Dec. 10, 2020

Thesaurus : 03. Conseil d'Etat

Référence complète : CE, 10 déc. 2010, CDiscount
 
 
 
"Dispense lorsque les intérêts légitimes du responsable du traitement prévalent sur ceux des personnes concernées (f de l'art. 6 du RGPD) - 1) Modalités d'appréciation - 2) Espèce.

Il résulte clairement de l'article 6 du règlement (UE) n° 2016/679 du 27 avril 2016 (dit " RGPD ") qu'un traitement de données à caractère personnel ne satisfait aux exigences du règlement, dès lors qu'il n'est nécessaire ni au respect d'une obligation légale à laquelle le responsable du traitement est soumis, ni à l'exécution d'une mission d'intérêt public ou relevant de l'exercice de l'autorité publique dont est investi le responsable du traitement, ni à la sauvegarde des intérêts vitaux de la personne concernée ou d'une autre personne physique, que si la personne concernée a consenti au traitement de ses données, sauf à ce que le traitement soit nécessaire à l'exécution d'un contrat auquel la personne concernée est partie ou à l'exécution de mesures précontractuelles prises à la demande de celle-ci, ou à ce qu'il soit nécessaire aux fins des intérêts légitimes poursuivis par le responsable du traitement ou par un tiers, à la condition, dans ce dernier cas, que ces intérêts légitimes puissent être regardés comme prévalant sur les intérêts des personnes concernées ou sur leurs libertés et droits fondamentaux.
 
1) Pour apprécier si les intérêts légitimes du responsable du traitement prévalent sur ceux des personnes concernées, il y a lieu de mettre en balance, d'une part, l'intérêt légitime poursuivi par le responsable du traitement et, d'autre part, l'intérêt ou les libertés et droits fondamentaux des personnes concernées, eu égard notamment à la nature des données traitées, à la finalité et aux modalités du traitement ainsi qu'aux attentes que ces personnes peuvent raisonnablement avoir quant à l'absence de traitement ultérieur des données collectées.
 
2) Délibération de la Commission nationale de l'informatique et des libertés (CNIL) indiquant que les données relatives à la carte de paiement en matière de vente de biens ou de fourniture de services à distance ne peuvent être collectées et traitées par une société vendant des biens ou des services à distance que pour permettre la réalisation d'une transaction dans le cadre de l'exécution d'un contrat et que la conservation de ces données afin de faciliter d'éventuels paiements ultérieurs n'est possible que si les personnes auxquelles ces données se rapportent ont donné préalablement et explicitement leur consentement, à moins qu'elles aient souscrit un abonnement donnant accès à des services additionnels, traduisant leur inscription dans une relation commerciale régulière. Si la société soutient que la conservation du numéro de carte bancaire du client qui a procédé à un achat en ligne est nécessaire aux fins de l'intérêt légitime consistant à faciliter des paiements ultérieurs en dispensant le client de le saisir à chacun de ses achats, notamment dans le cadre d'une fonctionnalité d'achat rapide - dite " en un clic " - cet intérêt ne saurait prévaloir sur l'intérêt des clients de protéger ces données, compte tenu de la sensibilité de ces informations bancaires et des préjudices susceptibles de résulter pour eux de leur captation et d'une utilisation détournée, et alors que de nombreux clients qui utilisent des sites de commerce en ligne en vue de réaliser des achats ponctuels ne peuvent raisonnablement s'attendre à ce que les entreprises concernées conservent de telles données sans leur consentement. Par suite, la CNIL a pu à bon droit estimer que, de façon générale, devait être soumise au consentement explicite de la personne concernée la conservation des numéros de cartes bancaires des clients des sites de commerce en ligne pour faciliter des achats ultérieurs.".
 
C'est pourquoi le recours de CDiscount contre la décision de sanction de la CNIL est rejeté. 


s légales____ookie

Nov. 23, 2020

Interviews

Full reference: Frison-Roche, M.-A., Facebook: Quand le Droit de la Compliance démontre sa capacité à protéger les personnes (Facebook: When Compliance Law proves its ability to protect people), interview with Olivia Dufour, Actu-juridiques Lextenso, 23rd of November 2020

Read the interview (in French)

Read the news of the Newsletter MAFR - Law, Compliance, Regulation about this question

Oct. 1, 2020

Thesaurus : Soft Law

Full reference: Baer, B., Proposals to Strengthen the Antitrust Laws and Restore Competition Online, Testimony before the United-States House of Representatives, Committee on Judiciary, Subcommittee on Antitrust, Commercial and Administrative Law, 1st of October 2020

Read the testimony

Read Bill Baer's presentation by Brookings Institution of which he is a member

Sept. 21, 2020

Newsletter MAFR - Law, Compliance, Regulation

Full reference: Frison-Roche, M.-A., Regulation, Compliance & Cinema: learning about Internet Regulation with the series "Criminals"​Newsletter MAFR - Law, Compliance, Regulation, 21st of September 2020

Read by freely subscribing other news of the Newsletter MAFR - Law, Compliance, Regulation

 

Summary of the news: 

Season 2 Episode 3 of the British version of the series "Criminals" features the character of Danielle. Danielle is a mother which has decided to hunt down pedophiles on social networks in order to trap them and show to the world their acts. Danielle insists on the efficiency of her action with regard to the police and justice that she finds unproductive. In the episode, Danielle is accused of defamation by the police. While policemen try to explain to Danielle the importance of using a regular procedure and to respect the Rule of Law aiming to prove its accusations, she makes efficiency her only principle. According to her, her methods get results (on the contrary of those used by the police which respect procedures) and those she accuses to be pedophiles do not deserve defense rights. 

We can learn three lessons from Danielle's story: 

  1. If Compliance Law is just a process of application of mechanical rules, then Rule of Law is not salient face to the principle of efficiency. But, if Compliance Law is defined by its "monumental goals" and that the respect of Rule of Law is erected in "monumental goal", then efficiency and Rule of Law become compatible and congruent. 
  2. The digital space must be disciplined by crucial digital firms supervised by public authorities, like in France or Germany for hate speeches and disinformation. 
  3. Compliance Law, and Law in general, must be pedagogue towards individuals as Danielle which do not understand why their behaviors are reproachable. 

Sept. 21, 2020

Law by Illustrations

This working paper is an extraction of an eponym newsletter published in the Newsletter MAFR - Law, Regulation & Compliance on 21st of September 2020 on LinkedIn.

Read the newsletter of 21st of September 2020

Sept. 16, 2020

Publications

Full reference: Frison-Roche, M.-A., Se tenir bien dans l'espace numérique, in Penser le droit de la pensée. Mélanges en l'honneur de Michel Vivant, Lexis Nexis and Dalloz, 2020, pp. 155-168

Read Marie-Anne Frison-Roche's article (in French)

Read the working paper, written in English, on which this article is based, enriched with additional developments, technical references and hyperlinks

 

Summary of the article: 

The digital space is one of the scarce spaces not framed by a specific branch of Law, Freedom also offering opportunity to its actors to not "behave well", that is to express and diffuse broadly and immediately hateful thoughts through Hate speechs, which remained before in private or limited circles. The intimacy of Law and of the legal notion of Person is broken: Digital permits to individuals or organizations to act as demultiplied and anonymous characters, digital depersonalized actors who carry behaviors that are hurtful to other's dignity. 

Against that, Compliance Law offers an appropriate solution: internalizing in digital crucial operators the mission to disciplinary and substantially hold the digital space. The digital space has been structured by powerful firms able to maintain order. Because Law must not reduce digital space to be only a neutral market of digital prestations, these crucial operators, like social networks or search engines, must be forced to substantially control behaviors. It could be about an obligation of internet users to act with their face uncover, "real identity" policy controlled by firms, and to respect others' rights, privacy rights, dignity, intellectual property rights. In their Regulatory function, digital crucial firms must be supervised by public authorities. 

Thus, Compliance law substantially defined is the protector of the person as "subject of law" in the digital space, by the respect that others must have, this space passing from the status of free space to the one of civilized space, in which everyone is obliged to behave well. 

______

 

Read to go further: 

Sept. 10, 2020

Newsletter MAFR - Law, Compliance, Regulation

Full reference: Frison-Roche, M.-A., Responding to an email with "serious anomalies"​,transferring personal data, blocks reimbursement by the bank: French Cour de cassation, July 1st 2020Newsletter MAFR - Law, Compliance, Regulation, 10th of September 2020

Read by freely subscribing other news of the Newsletter MAFR - Law, Compliance, Regulation

 

Summary of the news

"Phishing" is a kind of cyber criminality aiming to obtain, by sending fraudulent emails which look like to those sent by legitimate organisms, recipient's personal information in order to impersonate or steal him or her. As it is difficult to find the authors of "phishing" and to prove their intentionality in order to punish them directly, on mean to fight against "phishing" could be to entitle banks to secure their information network and, to accompany this obligation with a strong incentive, to convict them to reimburse the victims in case of robbery of their personal data.  

In 2015, a client victime of this kind of fraud asked to his bank, the Crédit Mutuel, to reimburse him the amount stole, what the bank refused to do on the grounds that the client committed a fault, transferring its confidential information without checking the email, however grossly counterfeit. The Court of first instance gave reason to the client because although he committed this fault, he was in good faith. This judgment was broken by the Chambre commerciale de la Cour de cassation (French Judicial Supreme Court) by a decision of 1st of July 2020 which states that this serious negligence, exclusive of any consideration of good faith, justifies the absence of reimbursement by the bank.

___

 

From this particular case, we can draw three lessons

  1. The Cour de Cassation states that good faith is not a salient criterion and that, as the bank must react when a banking account is objectively abnormal, the client must react face to an obviously abnormal email. 
  2. The Cour de Cassation describes the repartition of proof burden. Proof obligations are alternatively distributed between the bank and its client. First, the bank must secure its information network but, secondly, the client must take every reasonable measure to preserve its safety. It results from this that, if the email seems normal, phishing damages must be supported by the bank, and more generally of by the firm, while if the email is obviously abnormal, they must be supported by the client, but the burden to prove the abnormality of the email must be supported by the firm and not by the client. 
  3. Such a proof system shows that Compliance Law includes a pedagogic mission by educating each client in order to he or she would be able to distinguish among his or her emails, those which are normal and those which are obviously suspect. This pedagogic dimension, with the legal consequences associated to it, will not stop to spread. 

 

______

Aug. 31, 2020

Newsletter MAFR - Law, Compliance, Regulation

Full reference: Frison-Roche, M.-A., Compliance by Design, a new weapon? Opinion of Facebook about Apple new technical dispositions on Personal Data protectionNewsletter MAFR - Law, Compliance, Regulation, 31st of August 2020

Read by freely subscribing other news of the Newsletter MAFR - Law, Compliance, Regulation

 

Summary of the news:

Personal Data, as they are information, are Compliance Tools. They represent a precious resource for firms which must implement a vigilance plan in order to prevent corruption, money laundering or terrorism financing, for examples. It is the reason why personal data are the angular stone of "Compliance by design" systems. However, the use of these data cannot clear the firm of its simultaneous obligation to protect these same personal data, that is also a "monumental goal" of Compliance Law. 

In order to be able to exploit these data in an objective of Compliance and protecting them in the same time, the digital firm Apple adopted for example new dispositions in order to the exploitation of the Identifier For Advertisers (IDFA) integrated in the iPad and in the iPhone and broadly used by targeted advertising firms, is conditioned to the consumer's consent.

Facebook reacted to this new disposition explaining that such measures will restrict the access to data for advertisers who will suffer from that. Facebook suspects Apple to block the access to advertisers in order to develop its own advertising tool. Facebook guaranteed to advertisers who work with it that it will not take similar measures and that it will always favor consultation before decision making in order to concile sometimes divergent interests. 

We can sleep and already make some remarks:

  • GDPR imposing to companies that they guarantee a minimal level of protection for personal data does not apply in the United-States. It is then possible that Apple acted through Corporate Social Responsibility (CSR), more than through legal obligation. 
  • The mode of regulation used here is the "conversational regulation" theorized by Julia Black. Indeed, regulators let the forces in presence discuss. 
  • This "conversational regulation" does not seem to be very efficient in this case and an intervention of administrative authorities or of judges could be justified via Competition Law, Regulation Law or Compliance Law, knowing that Competition Law will favor access right to information and Regulation or Compliance Law private life right. 

The whole paradox of Compliance Law rests in the equilibrium between circulation of information and secret. 

Aug. 27, 2020

Newsletter MAFR - Law, Compliance, Regulation

Full reference: Frison-Roche, M.-A., "Interregulation"​ between Payments System and Personal Data Protection: how to organize this "interplay"​?Newsletter MAFR - Law, Compliance, Regulation, 27th of August 2020

Read by freely subscribing the other news of the Newsletter MAFR - Law, Compliance, Regulation

 

Summary of the news

Regulation Law, in order to recognize and draw the consequences from the specificities of some objects, has been build, at the start, around the notion of "technical sector" although their delimitation is partially related to a political choice. But, in facts, there are multiple points of contacts between sectors, actors moving from one to another as objects. The regulatory solution is so to climb over some technical borders through the methodology of interregulation which is by the way the only one to enable the regulation of some phenomena going beyond the notion of sector and related to Compliance Law. 

This news takes the exemple of companies furnishing new payment services. In order to they can provide these services, these firms needs to access to banking accounts of concerned people and so to very sensitive personal data. Regulation of such a configuration needs a cooperation between the banking regulator and the personal data regulator. Legislation being not sufficient to organize in Ex Ante this interregulation, the European Data Protection Board has published some guidelines on 17th of July 2020 about the way it conceives the articulation between the PSD2 (European directive about payment services) and GDPR and has announced that it intended to expand the circle of its interlocutors to do this interregulation. Such an initiative from EDPB can be justified by the uncertainty  about how interpreting both texts and articulating them.   

Aug. 18, 2020

Newsletter MAFR - Law, Compliance, Regulation

Full reference: Frison-Roche, M.-A., Can Coordination between local Regulators replace a unique centralized Regulator? Example of the European organisation of the Open Internet PrincipleNewsletter MAFR - Law, Compliance, Regulation, 18th of August 2020

Read, by freely subscribing, the other news of the Newsletter MAFR - Law, Compliance, Regulation

To go further, read Marie-Anne Frison-Roche's article: The hypothesis of interregulation 

 

Summary of the news

The principle of "open internet" enshrined in the European regulation of 30th of April 2016 guaranteeing a non discriminatory access to Internet contents and services. However, there is no European regulator to implement such a principle. Is it possible to guarantee the effectivity of this principle without a central regulator in charge of this principle? 

On 11st of June 2020, the BEREC (Body of European Regulators for Electronic Communications) adopted guidelines concerning the application of the open internet principle. The BEREC is not a European regulator but a network of national regulators aiming to coordinate their actions. This body is only a consultative body but its recommendations are taken into account by national authorities which have deep legal power, as Osborne-Clarke said about the technical implementation of the European principle of open internet at the national level.  

It is thus non necessary to have a central regulator to ensure the effectivity of a principle since the moment when there is a local regulators network able to coordinate their actions through soft law.   

June 18, 2020

Thesaurus : 01. Conseil constitutionnel

Dec. 19, 2019

Interviews

Reference Frison-Roche, M.-A., Le droit de la compliance pour réguler l'internet  (Compliance Law to Regulate the Internet), Interview given in French to Sylvie Rozenfeld, Expertises, December 2019, p.385-390.

 

Summary. Law seems increasingly powerless to stem the social disorder generated by the Internet. For Marie-Anne Frison-Roche, Law professor and specialist in Regulatory Law, the solution is to be found in Law, and more particularly in Compliance Law. This specific Law is already applied in the banking and finance sector, or in the area of ​​personal data. As it has done for green finance and through the GDPR, Europe could impose a compliance system which internalizes concern for the individual in large digital operators. It is up to them to put in place the means and bear the cost, such as the right to be forgotten erected by the CJEU. Marie-Anne Frison-Roche does not offer anything revolutionary, she is content to take elements of positive law that already exist and to correlate them.

 

Read the interview (in French)

 

Read the presentation of the official Report for the French Government about which this interview is given:: The contribution of Compliance Law to the Governance of Internet

Nov. 16, 2019

Publications

The Finance Bill has proposed to the Parliament to vote an article 57 whose title is: Possibilité pour les administrations fiscales et douanières de collecter et exploiter les données rendues publiques sur les sites internet des réseaux sociaux et des opérateurs de plateformes (translation: Possibility for the tax and customs administrations to collect and exploit the data made public on the websites of social networks and platform operators).

Its content is as is in the text voted on in the National Assembly as follows:

"(1) I. - On an experimental basis and for a period of three years, for the purposes of investigating the offenses mentioned in b and c of 1 of article 1728, in articles 1729, 1791, 1791 ter, in 3 °, 8 ° and 10 ° of article 1810 of the general tax code, as well as articles 411, 412, 414, 414-2 and 415 of the customs code, the tax administration and the customs administration and indirect rights may, each as far as it is concerned, collect and exploit by means of computerized and automated processing using no facial recognition system, freely accessible content published on the internet by the users of the online platform operators mentioned in 2 ° of I of article L. 111-7 of the consumer code.

(2) The processing operations mentioned in the first paragraph are carried out by agents specially authorized for this purpose by the tax and customs authorities.

 

(3) When they are likely to contribute to the detection of the offenses mentioned in the first paragraph, the data collected are kept for a maximum period of one year from their collection and are destroyed at the end of this period. However, when used within the framework of criminal, tax or customs proceedings, this data may be kept until the end of the proceedings.

(4) The other data are destroyed within a maximum period of thirty days from their collection.

(5) The right of access to the information collected is exercised with the assignment service of the agents authorized to carry out the processing mentioned in the second paragraph under the conditions provided for by article 42 of law n ° 78-17 of January 6, 1978 relating to data processing, the files and freedoms.

(6) The right to object, provided for in article 38 of the same law, does not apply to the processing operations mentioned in the second paragraph.

(7) The terms of application of this I are set by decree of the Council of State.

(8) II. - The experiment provided for in I is the subject of an evaluation, the results of which are forwarded to Parliament as well as to the National Commission for Data Protection at the latest six months before its end. "

 

This initiative provoked many comments, rather reserved, even after the explanations given by the Minister of Budget to the National Assembly.

What to think of it legally?

Because the situation is quite simple, that is why it is difficult: on the one hand, the State will collect personal information without the authorization of the persons concerned, which is contrary to the very object of the law of 1978 , which results in full disapproval; on the other hand, the administration obtains the information to prosecute tax and customs offenses, which materializes the general interest itself.

So what about it?

Read below.

Oct. 26, 2019

Thesaurus : Doctrine

Référence complète : Dulong de Rosnay, M., La mise à disposition des œuvres et des informations sur les réseaux: Régulation juridique et régulation technique, sous la direction de Danièle Bourcier, Université Panthéon-Assas Paris II, 26 octobre 2017, 610 p.

 

 

Sept. 27, 2019

Thesaurus : Soft Law

Full reference: Information Note From the European Commission to the Permanent Representatives Committee About the Progress on Combatting Hate Speech Online Through the EU Code of Conduct, Council of the European Union, 27th of September 2019, 7p.

Read the note

Sept. 27, 2019

Conferences

Generale Reference : Frison-Roche, M.-A., Les solutions offertes par le Droit de la Compliance pour lutter effectivement contre les contrefaçons de masse (The solutions offered by Compliance Law  to fight effectively against mass counterfeiting) , in Seminar of the Association des Praticiens du Droit Droit des Marques et des Modèles (APRAM), La contrefaçon de masse : va-t-on un jour réussi à y mettre un frein ? Quelques nouvelles pistes de réflexion (How to stop the mass Counterfeiting?, some new ideas), Paris, September 27, 2019. 

Read the program of the Seminar. (in French)

This conference is based on the report given to the French Government and published in July2019 : The contribution of Compliance Law to the Governance of Internet.

It is also based on the new contribution to the new edition of the Grands Arrêts de la propriété intellectuelle : "Le maniement de la propriété intellectuelle comme outil de régulation et de compliance"(in French).  This publication is based on this Working Paper : The use of Intellectuel Property as a tool for Regulatory and Compliance Perspectives

 

 

Summary : In this seminar devoted to new ways of reacting to "mass counterfeiting", the idea here is to start from the observation of an increase in the ineffectiveness of intellectual property rights - and thus of the I.P. Law. Law being a practical art, it is not a simple inconvenience, it is a central question. This can be remedied by improving the Ex Post legal process, but we can think of finding Ex Ante mechanisms. The Regulatory Law is Ex Ante, but digital world is not a sector, it is the world itself. A promising direction is therefore Compliance Law, in that it is both Ex Ante and non-sectoral. The contribution shows how Compliance Law is already useful, could be developed and how it could be applied so that these specific rights could be effectively protected in a digital world, where for the moment counterfactors have in fact the means to ignore them.

 

See the slides. (in French)

 

Sept. 8, 2019

Blog

Experience shows that in the digital the legal technique of consent is not protective enough.
 
If only because a simplest technology neutralizes the link that should exist between the "consent" of the user and the "free will" of the latter: the consent of the user only protects the latter to the extent that this one can in Law and in fact to say "no.
 
 
I. THE EXPERIENCE 
 
For example I found on my Facebook New an access to an unknown web site which puts online an article on "the rights of trees" ...
I go. In accordance with the European Regulation (GDPR) transposed into French legal system, the site informs that there is possibility for the user to accept or refuse the use of their personal data for the benefit of "partners".
If they continue reading, the user is supposed to accept everything, but they can click to "customize".
I click: there I find two options: "accept everything" or "reject everything". But the "reject all" option is disabled. It is only possible to click on the "accept all" option.
 
It is also possible, because the law obliges, to consult the list of the partners of this website: I click and find a list of unknown companies, with foreign denominations, which without doubt once will collect my personal data (and those of my contacts) , having their own head office outside the European Union.
It is stated in a text, which can not be copied, that these "partners" can use my data without my consent and for purposes that they do not have to inform me. But, again, these things I can "refuse everything". Here again the "reject all" mention exists but the fonctionality is not active, while the mention "accept all" is an active fonctionality.
 
As I can not refuse (since it's disabled), and as 99% of Internet users have never clicked on the first two buttons, all their data has been fed into the data market that allows the targeting of products that spill out in the digital space, to their detriment and that of their contact.
While believing to read a free article on the "right of the trees".
At the end, I do not read this article, since I did not click on the only active buttons: "accept everything".
 
In more than 50% of cases, the "reject all" or "customize" options are only images but are not active. And data absorption is also about contacts.
In exchange for a whimsical article about trees and their rights, or creams to be always young, or celebrities who change spouses, or about so-called tests to find what king or queen you should be if the all recognized all your merits, etc.
Proposed on the digital news feed by unknown sites; in partnership with foreign companies that you will never reach.
And mass-viewed by Internet users who are also told that "consent" is the proven solution for effective protection ....
While these are just panels hastily built by new Potemkins ...
 
II. WHAT TO DO ? 
 
1. Not be satisfied with "consent" from the moment that it is a mechanism that may not be the expression of a free will: how could it be if the option "to refuse" is not active?
 
2. The link between will and consent must therefore be "presumed" only in a simple presumption and in a non-irrefutable way, because we must refuse to live in a dehumanized society, operating on "mechanical consents", to which the digital does not lead necessarily.
 
3. Entrust by the Compliance Law to the "crucial digital operators" (in the case of Facebook thanks to which these proposals for free reading are made on the thread of news of the Net surfers) the care to verify in Ex Ante the effectiveness of the link between Will and Consent: Here and concretely the possibility for the user to read while refusing the capture of all its data (for the benefit of operators who do not even have the concrete obligation to give the information of the use that will be made of these personal data).
 
_____

Updated: Sept. 5, 2019 (Initial publication: April 30, 2019)

Publications

Reference : Frison-Roche, M.-A., L'apport du Droit de la Compliance dans la Gouvernance d'Internet  (The contribution of Compliance Law to the Internet Governance), Report asked by the French Government, published the 15th July 2019, 139 pages ; report fully translated in English  later.

_____

 

Report Summary. Governing the Internet? Compliance Law can help.

Compliance Law is for the Policy Maker to aim for global goals that they requires to be achieved by companies in a position to do so. In the digital space built on the sole principle of Liberty, the Politics must insert a second principle: the Person. The respect of this One, in balance with the Freedom, can be required by the Policy Maker via Compliance Law, which internalises this specific pretention in the digital companies. Liberalism and Humanism become the two pillars of Internet Governance.

The humanism of European Compliance Law then enriches US Compliance law. The crucial digital operators thus forced, like Facebook, YouTube, Google, etc., must then exercise powers only to better achieve these goals to protect persons (against hatred, inadequate exploitation of data, terrorism, violation of intellectual property, etc.). They must guarantee the rights of individuals, including intellectual property rights. To do this, they must be recognized as "second level regulators", supervised by Public Authorities.

This governance of the Internet by Compliance Law is ongoing. By the European Banking Union. By green finance. By the GDPR. We must force the line and give unity and simplicity that are still lacking, by infusing a political dimension to Compliance: the Person. The European Court of Justice has always done it. The European Commission through its DG Connect is ready.

 

Plan of the Report (4 chapters): an ascertainement of the digitization of the world (1), the challenge of civilization that this constitutes (2), the relations of Compliance mechanisms as it should be conceived between Europe and the United States, not to mention that the world is not limited to them, with the concrete solutions that result from this (3) and concrete practical solutions to better organize an effective digital governance, inspired by what is particularly in the banking sector, and continuing what has already been done in Europe in the digital field, which has already made it exemplary and what it must continue, France can be force of proposal by the example (4).

Read the Report Summary in 3 pages (in English)

Read the Report Summary in 6 pages (in English)

 

 

 Read the written presentation of the Report done by Minister Cédric O (in French).

Listen to the oral  presentation of the Report by Minister Cédir O durant the parliamentary discussion of the law against hate contente on the Internet (in French). 

 

 Read the reporte (in French)

 

-----------

 

 

 

 

 

 

Read below  the 54 propositions that conclude the Report.

Nov. 13, 2018

Thesaurus : Doctrine

Discours d'Emmanuel Macron, président de la République, au Forum "Gouvernance Internet", Unesco, 13 novembre 2018. 

 

Lire le Discours. Compl

July 11, 2018

Thesaurus : Doctrine

Complete reference : Randell, Ch., How can we ensure that big Data does not make us prisoners of technology ?, Reuters Newsmaker event, London, 2018.

 

To read the speech.

June 4, 2018

Thesaurus : Doctrine

Référence complète : Chaltiel, F., La protection des données personnelles. À propos de l'entrée en vigueur  du règlement général de protection des données, in Petites Affiches, Lextenso, juin 2018, pp. 6-22.

 

Le 25 mai 2018 doit marquer le début d'un nouvel âge des droits numériques de chacun. Le règlement général de protection des données, dont la préparation remonte à plusieurs années, doit en effet entrer en vigueur en mai 2018.

Il tire les conséquences de plusieurs décennies de progrès du numérique et vise à assurer, dans un cadre technique inédit à l'échelle de l'histoire de la communication, une protection renforcée des données.

Les obligations sont nombreuses, il n'est pas certain que les acteurs concernés soient en mesure de garantir l'ensemble de ces droits dans le délai imparti. Le nouveau droit fondamental de la protection des données personnelles est sans doute un des défis juridiques majeurs des années à venir pour nos sociétés.

 

May 15, 2018

Thesaurus : Doctrine

Référence complète : Moreaux, A., Comment se conformer au RGPD ?,  in Affiches Parisiennes, mai 2018, pp. 1-3.

 

L'échéance du fameux Règlement général sur la protection des données approche. Pour Mounir Mahjoubi, secrétaire d'État au Numérique, « 2018 est l'année du RGPD » qui va entraîner un « véritable choc de sécurité » sur la toile. La mise en conformité avec le nouveau règlement européen sur le digital qui entre en vigueur le 25 mai est une question centrale pour les entreprises.

 

Pour consulter l'article.

 

Dec. 7, 2017

Interviews

Référence complète : FRISON-ROCHE, M.-A., Il faut construire un dispositif européen de compliance, voilà l'avenir !, in Actualité/Entretien, Petites Affiches, propos recueillis par Olivia DUFOUR, n° 244, 7 déc. 2017, pp. 4-6.

 

Entretien donné à propos de la sortie de l'ouvrage Régulation, Supervision, Compliance.

Réponse aux questions suivantes :

  • Quels sont les buts que vous assignez à la Compliance ?

 

  • Que signifient ces deux concepts que vous introduisez : service public mondial et buts monumentaux ?

 

  • Que devient l’État face à une entreprise globale ?

 

  • Que pensez-vous du lanceur d'alerte ?

 

  • Comment est affectée la relation entre l'Europe et les États-Unis ?

 

  • Par la Compliance, les entreprises ne vont-elles pas gouverner le monde ?

 

______

 

 

 

Lire l'entretien.

Aug. 23, 2017

Thesaurus : Doctrine

Référence générale : Coen, P., Internet contre internh@te : Plaidoyer pour le respect. 50 propositions pour détoxer les réseaux sociaux, coll. "Pour mieux comprendre", Le bord de l'eau, 2017, 188 p.

 

Lire la table des matières.

Lire la quatrième de couverture.

 

Jan. 5, 2017

Blog

Le juge a le pouvoir de "qualifier", c'est-à-dire de donner à une situation de fait ou de droit sa nature, quelle que soit les termes qu'ont utilisé les personnes. Cet office du juge est exprimé par l'article 12 du Code de procédure.

Ainsi, les réseaux sociaux utilisent le terme "amis".

Ce terme a des conséquences juridiques très importantes. En effet, en droit les relations amicales supposent par exemple un désintéressement, l'ami travaillant gratuitement au bénéfice de l'autre. Mais déjà la Cour d'appel de Paris à laquelle FaceBook avait raconté cette fable, se présentant comme le constructeur désintéressé uniquement soucieux de permettre aux internautes de nouer des liens d'amitié, avait répondu en février 2016 que le souci premier de cette entreprise florissante était bien plutôt le profit. Comme on le sait, le profit et la gratuité font très bon ménage.

De la même façon, une relation amicale suppose un souci que l'on a de l'autre, une absence de distance, une certaine chaleur. En cela, une relation amicale est toujours partiale.

C'est pourquoi logiquement lorsqu'un avocat fût l'objet d'une procédure disciplinaire devant le conseil de l'ordre, il demanda la récusation de certains de ces confrères siégeant dans la formation de jugement en évoquant le fait qu'ils étaient "amis" sur FaceBook, ce qui entacherait leur impartialité, les instances disciplinaires étant gouvernées par le principe subjectif et objectif d'impartialité.

Par un arrêt du 5 janvier 2017, la deuxième chambre civile de la Cour de cassation, comme la Cour d'appel, refuse de suivre un tel raisonnement.

En effet, celui-ci n'aurait de sens que si en soi les personnes en contact sur un réseau social étaient effectivement des "amis". Mais ils ne le sont pas. Comme le reprend la Cour de cassation dans la motivation de la Cour d'appel, "le terme d’ « ami » employé pour désigner les personnes qui acceptent d’entrer en contact par les réseaux sociaux ne renvoie pas à des relations d’amitié au sens traditionnel du terme et que l’existence de contacts entre ces différentes personnes par l’intermédiaire de ces réseaux ne suffit pas à caractériser une partialité particulière, le réseau social étant simplement un moyen de communication spécifique entre des personnes qui partagent les mêmes centres d’intérêt, et en l’espèce la même profession".

Ce sont des personnes qui ont des choses en commun, ici une profession, mais cela peut être autre chose, éventuellement un sujet de dispute, même si les études récentes montrent que les personnes se rejoignent plutôt sur des opinions communes.

Mais il ne s'agit tout d'abord que d'un renvoie à une "appréciation souveraine" des faits. Ainsi, si la personne avait apporté la preuve d'une opinion partagée sur le réseau montrant un préjugé - même abstraitement formulé - lui étant défavorable, le résultat aurait été différent. De la même façon, comme cela est souvent le cas, des liens personnels se nouent, par des photos plus personnelles, des échanges plus privés, etc., alors le résultat aurait été différents.

Ainsi, les contacts sur un réseau sociaux ne sont pas en soi des "amis", mais ils peuvent l'être ou le devenir. L'enjeu est donc probatoire. Montrer un lien virtuel n'est pas suffisant, mais c'est une première étape, qui peut mener à la démonstration, qui continue de reposer sur le demandeur à l'instance, d'un lien personnel et désintéressé, ce qui renvoie à la définition juridique de l'amitié, excluant notamment l'impartialité.