délibération n°2020-091 du 17 septembre 2020 portant adoption de lignes directrices relatives à l'application de l'article 82 de la loi du 6 janvier 1978 modifiée aux opérations de lecture et écriture dans le terminal d'un utilisateur (notamment aux "cookies et autres traceurs") et abrogeant la délibération n°2019-093 du 4 juillet 2019 

Full reference of the recommendation: Commission Nationale de l'Informatique et des Libertés (CNIL), Délibération n°2020-092 du 17 septembre 2020 portant adoption d'une recommandation proposant des modalités pratiques de mise en conformité en cas de recours aux "cookies et autres traceurs". 

Read the guidelines (in French)

Read the recommendation (in French)

Read the presentation of these guilines and of this recommendation by the CNIL (in French) 

Read Marie-Anne Frison-Roche's comment about this in the Newsletter MAFR - Law, Regulation & Compliance of 1st of October 2020

Full reference: Frison-Roche, M.-A., Responding to an email with "serious anomalies"​,transferring personal data, blocks reimbursement by the bank: French Cour de cassation, July 1st 2020, Newsletter MAFR - Law, Compliance, Regulation, 10th of September 2020

Read by freely subscribing other news of the Newsletter MAFR - Law, Compliance, Regulation

Summary of the news

"Phishing" is a kind of cyber criminality aiming to obtain, by sending fraudulent emails which look like to those sent by legitimate organisms, recipient's personal information in order to impersonate or steal him or her. As it is difficult to find the authors of "phishing" and to prove their intentionality in order to punish them directly, on mean to fight against "phishing" could be to entitle banks to secure their information network and, to accompany this obligation with a strong incentive, to convict them to reimburse the victims in case of robbery of their personal data.  

In 2015, a client victime of this kind of fraud asked to his bank, the Crédit Mutuel, to reimburse him the amount stole, what the bank refused to do on the grounds that the client committed a fault, transferring its confidential information without checking the email, however grossly counterfeit. The Court of first instance gave reason to the client because although he committed this fault, he was in good faith. This judgment was broken by the Chambre commerciale de la Cour de cassation (French Judicial Supreme Court) by a decision of 1st of July 2020 which states that this serious negligence, exclusive of any consideration of good faith, justifies the absence of reimbursement by the bank.

___

From this particular case, we can draw three lessons: 

1. The Cour de Cassation states that good faith is not a salient criterion and that, as the bank must react when a banking account is objectively abnormal, the client must react face to an obviously abnormal email. 
2. The Cour de Cassation describes the repartition of proof burden. Proof obligations are alternatively distributed between the bank and its client. First, the bank must secure its information network but, secondly, the client must take every reasonable measure to preserve its safety. It results from this that, if the email seems normal, phishing damages must be supported by the bank, and more generally of by the firm, while if the email is obviously abnormal, they must be supported by the client, but the burden to prove the abnormality of the email must be supported by the firm and not by the client. 
3. Such a proof system shows that Compliance Law includes a pedagogic mission by educating each client in order to he or she would be able to distinguish among his or her emails, those which are normal and those which are obviously suspect. This pedagogic dimension, with the legal consequences associated to it, will not stop to spread. 

______

Full reference: Frison-Roche, M.-A., For regulating or supervising, technical competence is required: example of the French creation of the "Pôle d'expertise de la régulation numérique"​, Newsletter MAFR - Law, Regulation, Compliance, 2nd of September 2020

Lire par abonnement gratuit d'autres news de la Newsletter MAFR - Law, Regulation, Compliance

Summary of the news

Through a decree of 31st of August 2020, the government created a national service, the "Pôle d'expertise de la régulation numérique" (digital regulation expertise pole). It has to furnish to State services a technical expertise in computer science, data science and algorithm processes in order to assist them in their role of control, investigation and study. The aim is to favor information sharing between researchers and State services in charge of regulating digital space. 

As its acronym indicates, this pole of expertise aims to represents constance in a changing world. Moreover, more than being a national service, this organism must adopt a transversal dimension, its creation decree being signed by the Prime Minister, Minister of Economy, Minister of Culture and Minister of Digital Transition. The creation of such a pole shows the awareness of the government of the importance of technical competency in the regulation of digital space and of the necessity to centralize these expertises in one organ. 

However, as the decree indicates, this pole of expertise could be consulted only by "State services", that excludes regulators which are independent from the State and which could put the pole in conflict of interest, and courts even if they are supposed to play a central role in the regulation of digital space and even if they are allowed to ask the advice of the regulator about some cases. But if regulators cannot size the pole, to whom does it benefit except the legislator and a few officials? 

It would therefore have been better for this pole of expertise to be placed under the direction of regulatory and supervisory bodies, which would have enabled it to be able to be consulted both by regulators and by judges, both of whom are key players in digital regulation.

Full reference: Frison-Roche, M.-A., Compliance by Design, a new weapon? Opinion of Facebook about Apple new technical dispositions on Personal Data protection, Newsletter MAFR - Law, Compliance, Regulation, 31st of August 2020

Read by freely subscribing other news of the Newsletter MAFR - Law, Compliance, Regulation

Summary of the news:

Personal Data, as they are information, are Compliance Tools. They represent a precious resource for firms which must implement a vigilance plan in order to prevent corruption, money laundering or terrorism financing, for examples. It is the reason why personal data are the angular stone of "Compliance by design" systems. However, the use of these data cannot clear the firm of its simultaneous obligation to protect these same personal data, that is also a "monumental goal" of Compliance Law. 

In order to be able to exploit these data in an objective of Compliance and protecting them in the same time, the digital firm Apple adopted for example new dispositions in order to the exploitation of the Identifier For Advertisers (IDFA) integrated in the iPad and in the iPhone and broadly used by targeted advertising firms, is conditioned to the consumer's consent.

Facebook reacted to this new disposition explaining that such measures will restrict the access to data for advertisers who will suffer from that. Facebook suspects Apple to block the access to advertisers in order to develop its own advertising tool. Facebook guaranteed to advertisers who work with it that it will not take similar measures and that it will always favor consultation before decision making in order to concile sometimes divergent interests. 

We can sleep and already make some remarks:

• GDPR imposing to companies that they guarantee a minimal level of protection for personal data does not apply in the United-States. It is then possible that Apple acted through Corporate Social Responsibility (CSR), more than through legal obligation. 
• The mode of regulation used here is the "conversational regulation" theorized by Julia Black. Indeed, regulators let the forces in presence discuss. 
• This "conversational regulation" does not seem to be very efficient in this case and an intervention of administrative authorities or of judges could be justified via Competition Law, Regulation Law or Compliance Law, knowing that Competition Law will favor access right to information and Regulation or Compliance Law private life right. 

The whole paradox of Compliance Law rests in the equilibrium between circulation of information and secret. 

Full reference: Frison-Roche, M.-A., "Interregulation"​ between Payments System and Personal Data Protection: how to organize this "interplay"​?, Newsletter MAFR - Law, Compliance, Regulation, 27th of August 2020

Read by freely subscribing the other news of the Newsletter MAFR - Law, Compliance, Regulation

Summary of the news

Regulation Law, in order to recognize and draw the consequences from the specificities of some objects, has been build, at the start, around the notion of "technical sector" although their delimitation is partially related to a political choice. But, in facts, there are multiple points of contacts between sectors, actors moving from one to another as objects. The regulatory solution is so to climb over some technical borders through the methodology of interregulation which is by the way the only one to enable the regulation of some phenomena going beyond the notion of sector and related to Compliance Law. 

This news takes the exemple of companies furnishing new payment services. In order to they can provide these services, these firms needs to access to banking accounts of concerned people and so to very sensitive personal data. Regulation of such a configuration needs a cooperation between the banking regulator and the personal data regulator. Legislation being not sufficient to organize in Ex Ante this interregulation, the European Data Protection Board has published some guidelines on 17th of July 2020 about the way it conceives the articulation between the PSD2 (European directive about payment services) and GDPR and has announced that it intended to expand the circle of its interlocutors to do this interregulation. Such an initiative from EDPB can be justified by the uncertainty  about how interpreting both texts and articulating them.   

Full reference: Frison-Roche, M.-A., Being obliged by Law to unlock telephone is not equivalent to self-incrimination: Cour de cassation, Criminal Chamber, Dec. 19, 2019, Newsletter MAFR - Law, Compliance, Regulation, 21st of August 2020

Read by freely subscribing the other news of the Newsletter MAFR - Law, Compliance, Regulation

Summary of the news

The Cour de Cassation (French Supreme Judicial Court) made a decision on 19th of December 2019 about a case concerning a refusal to communicate his mobile phone's unlock code to the police while the police found him with a significant quantity of narcotic and a lot of cash and that there was a certain probability that this mobile phone get proofs of culpability of its owner. The individual was indicted not for narcotic trafficking but for not having communicate its unlock code which constitute an offense to article 434-15-2 of code pénal, from the loi du 3 juin 2018 renforçant la lutte contre la criminalité organisée, et le terrorisme et leur financement (law reinforcing organized crime, terrorisme and their financing).

The accused invokes before the court its right to not incriminate oneself. Indeed, the configuration face to policemen was such that if he refused to communicate its unlock code, he will be punished because of this obligation to communicate his code and that if he accepted, he will also be sanctioned because of the proofs contained into the mobile phone. Such a configuration therefore offered him no alternative to confessing, which is contrary to the European Convention on Human Rights and to European and national jurisprudence.

Face to such a case, the Cour de Cassation chose to segment the information and proposed the following solution: if the researched information cannot be obtained regardless of the suspect willingness, it is not possible to constraint this person to communicate this information without violating its procedural rights, but if the information can be obtained regardless of the suspect willingness then the individual is obliged to communicate his code. In the current case, as it was possible for policemen to obtain information contained in the phone by technical means, longer but existent, then the refuse of communication of the unlock code by the suspect constitute an obstruction that should be sanctioned. 

Such a decision is an exemple of the conciliation by the judge of two fundamental but contradictory "monumental goals" of Compliance Law: transparency of information towards public authorities and very sensible personal data protection. 

​To go further, read Marie-Anne Frison-Roche's working paper: Rethinking the world from the notion of data

Full reference: Féral-Schuhl, C., Cyberdroit. Le Droit à l'épreuve de l'internet, Collection Praxis Dalloz, Dalloz, 8th edition, 2020, 1731p.

Read the forth of cover (in French)

Read the table of contents (in French)

The Finance Bill has proposed to the Parliament to vote an article 57 whose title is: Possibilité pour les administrations fiscales et douanières de collecter et exploiter les données rendues publiques sur les sites internet des réseaux sociaux et des opérateurs de plateformes (translation: Possibility for the tax and customs administrations to collect and exploit the data made public on the websites of social networks and platform operators).

Its content is as is in the text voted on in the National Assembly as follows:

"(1) I. - On an experimental basis and for a period of three years, for the purposes of investigating the offenses mentioned in b and c of 1 of article 1728, in articles 1729, 1791, 1791 ter, in 3 °, 8 ° and 10 ° of article 1810 of the general tax code, as well as articles 411, 412, 414, 414-2 and 415 of the customs code, the tax administration and the customs administration and indirect rights may, each as far as it is concerned, collect and exploit by means of computerized and automated processing using no facial recognition system, freely accessible content published on the internet by the users of the online platform operators mentioned in 2 ° of I of article L. 111-7 of the consumer code.

(2) The processing operations mentioned in the first paragraph are carried out by agents specially authorized for this purpose by the tax and customs authorities.

(3) When they are likely to contribute to the detection of the offenses mentioned in the first paragraph, the data collected are kept for a maximum period of one year from their collection and are destroyed at the end of this period. However, when used within the framework of criminal, tax or customs proceedings, this data may be kept until the end of the proceedings.

(4) The other data are destroyed within a maximum period of thirty days from their collection.

(5) The right of access to the information collected is exercised with the assignment service of the agents authorized to carry out the processing mentioned in the second paragraph under the conditions provided for by article 42 of law n ° 78-17 of January 6, 1978 relating to data processing, the files and freedoms.

(6) The right to object, provided for in article 38 of the same law, does not apply to the processing operations mentioned in the second paragraph.

(7) The terms of application of this I are set by decree of the Council of State.

(8) II. - The experiment provided for in I is the subject of an evaluation, the results of which are forwarded to Parliament as well as to the National Commission for Data Protection at the latest six months before its end. "

This initiative provoked many comments, rather reserved, even after the explanations given by the Minister of Budget to the National Assembly.

What to think of it legally?

Because the situation is quite simple, that is why it is difficult: on the one hand, the State will collect personal information without the authorization of the persons concerned, which is contrary to the very object of the law of 1978 , which results in full disapproval; on the other hand, the administration obtains the information to prosecute tax and customs offenses, which materializes the general interest itself.

So what about it?

Read below.

►  Complete reference : Frison-Roche, M.-A., Having a good behavior in the digital space, working paper, April 2019.

____

📝  This working document serves as a basis for a contribution to the collective book dedicated to Professor Michel Vivant, article written en French.

Summary: The jurist sees the world through the way he learns to speak!footnote-1536, legal vocabulary build by Law itself, whether in common law or in civil law. Thus, we think we are dealing with the human being who does not move, taken by the legal notion expressed by the term "person", their body and their biological development in time, from the birth to the death, holding entirely in this hollow of that word "person", while the behavior of the human being with regard to the world, others and things, are grouped in other branches of Law: the Contract and Tort Law and the Property Law, which are only what people do with and about things.

The Law of the Environment has already come to blur this distinction, so finally so strange because this classical conception refers to a person taken firstly in his immobility (Law of individuals), and then in his only actions (Contrats and Tort Law, Property Law). Indeed, the very notion of "environment" implies that the person is not isolated, that he/she is "surrounded", that he/she is what he/she is and will become because of what surrounds him/her ; in return the world is permanently affected by his/her personal action. On second thought, when once "Law of Individuals" was not distinguished from Family Law, the human being was more fully restored by this division in the legal system that not only followed him/her from birth to death but also in him/her most valuable interactions: parents, siblings, couples, children. Thus Family Law was finer and more faithful to what is the life of a human being.

To have instituted Law of Individuals, it is thus to have promoted of the human being a vision certainly more concrete, because it is above all of their identity and their body about what Law speaks, astonishing that we have not noticed before that women are not men like the others. To have instituted the Law of the people, it is thus to have promoted of the human being a vision certainly more concrete, because it is above all of his identity and his body that one speaks to us, astonishing that the we have not noticed before that women are not men like the others!footnote-1537 without however remembering that abstraction is sometimes the best of protections!footnote-1538.  But it is also to have isolated human beings, split from what they do, what they touch, what they say to others. It is by taking legally a static perception of a "man without relationship". We have gone from the legal individualism of the Law of the sole man.

From this concrete vision, we have all the benefits but Law, much more than in the eighteenth century, perceives the human being as an isolated subject, whose corporeality ceases to be veiled by Law!footnote-1570, but for whom the relation to others or to things does not define him or her. Which brings the human being a lot closer to things. An human being who is a legal subject who does what they wants, as they can, limited by the force of things. But in fact things are so powerful and the human being, in fact, so weak. For example, the marks people leave are erased by time. Their grip on the world stops at the extent of their knowledge, the time and money they have, building to use better their own time and to reach projects that they designed, In this conception, Person and Liberty are one, returning the subject to their solitude.

This freedom will come into conflict with the need for order, expressed by society, social contract, state, law, which imposes limits on freedom of one to preserve freedom of the other, as recalled by the French Déclaration des Droits de l'Homme  of 1789. Thus, it is not possible de jure to transform every desire in action,, even though the means would be within reach of the person in question, because certain behaviors are prohibited in that they would cause too much disorder and if they are nevertheless committed, they are punished for order to return. Thus, what could be called "law of behavior", obligations to do and not to be put in criminal, civil and administrative Law, national and international Law, substantial Law and procedural Law :they will protect the human being in movment pushed by the principle of freedom forward others and thing, movement inherent in their status as a Person. 

The human being is therefore limited in what they want to do. In the first place by the fact: their exhausting forces, their death that will come, the time counted, the money that is lacking, the knowledge that they does not even know not holding, all that is to say by their very humanity; Secondly, by the Law which forbids so many actions ...: not to kill, not to steal, not to take the spouse of others, not to pass as true what is false, etc. For the human being on the move, full of life and projects, Law has always had a "rabat-joy" side. It is for that reason often ridiculous and criticized because of all its restraining regulations, even hated or feared in that it would prevent to live according to our desire, which is always my "good pleasure", good since it is mine. Isolated and all-powerful, the human being alone not wanting to consider other than its desire alone.

Psychoanalysis, however, has shown that Law, in that it sets limits, assigns to the human being a place and a way of being held with respect to things and other persons. If one no longer stands themselves by the prohibition of the satisfaction of all desire (the first of which is the death of the other), social life is no longer possible!footnote-1571. Thank to the Law, everyone follows the same Rule at the table, from which a discussion can take place between guests and without which it can not!footnote-1539. You stand straight in your chair, you do not eat with your fingers, you do not speak with your mouth full, you do not interrupt the speaker. Admittedly, one often learns at the beginning of the learning of the Law that one should not confuse "politeness" and Law. That these rules are politeness and that this is not Law ...

But this presentation aims to make it possible to admit that the criterion of Law would be in the effectiveness of a sanction by the public power: the fine, the prison, the confiscation of a good, which the rudeness does not trigger whereas Law would imply it: by this way we are thus persuaded of the intimacy between the public power (the State) and Law... But later, after this first lesson learned, the doubt comes from the consubstansuality between Law and State. Is it not rather appropriate to consider that Law is what must lead everyone to "behave well" with regard to things and people around them? The question of punishment is important, but it is second, it is not the very definition of Law. The French author Carbonnier pointed out that the gendarme's "kepi" is the "Law sign", that is to say what it is recognized without hesitation, but it is not its definition.

The first issue dealt with by Law is then not so much the freedom of the person as the presence of others. How to use one's freedom and the associated deployment of forces in the presence of others? How could I not using it when I would like to harm them, or if the nuisance created for them by the use of my free strength is indifferent to me!footnote-1540 How can Law lead me to use my means for their benefit while our interests do not converge? 

We do not use our force against others because we have interest or desire, we do not give him the support of our strength while he indifferent us, because Law holds us. If the superego was not enough. If Law and the "parental function of the States" did not make alliance. We do it because we hold ourselves

Or rather we were holding ourselves.

Because today a new world has appeared: the digital world that allows everyone not to "hold" himself, that is to say to constantly abuse others, never to take them into consideration, to attack massively. It's a new experience. It is not a pathological phenomenon, as is delinquency (which simply leads to punishment), nor a structural failure in a principle otherwise admitted (which leads to regulatory remedies) but rather a new use, which would be a new rule: in the digital space, one can do anything to everyone, one is not held by anything or anyone, one can "let go" (I). This lack of "good behavior" is incompatible with the idea of ​​Law, in that Law is made for human beings and protect those who can not afford to protect themselves; that is why this general situation must be remedied  (II).

Même si l'expression de "régulation du numérique" est extrêmement courante, elle ne va pas du tout de soi, si l'on respecte le sens précis des mots. L'idée même de réguler cet espace contredit son origine, des principes américains - comme la liberté d'expression, ou des soucis économiques - comme l'innovation, qui renvoie plutôt vers l'Ex Post que vers l'Ex Ante auquel est toujours associé le Droit de la Régulation. En outre, le numérique peut être difficilement qualifié de "secteur", ce qui paraît mener à une impasse. 

C'est pourquoi pour l'instant en premier lieu l'on s'appuie sur l'efficacité relative mais non inexistante de l'Ex Post, du droit pénal et du droit civil mais surtout l'on fait mener en première ligne le Droit de la concurrence, à la fois dans son utilisation Ex Post de mesures comportementales (obligation d'accès notamment) et dans sa partie Ex Ante qu'est le contrôle des concentrations. En outre les Régulateurs sectoriels ne sont pas arrêtés par l'immatérialité du numérique et utilisent leur pouvoir de sanction, notamment quant à l'usage des données.

Car c'est autout de la notion de "donnée" qu'une "gouvernance" pourrait prendre forme en matière numérique. Il pourrait s'agit d'internaliser dans des opérateurs numériques, en tant qu'ils tiennent mondialement le secteur, des obligations pour autrui, en trouvant un juste milieu entre une "Régulation à la californienne" basée sur des consentements mécaniques et une "Régulation à la chinoise" dans laquelle l'Etat tient tout. 

Pour cela, de la même façon que le Droit de la Régulation reconcrétise le monde que le marché concurrentiel ayant pour seul critère ultime le prix, une gouvernance par la Compliance pourrait reconcrétiser le monde digitalisé par le numérique en distinguant dans une catégorie abusivement unifiée de "data" plusieurs sortes de data. L'Europe en a donné l'exemple à travers la Régulation internalisée par le Droit de la Compliance dans les entreprises lorsque les data "concerne" les personnes.

L'on peut analyser la décision rendue par la CNIL, Google le 21 janvier 2019. 

Consulter les slides servant de support à la leçon.

Revenir à la présentation générale du Cours.

Consulter la bibliographie générale du Droit commun de la Régulation

Consulter le Dictionnaire bilingue du Droit de la Régulation et de la Compliance

Référence complète : Rabagny-Lagoa, A., La conformité dans le règlement UE n° 2016/679, du 27 avril 2016, relatif à la protection des personnes physiques à l'égard du traitement des données à caractère personnel et à la libre circulation de ces données, in Petites Affiches, octobre 2018, n°215, pp. 8-14.

Les étudiants de Sciences po peuvent lire l'article via le Drive dans le dossier "MAFR - Régulation & Compliance".

►   This working document was intended to serve as a support for a conference pronounced in French in the conference Droit et Ethique ( Law & Ethics) of May 31, 2018 in a symposium organized by the Court of Cassation and the Association Française de Philosophie du Droit.  French Association of Philosophy of Law on the general theme Law & Ethics.

See a general presentation of this conference. 

Rather, it has served as a support for the article to be published in the Archives de Philosophie du Droit (APD). This article is written in French. 

►   Summary: It is through the Law that the human being has acquired a unity in the West (I). What religion could have done, the Law also did by posing on each human being the indetachable notion of him of "person" (I.A). But this is what is challenged today, not the personality and the power that the human being has to express his freedom but the unity that implies in the disposition that we have of ourselves in repelling the desire that others have always had to dispose of us. Current law tends to "pulverize" human beings into data and transform into neutral legal services what was considered before as the devouring of others. The legal concept of "consent", ceasing to be proof of a free will but becoming an autonomous concept, would suffice (I.B.).

To prevent the reigning of the "law of desires", which merely reflects the adjustment of forces, we must demand here and now the ethical sovereignty of Law, because Law can not be just just be just the interests adjustment (II). We can form this request if we do not want to live in an a-moral universe (II.A), if we see that the unity of the person is the legal invention that protects the weak human being (II.B.). If we admit this imperative, then we must finally ask who in the legal system will express and impose it, especially the legislator or the judge, because we seem to have lost the ability to recall this principle of the Person on which the West was so centered. But the principles that are no longer said disappear. There would then remain only the case-by-case adjustment of interests between human beings in the world field of particular forces. At this yardstick, Law would be more than a technique of securisation of particular adjustments. Law would be reduced at that and would have lost its link with Ethics. (II.C).

Complete reference : Randell, Ch., How can we ensure that big Data does not make us prisoners of technology ?, Reuters Newsmaker event, London, 2018.

To read the speech.

Référence complète : Canac, J.-M., et Teller, M., De la rule of law à la rule by code : la blockchain, un projet faustien ?, in Études en l'honneur de Philippe Neau-Leduc, Le juriste dans la cité, coll. « Les mélanges », LGDJ- Lextenso,  2018, pp.181-188.

Lire une présentation générale dans lequel l'article est publié.

Référence complète : Chaltiel, F., La protection des données personnelles. À propos de l'entrée en vigueur  du règlement général de protection des données, in Petites Affiches, Lextenso, juin 2018, pp. 6-22.

Le 25 mai 2018 doit marquer le début d'un nouvel âge des droits numériques de chacun. Le règlement général de protection des données, dont la préparation remonte à plusieurs années, doit en effet entrer en vigueur en mai 2018.

Il tire les conséquences de plusieurs décennies de progrès du numérique et vise à assurer, dans un cadre technique inédit à l'échelle de l'histoire de la communication, une protection renforcée des données.

Les obligations sont nombreuses, il n'est pas certain que les acteurs concernés soient en mesure de garantir l'ensemble de ces droits dans le délai imparti. Le nouveau droit fondamental de la protection des données personnelles est sans doute un des défis juridiques majeurs des années à venir pour nos sociétés.

Référence complète : Zolynski, C., Compliance et droit des données personnelles in Borga, N., Marin, J.-Cl. et Roda, J.-Cl. (dir.), Compliance : l'entreprise, le régulateur et le juge, Série Régulations & Compliance, Dalloz, 2018, pp. 129-136.

Lire une présentation générale de l'ouvrage dans lequel est publié l'article.

Consulter les autres titres de la Série dans laquelle est publié l'ouvrage.

Référence complète : Moreaux, A., Comment se conformer au RGPD ?,  in Affiches Parisiennes, mai 2018, pp. 1-3.

L'échéance du fameux Règlement général sur la protection des données approche. Pour Mounir Mahjoubi, secrétaire d'État au Numérique, « 2018 est l'année du RGPD » qui va entraîner un « véritable choc de sécurité » sur la toile. La mise en conformité avec le nouveau règlement européen sur le digital qui entre en vigueur le 25 mai est une question centrale pour les entreprises.

Pour consulter l'article.

Référence générale : CNIL, RGPD et TPE/PME : un nouveau modèle de registre plus simple et plus didactique

Lire le document. 

Référence complète : Espace de réflexion éthique de Normandie (EREN), Le don de gamètes : quelles questions pour le XXIe siècle ?, in Petites affiches, Lextenso, avril 2018, pp. 5-9.

Parmi les sujets débattus dans le cadre des États généraux de la bioéthique, l’assistance médicale à la procréation et le don de gamètes soulèvent de nombreuses questions. Un débat organisé à Caen, par l’Espace de réflexion éthique de Normandie, a permis de discuter des enjeux associés à une éventuelle levée de l’anonymat du don et à la possibilité d’accéder à certaines données informatives sur les donneurs de gamètes.

Les étudiants de Sciences-Po peuvent lire l'article via le Drive, dossier "MAFR- Regulation & Compliance"

Référence complète : Derieux, E., Données à caractère personnel et communication publique . Règlement (UE) 2016/79 du 27 avril 2016 relatif à la protection des personnes physiques à l'égard du traitement des données à caractère personnel et à la libre circulation de ces données in Études en l'honneur du Professeur Jérôme Huet. Liber amicorum, LGDJ - Lextenso, 2017, pp. 127-138.

Consulter une présentation générale de l'ouvrage.

Les étudiants de Sciences po peuvent lire l'article via le Drive dans le dossier "MAFR - Régulation & Compliance".

► Full Reference: Frison-Roche, M.-A., Globalization from the point of view of Law, working paper, May 2017.

____

🎤 This working paper initially served as a basis for a synthesis report made in French in the colloquium organized by the Association Henri Capitant in the International German Days on the subject of "Le Droit et la Mondialisation" (Law and Globalization).

📝 Il sert dans un second temps de base à l'article paru dans l'ouvrage La Mondialisation.

📝 it serves as a second basis for the article (written in English, with a Spanish Summary) to be published in the Brezilian journal Rarb - Revista de Arbitragem e Mediação  (Revue d`Arbitrage et Médiation).

It uses the Bilingual Dictionary of the Law of Regulation and Compliance.

____

► Summary of the Working: Globalization is a confusing phenomenon for the jurist. The first thing to do is to take its measure. Once it has been taken, it is essential that we allow ourselves to think of something about it, even if we have to think about it. For example, on whether the phenomenon is new or not, which allows a second assessment of what is taking place. If, in so far as the law can and must "pretend" to defend every being, a universal claim destined to face the global field of forces, the following question - but secondary - is formulated: quid facere? Nothing ? Next to nothing ? Or regulate? Or can we still claim that the Law fulfills its primary duty, which is to protect the weak, including the forces of globalization?

____

read the Working Paper below⤵️

Référence complète : Falque-Pierrotin, I., L'Europe des données ou l'individu au coeur d'un système de compliance, in Frison-Roche, M.-A. (dir.), Régulation, Supervision, Compliance, Série Régulations, Dalloz, 2017.

Lire la présentation générale de l'ouvrage dans lequel l'article est publié.

Consulter les autres ouvrages de la Série dans laquelle l'ouvrage dans l'article a été inséré est publié.

Les étudiants de Sciences-Po peuvent consulter l'article via le Drive, dossier "MAFR-Régulation"