♾️follow Marie-Anne Frison-Roche on LinkedIn

♾️subscribe to the Newsletter MAFR Regulation, Compliance, Law

____

► Full Reference: F. Ancel and  M.-A. Frison-Roche, Droit de la compliance (Compliance Law), École nationale de la magistrature - ENM (French National School for the Judiciary), 1 and 2 February 2024, Paris. 

This teaching is given in French.

_____

► Presentation of the Teaching: The two-day session is designed for magistrates and practicing lawyers who are not necessarily specialized, to enable them, based on concrete cases, to understand the issues, objectives, and methods of compliance mechanisms in companies, including the increasing judicialization and the supranational dimension strengthen, modifying the office of the judge and the role of lawyers.

The analysis is made from the angle of Civil Law (contract, tort), Company Law, Labor Law and Criminal Law, but also governance, financial markets, regulatory, climate and digital issues.

____

► Organisation of the Teaching: this teaching is open to all judicial members and lawyers. Enrollments are made at the French National School for the Judiciary.

________

read below the programme put together and organised by François Ancel and Marie-Anne Frison-Roche⤵️

► Référence complète : Conseil d'État, Les réseaux sociaux. Enjeu et opportunités pour la puissance publique, Rapport annuel, 2022.

____

📗Lire le rapport.

________

► Référence complète : Frison-Roche, M.-A.,  Droit, finance, autorité. Sociologie comparée des autorités de marchés financiers,  recherches menées puis rapport rédigé pour le Laboratoire de sociologie juridique, Université Panthéon-Assas (Paris II), remis au GIP Mission de recherche Droit et justice, septembre 1999, dactyl., 117 p. 

____

📝 Lire la table des matières de l'ouvrage. 

____

📝 Lire le résumé et la synthèse de l'ouvrage en 4 pages. 

____

📝 Lire le rapport

____

►Lire les deux monographies accompagnant le rapport :

📝 Bouthinon-Dumas, H., Le rôle des autorités de marchés financiers dans la crise asiatique vue à travers la presse

📝 V. Magnier, Les autorités de marchés financiers aux Etats-Unis. Droit, juge et autorité de marché

____

📝 Lire les synthèses concernant les différents pays étudiés

📝 Lire la grille d'entretien semi-ouvert

________

Full reference: Frison-Roche, M.-A., Facebook: Quand le Droit de la Compliance démontre sa capacité à protéger les personnes (Facebook: When Compliance Law proves its ability to protect people), interview with Olivia Dufour, Actu-juridiques Lextenso, 23rd of November 2020

Read the interview (in French)

Read the news of the Newsletter MAFR - Law, Compliance, Regulation about this question

Full reference: Baer, B., Proposals to Strengthen the Antitrust Laws and Restore Competition Online, Testimony before the United-States House of Representatives, Committee on Judiciary, Subcommittee on Antitrust, Commercial and Administrative Law, 1st of October 2020

Read the testimony

Read Bill Baer's presentation by Brookings Institution of which he is a member

This working paper is an extraction of an eponym newsletter published in the Newsletter MAFR - Law, Regulation & Compliance on 21st of September 2020 on LinkedIn.

Read the newsletter of 21st of September 2020

Full reference: Frison-Roche, M.-A., Regulation, Compliance & Cinema: learning about Internet Regulation with the series "Criminals"​, Newsletter MAFR - Law, Compliance, Regulation, 21st of September 2020

Read by freely subscribing other news of the Newsletter MAFR - Law, Compliance, Regulation

Summary of the news: 

Season 2 Episode 3 of the British version of the series "Criminals" features the character of Danielle. Danielle is a mother which has decided to hunt down pedophiles on social networks in order to trap them and show to the world their acts. Danielle insists on the efficiency of her action with regard to the police and justice that she finds unproductive. In the episode, Danielle is accused of defamation by the police. While policemen try to explain to Danielle the importance of using a regular procedure and to respect the Rule of Law aiming to prove its accusations, she makes efficiency her only principle. According to her, her methods get results (on the contrary of those used by the police which respect procedures) and those she accuses to be pedophiles do not deserve defense rights. 

We can learn three lessons from Danielle's story: 

1. If Compliance Law is just a process of application of mechanical rules, then Rule of Law is not salient face to the principle of efficiency. But, if Compliance Law is defined by its "monumental goals" and that the respect of Rule of Law is erected in "monumental goal", then efficiency and Rule of Law become compatible and congruent. 
2. The digital space must be disciplined by crucial digital firms supervised by public authorities, like in France or Germany for hate speeches and disinformation. 
3. Compliance Law, and Law in general, must be pedagogue towards individuals as Danielle which do not understand why their behaviors are reproachable. 

♾️ follow Marie-Anne Frison-Roche on LinkedIn

♾️subscribe to the Newsletter MAFR Regulation, Compliance, Law 

____

Full reference: M.-A. Frison-Roche, Se tenir bien dans l'espace numérique, in Penser le droit de la pensée. Mélanges en l'honneur de Michel Vivant, Lexis Nexis and Dalloz, 2020, pp. 155-168.

____

📝Read the article (in French)

____

🚧Read the working paper, written in English, on which this article is based, with additional developments, technical references, and hyperlinks

English summary of the article: The digital space is one of the scarce spaces not framed by a specific branch of Law, Freedom also offering opportunity to its actors to not "behave well", that is to express and diffuse broadly and immediately hateful thoughts through Hate speechs, which remained before in private or limited circles. The intimacy of Law and of the legal notion of Person is broken: Digital permits to individuals or organizations to act as demultiplied and anonymous characters, digital depersonalized actors who carry behaviors that are hurtful to other's dignity. 

Against that, Compliance Law offers an appropriate solution: internalizing in digital crucial operators the mission to disciplinary and substantially hold the digital space. The digital space has been structured by powerful firms able to maintain order. Because Law must not reduce digital space to be only a neutral market of digital prestations, these crucial operators, like social networks or search engines, must be forced to substantially control behaviors. It could be about an obligation of internet users to act with their face uncover, "real identity" policy controlled by firms, and to respect others' rights, privacy rights, dignity, intellectual property rights. In their Regulatory function, digital crucial firms must be supervised by public authorities. 

Thus, Compliance law substantially defined is the protector of the person as "subject of law" in the digital space, by the respect that others must have, this space passing from the status of free space to the one of civilized space, in which everyone is obliged to behave well. 

______

Read to go further: 

• Frison-Roche, M.-A., L'apport du Droit de la Compliance à la gouvernance d'Internet, 2019
• Frison-Roche, M.-A. (dir.), Internet, un espace d'interrégulation, 2016

Full reference: Frison-Roche, M.-A., Responding to an email with "serious anomalies"​,transferring personal data, blocks reimbursement by the bank: French Cour de cassation, July 1st 2020, Newsletter MAFR - Law, Compliance, Regulation, 10th of September 2020

Read by freely subscribing other news of the Newsletter MAFR - Law, Compliance, Regulation

Summary of the news

"Phishing" is a kind of cyber criminality aiming to obtain, by sending fraudulent emails which look like to those sent by legitimate organisms, recipient's personal information in order to impersonate or steal him or her. As it is difficult to find the authors of "phishing" and to prove their intentionality in order to punish them directly, on mean to fight against "phishing" could be to entitle banks to secure their information network and, to accompany this obligation with a strong incentive, to convict them to reimburse the victims in case of robbery of their personal data.  

In 2015, a client victime of this kind of fraud asked to his bank, the Crédit Mutuel, to reimburse him the amount stole, what the bank refused to do on the grounds that the client committed a fault, transferring its confidential information without checking the email, however grossly counterfeit. The Court of first instance gave reason to the client because although he committed this fault, he was in good faith. This judgment was broken by the Chambre commerciale de la Cour de cassation (French Judicial Supreme Court) by a decision of 1st of July 2020 which states that this serious negligence, exclusive of any consideration of good faith, justifies the absence of reimbursement by the bank.

___

From this particular case, we can draw three lessons: 

1. The Cour de Cassation states that good faith is not a salient criterion and that, as the bank must react when a banking account is objectively abnormal, the client must react face to an obviously abnormal email. 
2. The Cour de Cassation describes the repartition of proof burden. Proof obligations are alternatively distributed between the bank and its client. First, the bank must secure its information network but, secondly, the client must take every reasonable measure to preserve its safety. It results from this that, if the email seems normal, phishing damages must be supported by the bank, and more generally of by the firm, while if the email is obviously abnormal, they must be supported by the client, but the burden to prove the abnormality of the email must be supported by the firm and not by the client. 
3. Such a proof system shows that Compliance Law includes a pedagogic mission by educating each client in order to he or she would be able to distinguish among his or her emails, those which are normal and those which are obviously suspect. This pedagogic dimension, with the legal consequences associated to it, will not stop to spread. 

______

Full reference: Frison-Roche, M.-A., Compliance by Design, a new weapon? Opinion of Facebook about Apple new technical dispositions on Personal Data protection, Newsletter MAFR - Law, Compliance, Regulation, 31st of August 2020

Read by freely subscribing other news of the Newsletter MAFR - Law, Compliance, Regulation

Summary of the news:

Personal Data, as they are information, are Compliance Tools. They represent a precious resource for firms which must implement a vigilance plan in order to prevent corruption, money laundering or terrorism financing, for examples. It is the reason why personal data are the angular stone of "Compliance by design" systems. However, the use of these data cannot clear the firm of its simultaneous obligation to protect these same personal data, that is also a "monumental goal" of Compliance Law. 

In order to be able to exploit these data in an objective of Compliance and protecting them in the same time, the digital firm Apple adopted for example new dispositions in order to the exploitation of the Identifier For Advertisers (IDFA) integrated in the iPad and in the iPhone and broadly used by targeted advertising firms, is conditioned to the consumer's consent.

Facebook reacted to this new disposition explaining that such measures will restrict the access to data for advertisers who will suffer from that. Facebook suspects Apple to block the access to advertisers in order to develop its own advertising tool. Facebook guaranteed to advertisers who work with it that it will not take similar measures and that it will always favor consultation before decision making in order to concile sometimes divergent interests. 

We can sleep and already make some remarks:

• GDPR imposing to companies that they guarantee a minimal level of protection for personal data does not apply in the United-States. It is then possible that Apple acted through Corporate Social Responsibility (CSR), more than through legal obligation. 
• The mode of regulation used here is the "conversational regulation" theorized by Julia Black. Indeed, regulators let the forces in presence discuss. 
• This "conversational regulation" does not seem to be very efficient in this case and an intervention of administrative authorities or of judges could be justified via Competition Law, Regulation Law or Compliance Law, knowing that Competition Law will favor access right to information and Regulation or Compliance Law private life right. 

The whole paradox of Compliance Law rests in the equilibrium between circulation of information and secret. 

Full reference: Frison-Roche, M.-A., "Interregulation"​ between Payments System and Personal Data Protection: how to organize this "interplay"​?, Newsletter MAFR - Law, Compliance, Regulation, 27th of August 2020

Read by freely subscribing the other news of the Newsletter MAFR - Law, Compliance, Regulation

Summary of the news

Regulation Law, in order to recognize and draw the consequences from the specificities of some objects, has been build, at the start, around the notion of "technical sector" although their delimitation is partially related to a political choice. But, in facts, there are multiple points of contacts between sectors, actors moving from one to another as objects. The regulatory solution is so to climb over some technical borders through the methodology of interregulation which is by the way the only one to enable the regulation of some phenomena going beyond the notion of sector and related to Compliance Law. 

This news takes the exemple of companies furnishing new payment services. In order to they can provide these services, these firms needs to access to banking accounts of concerned people and so to very sensitive personal data. Regulation of such a configuration needs a cooperation between the banking regulator and the personal data regulator. Legislation being not sufficient to organize in Ex Ante this interregulation, the European Data Protection Board has published some guidelines on 17th of July 2020 about the way it conceives the articulation between the PSD2 (European directive about payment services) and GDPR and has announced that it intended to expand the circle of its interlocutors to do this interregulation. Such an initiative from EDPB can be justified by the uncertainty  about how interpreting both texts and articulating them.   

Full reference: Frison-Roche, M.-A., Can Coordination between local Regulators replace a unique centralized Regulator? Example of the European organisation of the Open Internet Principle, Newsletter MAFR - Law, Compliance, Regulation, 18th of August 2020

Read, by freely subscribing, the other news of the Newsletter MAFR - Law, Compliance, Regulation

To go further, read Marie-Anne Frison-Roche's article: The hypothesis of interregulation 

Summary of the news

The principle of "open internet" enshrined in the European regulation of 30th of April 2016 guaranteeing a non discriminatory access to Internet contents and services. However, there is no European regulator to implement such a principle. Is it possible to guarantee the effectivity of this principle without a central regulator in charge of this principle? 

On 11st of June 2020, the BEREC (Body of European Regulators for Electronic Communications) adopted guidelines concerning the application of the open internet principle. The BEREC is not a European regulator but a network of national regulators aiming to coordinate their actions. This body is only a consultative body but its recommendations are taken into account by national authorities which have deep legal power, as Osborne-Clarke said about the technical implementation of the European principle of open internet at the national level.  

It is thus non necessary to have a central regulator to ensure the effectivity of a principle since the moment when there is a local regulators network able to coordinate their actions through soft law.   

Full reference: Féral-Schuhl, C., Cyberdroit. Le Droit à l'épreuve de l'internet, Collection Praxis Dalloz, Dalloz, 8th edition, 2020, 1731p.

Read the forth of cover (in French)

Read the table of contents (in French)

Reference Frison-Roche, M.-A., Le droit de la compliance pour réguler l'internet  (Compliance Law to Regulate the Internet), Interview given in French to Sylvie Rozenfeld, Expertises, December 2019, p.385-390.

Summary. Law seems increasingly powerless to stem the social disorder generated by the Internet. For Marie-Anne Frison-Roche, Law professor and specialist in Regulatory Law, the solution is to be found in Law, and more particularly in Compliance Law. This specific Law is already applied in the banking and finance sector, or in the area of ​​personal data. As it has done for green finance and through the GDPR, Europe could impose a compliance system which internalizes concern for the individual in large digital operators. It is up to them to put in place the means and bear the cost, such as the right to be forgotten erected by the CJEU. Marie-Anne Frison-Roche does not offer anything revolutionary, she is content to take elements of positive law that already exist and to correlate them.

Read the interview (in French)

Read the presentation of the official Report for the French Government about which this interview is given:: The contribution of Compliance Law to the Governance of Internet. 

The Finance Bill has proposed to the Parliament to vote an article 57 whose title is: Possibilité pour les administrations fiscales et douanières de collecter et exploiter les données rendues publiques sur les sites internet des réseaux sociaux et des opérateurs de plateformes (translation: Possibility for the tax and customs administrations to collect and exploit the data made public on the websites of social networks and platform operators).

Its content is as is in the text voted on in the National Assembly as follows:

"(1) I. - On an experimental basis and for a period of three years, for the purposes of investigating the offenses mentioned in b and c of 1 of article 1728, in articles 1729, 1791, 1791 ter, in 3 °, 8 ° and 10 ° of article 1810 of the general tax code, as well as articles 411, 412, 414, 414-2 and 415 of the customs code, the tax administration and the customs administration and indirect rights may, each as far as it is concerned, collect and exploit by means of computerized and automated processing using no facial recognition system, freely accessible content published on the internet by the users of the online platform operators mentioned in 2 ° of I of article L. 111-7 of the consumer code.

(2) The processing operations mentioned in the first paragraph are carried out by agents specially authorized for this purpose by the tax and customs authorities.

(3) When they are likely to contribute to the detection of the offenses mentioned in the first paragraph, the data collected are kept for a maximum period of one year from their collection and are destroyed at the end of this period. However, when used within the framework of criminal, tax or customs proceedings, this data may be kept until the end of the proceedings.

(4) The other data are destroyed within a maximum period of thirty days from their collection.

(5) The right of access to the information collected is exercised with the assignment service of the agents authorized to carry out the processing mentioned in the second paragraph under the conditions provided for by article 42 of law n ° 78-17 of January 6, 1978 relating to data processing, the files and freedoms.

(6) The right to object, provided for in article 38 of the same law, does not apply to the processing operations mentioned in the second paragraph.

(7) The terms of application of this I are set by decree of the Council of State.

(8) II. - The experiment provided for in I is the subject of an evaluation, the results of which are forwarded to Parliament as well as to the National Commission for Data Protection at the latest six months before its end. "

This initiative provoked many comments, rather reserved, even after the explanations given by the Minister of Budget to the National Assembly.

What to think of it legally?

Because the situation is quite simple, that is why it is difficult: on the one hand, the State will collect personal information without the authorization of the persons concerned, which is contrary to the very object of the law of 1978 , which results in full disapproval; on the other hand, the administration obtains the information to prosecute tax and customs offenses, which materializes the general interest itself.

So what about it?

Read below.

Référence complète : Dulong de Rosnay, M., La mise à disposition des œuvres et des informations sur les réseaux: Régulation juridique et régulation technique, sous la direction de Danièle Bourcier, Université Panthéon-Assas Paris II, 26 octobre 2017, 610 p.

Full reference: Information Note From the European Commission to the Permanent Representatives Committee About the Progress on Combatting Hate Speech Online Through the EU Code of Conduct, Council of the European Union, 27th of September 2019, 7p.

Read the note

Generale Reference : Frison-Roche, M.-A., Les solutions offertes par le Droit de la Compliance pour lutter effectivement contre les contrefaçons de masse (The solutions offered by Compliance Law  to fight effectively against mass counterfeiting) , in Seminar of the Association des Praticiens du Droit Droit des Marques et des Modèles (APRAM), La contrefaçon de masse : va-t-on un jour réussi à y mettre un frein ? Quelques nouvelles pistes de réflexion (How to stop the mass Counterfeiting?, some new ideas), Paris, September 27, 2019. 

Read the program of the Seminar. (in French)

This conference is based on the report given to the French Government and published in July2019 : The contribution of Compliance Law to the Governance of Internet.

It is also based on the new contribution to the new edition of the Grands Arrêts de la propriété intellectuelle : "Le maniement de la propriété intellectuelle comme outil de régulation et de compliance"(in French).  This publication is based on this Working Paper : The use of Intellectuel Property as a tool for Regulatory and Compliance Perspectives. 

Summary : In this seminar devoted to new ways of reacting to "mass counterfeiting", the idea here is to start from the observation of an increase in the ineffectiveness of intellectual property rights - and thus of the I.P. Law. Law being a practical art, it is not a simple inconvenience, it is a central question. This can be remedied by improving the Ex Post legal process, but we can think of finding Ex Ante mechanisms. The Regulatory Law is Ex Ante, but digital world is not a sector, it is the world itself. A promising direction is therefore Compliance Law, in that it is both Ex Ante and non-sectoral. The contribution shows how Compliance Law is already useful, could be developed and how it could be applied so that these specific rights could be effectively protected in a digital world, where for the moment counterfactors have in fact the means to ignore them.

See the slides. (in French)

♾️ follow Marie-Anne Frison-Roche on LinkedIn

♾️subscribe to the Newsletter MAFR Regulation, Compliance, Law 

____

► Full Reference: M.-A. Frison-Roche, L'apport du Droit de la Compliance dans la Gouvernance d'Internet  (The contribution of Compliance Law to the Internet Governance), Report asked by the French Government, published the 15th of July 2019, 139 p.

___

► Report Summary. Governing the Internet? Compliance Law can help.

Compliance Law is for the Policy Maker to aim for global goals that they require to be achieved by companies in a position to do so. In the digital space built on the sole principle of Liberty, the Politics must insert a second principle: the Person. The respect of this One, in balance with the Freedom, can be required by the Policy Maker via Compliance Law, which internalises this specific pretention in the digital companies. Liberalism and Humanism become the two pillars of Internet Governance.

The humanism of European Compliance Law then enriches US Compliance law. The crucial digital operators thus forced, like Facebook, YouTube, Google, etc., must then exercise powers only to better achieve these goals to protect persons (against hatred, inadequate exploitation of data, terrorism, violation of intellectual property, etc.). They must guarantee the rights of individuals, including intellectual property rights. To do this, they must be recognized as "second level regulators", supervised by Public Authorities.

This governance of the Internet by Compliance Law is ongoing. By the European Banking Union. By green finance. By the GDPR. We must force the line and give unity and simplicity that are still lacking, by infusing a political dimension to Compliance: the Person. The European Court of Justice has always done it. The European Commission through its DG Connect is ready.

► 📓 Read the reporte (in French)

📝 Read the Report Summary in 3 pages (in English)

📝 Read the Report Summary in 6 pages (in English)

____

►  Plan of the Report (4 chapters): an ascertainment of the digitization of the world (1), the challenge of civilization that this constitutes (2), the relations of Compliance mechanisms as it should be conceived between Europe and the United States, not to mention that the world is not limited to them, with the concrete solutions that result from this (3) and concrete practical solutions to better organize an effective digital governance, inspired by what is particularly in the banking sector, and continuing what has already been done in Europe in the digital field, which has already made it exemplary and what it must continue, France can be force of proposal by the example (4).

____

📝  Read the written presentation of the Report done by Minister Cédric O (in French).

🏛 Listen to the oral  presentation of the Report by Minister Cédric O durant the parliamentary discussion of the law against hate contente on the Internet (in French).

____

💬 Read the interview published the 18 July 2019 : "Gouvernance d'Internet : un enjeu de civilisation" ( "Governing Internet: an Issue of Civilization"), given in French, 

📻 Listen the Radio broadcast of July 21, 2019 during which its consequences are applied to the cryptocurrency "Libra" (given in French)

🏛 Presentation of the Report to the Conseil Supérieur de l'Audiovisuel- CSA (French Council of Audiovisual) on Septembre 5, by a discussion with its members presentation (in French)

💬 Read the  Interview published the 20 December 2019 : "Le droit de la compliance pour réguler l'Internet" ("Compliance Law for regulate Internet"), given in French

____

read below the 54 propositions of the Report ⤵️

Discours d'Emmanuel Macron, président de la République, au Forum "Gouvernance Internet", Unesco, 13 novembre 2018. 

Lire le Discours. Compl

Complete reference : Randell, Ch., How can we ensure that big Data does not make us prisoners of technology ?, Reuters Newsmaker event, London, 2018.

To read the speech.

Référence complète : Chaltiel, F., La protection des données personnelles. À propos de l'entrée en vigueur  du règlement général de protection des données, in Petites Affiches, Lextenso, juin 2018, pp. 6-22.

Le 25 mai 2018 doit marquer le début d'un nouvel âge des droits numériques de chacun. Le règlement général de protection des données, dont la préparation remonte à plusieurs années, doit en effet entrer en vigueur en mai 2018.

Il tire les conséquences de plusieurs décennies de progrès du numérique et vise à assurer, dans un cadre technique inédit à l'échelle de l'histoire de la communication, une protection renforcée des données.

Les obligations sont nombreuses, il n'est pas certain que les acteurs concernés soient en mesure de garantir l'ensemble de ces droits dans le délai imparti. Le nouveau droit fondamental de la protection des données personnelles est sans doute un des défis juridiques majeurs des années à venir pour nos sociétés.