Feb. 1, 2024

Teachings

🌐follow Marie-Anne Frison-Roche on LinkedIn

🌐subscribe to the Newsletter MAFR Regulation, Compliance, Law

____

 Full Reference: F. Ancel &  M.-A. Frison-RocheDroit de la compliance (Compliance Law), École nationale de la magistrature - ENM (French National School for the Judiciary), in collaboration with the École de Formation professionnelle des Barreaux du ressort de la cour d'appel de Paris - EFB (Paris Bar School), Paris, February 1 and 2, 2024

This teaching is given in French.

____

🌐consult on LinkedIn a general présentation of this event, which links to a presentation and a report of each speech

____

 Presentation of the Teaching: The aim of this two-day conference is to enable judges and lawyers to grasp the issues, objectives and methods that define Compliance Law as it is practised in companies.

The speakers will illustrate the growing trend towards litigation, which is difficult to reconcile with the supranational dimension, or even indifference to territories, for example when disputes concern systemic climate or digital issues: the result is a renewal of the role of the judge and the role of lawyers.

This must be set against the renewal of the role and operation of companies themselves.

This is analysed from the perspective of Civil Law, in particular Contract Law and Liability Law. Company Law and Criminal Law are also addressed, as well as the way in which the legal system now integrates governance, regulation, climate and digital issues and the smooth operation of financial markets through Compliance techniques.

____

 Organisation of the Teaching: This conference is divided into two parts.

The first day is designed as a presentation of the major themes through which Compliance Law crosses the branches of traditional Law. The speakers will be professors of Law who will successively summarise the branches of Law and put into perspective the way in which Compliance imperatives give rise to new situations, new difficulties and new solutions.

This enables the second day to focus on practical and topical issues and to debate controversial questions between people of different sensibilities. The participants tend to be judges, members of regulatory authorities, lawyers, members of associations and so on.

____

 Enrolment procedure: The course is open to all judicial and consular magistrates, as well as lawyers.

Registrations can be made directly with the ENM or with the EFB.

____

► Speakers :  

🎤François Ancel, Judge at the Première Chambre civile de la Cour de cassation (First Civil Chamber of the French Court of cassation) 

🎤Thomas Baudesson, Attorney at the Paris Bar, Partner at Clifford Chance

🎤Guillaume Beaussonie, Full Professor at Toulouse 1 Capitole University

🎤Jacques Boulard, Premier Président de la Cour d’appel de Paris (First President of the Paris Court of Appeal)

🎤Marie Caffin-Moi, Full Professor at Paris Panthéon-Assas University

🎤Malik Chapuis, Judge at the Tribunal judiciaire de Paris (Paris First Instance Civil Court)

🎤Lucie Chatelain, Advocacy and Litigation Manager - Civil Liability of Parent Companies, Sherpa

🎤Jean-Benoît Devauges, Directeur Juridique, Ethique et Gouvernance des entreprises (Legal, Ethics and enterprises governance Director), MEDEF

🎤Marie-Anne Frison-Roche, Professor of Regulatory and Compliance Law, Director of the Journal of Regulation & Compliance (JoRC)

🎤Arnaud Gossement, Attorney at the Paris Bar, Partner at Gossement Avocats

🎤Thibault Goujon-Bethan, Full Professor at Jean Moulin Lyon 3 University

🎤Christophe Ingrain, Attorney at the Paris Bar, Partner at Darrois Villey Maillot Brochier

🎤Isabelle Jegouzo, Director of the Agence française anticorruption - AFA (French Anti-Corruption Agency) 

🎤Anne-Valérie Le Fur, Full Professor at Versailles Saint-Quentin-en-Yvelines University

🎤Charlotte Michon, Attorney at the Paris Bar, partner at Charlotte Michon Avocat

🎤Jean-Baptiste Racine, Full Professor at Paris Panthéon-Assas University

🎤 Jean-Christophe Roda, Full Professor at Jean-Moulin Lyon 3 University

🎤Jérôme Simon, 1er Vice-Procureur Financier (First Financial Vice-Prosecutor)

____

🧮read below the programme put together and organised by François Ancel and Marie-Anne Frison-Roche, as well as the reports of each presentation⤵️

Sept. 1, 2023

Thesaurus : Doctrine

 Référence complète : J. Groffe-Charrier, "Contrôle de l’âge du public de contenus pornographiques : l’ouverture de la boîte de Pandore ?", Communication-Commerce électronique, n° 9, septembre 2023, pp. 1-4

____

 Résumé de l'article (fait par l'auteure) : "La protection des mineurs en ligne se traduit notamment, pour le Gouvernement, par la nécessité de contrôler l’âge des utilisateurs de sites proposant des contenus pornographiques, afin d’épargner les plus jeunes. Toutefois, si l’objectif est louable, les solutions envisagées ne sont pas sans risque et mettent en lumière les limites de la règle légale.".

____

🦉Cet article est accessible en texte intégral pour les personnes inscrites aux enseignements de la Professeure Marie-Anne Frison-Roche

________

Sept. 27, 2022

Thesaurus : Soft Law

► Référence complète : Conseil d'État, Les réseaux sociaux. Enjeu et opportunités pour la puissance publique, Rapport annuel, 2022.

____

📗Lire le rapport.

________

Updated: Sept. 18, 2021 (Initial publication: Sept. 10, 1999)

Publications

► Référence complète : Frison-Roche, M.-A.,  Droit, finance, autorité. Sociologie comparée des autorités de marchés financiers,  recherches menées puis rapport rédigé pour le Laboratoire de sociologie juridique, Université Panthéon-Assas (Paris II), remis au GIP Mission de recherche Droit et justice, septembre 1999, dactyl., 117 p. 

____

📝 Lire la table des matières de l'ouvrage. 

____

 

📝 Lire le résumé et la synthèse de l'ouvrage en 4 pages. 

____

 

📝 Lire le rapport

____

 

Lire les deux monographies accompagnant le rapport :

📝 Bouthinon-Dumas, H., Le rôle des autorités de marchés financiers dans la crise asiatique vue à travers la presse

📝 V. Magnier, Les autorités de marchés financiers aux Etats-Unis. Droit, juge et autorité de marché

____

 

📝 Lire les synthèses concernant les différents pays étudiés

📝 Lire la grille d'entretien semi-ouvert

________

 

Dec. 10, 2020

Thesaurus : 03. Conseil d'Etat

Référence complète : CE, 10 déc. 2010, CDiscount
 
 
 
"Dispense lorsque les intérêts légitimes du responsable du traitement prévalent sur ceux des personnes concernées (f de l'art. 6 du RGPD) - 1) Modalités d'appréciation - 2) Espèce.

Il résulte clairement de l'article 6 du règlement (UE) n° 2016/679 du 27 avril 2016 (dit " RGPD ") qu'un traitement de données à caractère personnel ne satisfait aux exigences du règlement, dès lors qu'il n'est nécessaire ni au respect d'une obligation légale à laquelle le responsable du traitement est soumis, ni à l'exécution d'une mission d'intérêt public ou relevant de l'exercice de l'autorité publique dont est investi le responsable du traitement, ni à la sauvegarde des intérêts vitaux de la personne concernée ou d'une autre personne physique, que si la personne concernée a consenti au traitement de ses données, sauf à ce que le traitement soit nécessaire à l'exécution d'un contrat auquel la personne concernée est partie ou à l'exécution de mesures précontractuelles prises à la demande de celle-ci, ou à ce qu'il soit nécessaire aux fins des intérêts légitimes poursuivis par le responsable du traitement ou par un tiers, à la condition, dans ce dernier cas, que ces intérêts légitimes puissent être regardés comme prévalant sur les intérêts des personnes concernées ou sur leurs libertés et droits fondamentaux.
 
1) Pour apprécier si les intérêts légitimes du responsable du traitement prévalent sur ceux des personnes concernées, il y a lieu de mettre en balance, d'une part, l'intérêt légitime poursuivi par le responsable du traitement et, d'autre part, l'intérêt ou les libertés et droits fondamentaux des personnes concernées, eu égard notamment à la nature des données traitées, à la finalité et aux modalités du traitement ainsi qu'aux attentes que ces personnes peuvent raisonnablement avoir quant à l'absence de traitement ultérieur des données collectées.
 
2) Délibération de la Commission nationale de l'informatique et des libertés (CNIL) indiquant que les données relatives à la carte de paiement en matière de vente de biens ou de fourniture de services à distance ne peuvent être collectées et traitées par une société vendant des biens ou des services à distance que pour permettre la réalisation d'une transaction dans le cadre de l'exécution d'un contrat et que la conservation de ces données afin de faciliter d'éventuels paiements ultérieurs n'est possible que si les personnes auxquelles ces données se rapportent ont donné préalablement et explicitement leur consentement, à moins qu'elles aient souscrit un abonnement donnant accès à des services additionnels, traduisant leur inscription dans une relation commerciale régulière. Si la société soutient que la conservation du numéro de carte bancaire du client qui a procédé à un achat en ligne est nécessaire aux fins de l'intérêt légitime consistant à faciliter des paiements ultérieurs en dispensant le client de le saisir à chacun de ses achats, notamment dans le cadre d'une fonctionnalité d'achat rapide - dite " en un clic " - cet intérêt ne saurait prévaloir sur l'intérêt des clients de protéger ces données, compte tenu de la sensibilité de ces informations bancaires et des préjudices susceptibles de résulter pour eux de leur captation et d'une utilisation détournée, et alors que de nombreux clients qui utilisent des sites de commerce en ligne en vue de réaliser des achats ponctuels ne peuvent raisonnablement s'attendre à ce que les entreprises concernées conservent de telles données sans leur consentement. Par suite, la CNIL a pu à bon droit estimer que, de façon générale, devait être soumise au consentement explicite de la personne concernée la conservation des numéros de cartes bancaires des clients des sites de commerce en ligne pour faciliter des achats ultérieurs.".
 
C'est pourquoi le recours de CDiscount contre la décision de sanction de la CNIL est rejeté. 


s légales____ookie

Dec. 8, 2020

Thesaurus : Doctrine

► Référence complète : E. Balate, "Le consommateur", in J.-B. Racine (dir.), Le droit économique au XXIe siècle. Notions et enjeux, LGDJ, coll. "Droit & Économie", 2020, pp. 153-172

____

📕consulter une présentation générale de l'ouvrage, Le droit économique au XXIe siècle. Notions et enjeux, dans lequel cet article est publié 

____

► Résumé de l'article : 

____

🦉Cet article est accessible en texte intégral pour les personnes inscrites aux enseignements de la Professeure Marie-Anne Frison-Roche

________

 

Nov. 23, 2020

Interviews

Full reference: Frison-Roche, M.-A., Facebook: Quand le Droit de la Compliance démontre sa capacité à protéger les personnes (Facebook: When Compliance Law proves its ability to protect people), interview with Olivia Dufour, Actu-juridiques Lextenso, 23rd of November 2020

Read the interview (in French)

Read the news of the Newsletter MAFR - Law, Compliance, Regulation about this question

Oct. 1, 2020

Thesaurus : Soft Law

Full reference: Baer, B., Proposals to Strengthen the Antitrust Laws and Restore Competition Online, Testimony before the United-States House of Representatives, Committee on Judiciary, Subcommittee on Antitrust, Commercial and Administrative Law, 1st of October 2020

Read the testimony

Read Bill Baer's presentation by Brookings Institution of which he is a member

Sept. 21, 2020

Newsletter MAFR - Law, Compliance, Regulation

Full reference: Frison-Roche, M.-A., Regulation, Compliance & Cinema: learning about Internet Regulation with the series "Criminals"​Newsletter MAFR - Law, Compliance, Regulation, 21st of September 2020

Read by freely subscribing other news of the Newsletter MAFR - Law, Compliance, Regulation

 

Summary of the news: 

Season 2 Episode 3 of the British version of the series "Criminals" features the character of Danielle. Danielle is a mother which has decided to hunt down pedophiles on social networks in order to trap them and show to the world their acts. Danielle insists on the efficiency of her action with regard to the police and justice that she finds unproductive. In the episode, Danielle is accused of defamation by the police. While policemen try to explain to Danielle the importance of using a regular procedure and to respect the Rule of Law aiming to prove its accusations, she makes efficiency her only principle. According to her, her methods get results (on the contrary of those used by the police which respect procedures) and those she accuses to be pedophiles do not deserve defense rights. 

We can learn three lessons from Danielle's story: 

  1. If Compliance Law is just a process of application of mechanical rules, then Rule of Law is not salient face to the principle of efficiency. But, if Compliance Law is defined by its "monumental goals" and that the respect of Rule of Law is erected in "monumental goal", then efficiency and Rule of Law become compatible and congruent. 
  2. The digital space must be disciplined by crucial digital firms supervised by public authorities, like in France or Germany for hate speeches and disinformation. 
  3. Compliance Law, and Law in general, must be pedagogue towards individuals as Danielle which do not understand why their behaviors are reproachable. 

Sept. 21, 2020

Law by Illustrations

This working paper is an extraction of an eponym newsletter published in the Newsletter MAFR - Law, Regulation & Compliance on 21st of September 2020 on LinkedIn.

Read the newsletter of 21st of September 2020

Sept. 16, 2020

Publications

🌐follow Marie-Anne Frison-Roche on LinkedIn

🌐subscribe to the Newsletter MAFR Regulation, Compliance, Law 

____

Full reference: M.-A. Frison-Roche, Se tenir bien dans l'espace numérique, in Penser le droit de la pensée. Mélanges en l'honneur de Michel Vivant, Lexis Nexis and Dalloz, 2020, pp. 155-168.

____

📝Read the article (in French)

____

🚧Read the working paper, written in English, on which this article is based, with additional developments, technical references, and hyperlinks

 

English summary of the article: The digital space is one of the scarce spaces not framed by a specific branch of Law, Freedom also offering opportunity to its actors to not "behave well", that is to express and diffuse broadly and immediately hateful thoughts through Hate speechs, which remained before in private or limited circles. The intimacy of Law and of the legal notion of Person is broken: Digital permits to individuals or organizations to act as demultiplied and anonymous characters, digital depersonalized actors who carry behaviors that are hurtful to other's dignity. 

Against that, Compliance Law offers an appropriate solution: internalizing in digital crucial operators the mission to disciplinary and substantially hold the digital space. The digital space has been structured by powerful firms able to maintain order. Because Law must not reduce digital space to be only a neutral market of digital prestations, these crucial operators, like social networks or search engines, must be forced to substantially control behaviors. It could be about an obligation of internet users to act with their face uncover, "real identity" policy controlled by firms, and to respect others' rights, privacy rights, dignity, intellectual property rights. In their Regulatory function, digital crucial firms must be supervised by public authorities. 

Thus, Compliance law substantially defined is the protector of the person as "subject of law" in the digital space, by the respect that others must have, this space passing from the status of free space to the one of civilized space, in which everyone is obliged to behave well. 

______

 

Read to go further: 

Sept. 10, 2020

Newsletter MAFR - Law, Compliance, Regulation

Full reference: Frison-Roche, M.-A., Responding to an email with "serious anomalies"​,transferring personal data, blocks reimbursement by the bank: French Cour de cassation, July 1st 2020Newsletter MAFR - Law, Compliance, Regulation, 10th of September 2020

Read by freely subscribing other news of the Newsletter MAFR - Law, Compliance, Regulation

 

Summary of the news

"Phishing" is a kind of cyber criminality aiming to obtain, by sending fraudulent emails which look like to those sent by legitimate organisms, recipient's personal information in order to impersonate or steal him or her. As it is difficult to find the authors of "phishing" and to prove their intentionality in order to punish them directly, on mean to fight against "phishing" could be to entitle banks to secure their information network and, to accompany this obligation with a strong incentive, to convict them to reimburse the victims in case of robbery of their personal data.  

In 2015, a client victime of this kind of fraud asked to his bank, the Crédit Mutuel, to reimburse him the amount stole, what the bank refused to do on the grounds that the client committed a fault, transferring its confidential information without checking the email, however grossly counterfeit. The Court of first instance gave reason to the client because although he committed this fault, he was in good faith. This judgment was broken by the Chambre commerciale de la Cour de cassation (French Judicial Supreme Court) by a decision of 1st of July 2020 which states that this serious negligence, exclusive of any consideration of good faith, justifies the absence of reimbursement by the bank.

___

 

From this particular case, we can draw three lessons

  1. The Cour de Cassation states that good faith is not a salient criterion and that, as the bank must react when a banking account is objectively abnormal, the client must react face to an obviously abnormal email. 
  2. The Cour de Cassation describes the repartition of proof burden. Proof obligations are alternatively distributed between the bank and its client. First, the bank must secure its information network but, secondly, the client must take every reasonable measure to preserve its safety. It results from this that, if the email seems normal, phishing damages must be supported by the bank, and more generally of by the firm, while if the email is obviously abnormal, they must be supported by the client, but the burden to prove the abnormality of the email must be supported by the firm and not by the client. 
  3. Such a proof system shows that Compliance Law includes a pedagogic mission by educating each client in order to he or she would be able to distinguish among his or her emails, those which are normal and those which are obviously suspect. This pedagogic dimension, with the legal consequences associated to it, will not stop to spread. 

 

______

Aug. 31, 2020

Newsletter MAFR - Law, Compliance, Regulation

Full reference: Frison-Roche, M.-A., Compliance by Design, a new weapon? Opinion of Facebook about Apple new technical dispositions on Personal Data protectionNewsletter MAFR - Law, Compliance, Regulation, 31st of August 2020

Read by freely subscribing other news of the Newsletter MAFR - Law, Compliance, Regulation

 

Summary of the news:

Personal Data, as they are information, are Compliance Tools. They represent a precious resource for firms which must implement a vigilance plan in order to prevent corruption, money laundering or terrorism financing, for examples. It is the reason why personal data are the angular stone of "Compliance by design" systems. However, the use of these data cannot clear the firm of its simultaneous obligation to protect these same personal data, that is also a "monumental goal" of Compliance Law. 

In order to be able to exploit these data in an objective of Compliance and protecting them in the same time, the digital firm Apple adopted for example new dispositions in order to the exploitation of the Identifier For Advertisers (IDFA) integrated in the iPad and in the iPhone and broadly used by targeted advertising firms, is conditioned to the consumer's consent.

Facebook reacted to this new disposition explaining that such measures will restrict the access to data for advertisers who will suffer from that. Facebook suspects Apple to block the access to advertisers in order to develop its own advertising tool. Facebook guaranteed to advertisers who work with it that it will not take similar measures and that it will always favor consultation before decision making in order to concile sometimes divergent interests. 

We can sleep and already make some remarks:

  • GDPR imposing to companies that they guarantee a minimal level of protection for personal data does not apply in the United-States. It is then possible that Apple acted through Corporate Social Responsibility (CSR), more than through legal obligation. 
  • The mode of regulation used here is the "conversational regulation" theorized by Julia Black. Indeed, regulators let the forces in presence discuss. 
  • This "conversational regulation" does not seem to be very efficient in this case and an intervention of administrative authorities or of judges could be justified via Competition Law, Regulation Law or Compliance Law, knowing that Competition Law will favor access right to information and Regulation or Compliance Law private life right. 

The whole paradox of Compliance Law rests in the equilibrium between circulation of information and secret. 

Aug. 27, 2020

Newsletter MAFR - Law, Compliance, Regulation

Full reference: Frison-Roche, M.-A., "Interregulation"​ between Payments System and Personal Data Protection: how to organize this "interplay"​?Newsletter MAFR - Law, Compliance, Regulation, 27th of August 2020

Read by freely subscribing the other news of the Newsletter MAFR - Law, Compliance, Regulation

 

Summary of the news

Regulation Law, in order to recognize and draw the consequences from the specificities of some objects, has been build, at the start, around the notion of "technical sector" although their delimitation is partially related to a political choice. But, in facts, there are multiple points of contacts between sectors, actors moving from one to another as objects. The regulatory solution is so to climb over some technical borders through the methodology of interregulation which is by the way the only one to enable the regulation of some phenomena going beyond the notion of sector and related to Compliance Law. 

This news takes the exemple of companies furnishing new payment services. In order to they can provide these services, these firms needs to access to banking accounts of concerned people and so to very sensitive personal data. Regulation of such a configuration needs a cooperation between the banking regulator and the personal data regulator. Legislation being not sufficient to organize in Ex Ante this interregulation, the European Data Protection Board has published some guidelines on 17th of July 2020 about the way it conceives the articulation between the PSD2 (European directive about payment services) and GDPR and has announced that it intended to expand the circle of its interlocutors to do this interregulation. Such an initiative from EDPB can be justified by the uncertainty  about how interpreting both texts and articulating them.   

Aug. 18, 2020

Newsletter MAFR - Law, Compliance, Regulation

Full reference: Frison-Roche, M.-A., Can Coordination between local Regulators replace a unique centralized Regulator? Example of the European organisation of the Open Internet PrincipleNewsletter MAFR - Law, Compliance, Regulation, 18th of August 2020

Read, by freely subscribing, the other news of the Newsletter MAFR - Law, Compliance, Regulation

To go further, read Marie-Anne Frison-Roche's article: The hypothesis of interregulation 

 

Summary of the news

The principle of "open internet" enshrined in the European regulation of 30th of April 2016 guaranteeing a non discriminatory access to Internet contents and services. However, there is no European regulator to implement such a principle. Is it possible to guarantee the effectivity of this principle without a central regulator in charge of this principle? 

On 11st of June 2020, the BEREC (Body of European Regulators for Electronic Communications) adopted guidelines concerning the application of the open internet principle. The BEREC is not a European regulator but a network of national regulators aiming to coordinate their actions. This body is only a consultative body but its recommendations are taken into account by national authorities which have deep legal power, as Osborne-Clarke said about the technical implementation of the European principle of open internet at the national level.  

It is thus non necessary to have a central regulator to ensure the effectivity of a principle since the moment when there is a local regulators network able to coordinate their actions through soft law.   

July 8, 2020

Thesaurus : Doctrine

► Référence complète : D. Chelly, Stratégie web. Le rôle central des noms de domaine, Gecop, 2020, 253 p.

____

📗lire la 4ième de couverture

____

📗lire la table des matières de l'ouvrage

____

► Résumé de l'ouvrage (fait par l'éditeur) : "Simple outil technique avant 2000, le nom de domaine est devenu un élément-clé de la stratégie internet.

Les entreprises sont à la recherche de référentiels pour les questions juridiques, paramétrages informatiques, optimisation pour le référencement et choix marketing.

L'ouvrage propose un état des bonnes pratiques pour l'utilisation des noms de domaine, dans une démarche multidisciplinaire.". 

________

June 18, 2020

Thesaurus : 01. Conseil constitutionnel

Jan. 16, 2020

Thesaurus : Doctrine

Full reference: Féral-Schuhl, C., Cyberdroit. Le Droit à l'épreuve de l'internet, Collection Praxis Dalloz, Dalloz, 8th edition, 2020, 1731p.

 

Read the forth of cover (in French)

Read the table of contents (in French)

Dec. 19, 2019

Interviews

Reference Frison-Roche, M.-A., Le droit de la compliance pour réguler l'internet  (Compliance Law to Regulate the Internet), Interview given in French to Sylvie Rozenfeld, Expertises, December 2019, p.385-390.

 

Summary. Law seems increasingly powerless to stem the social disorder generated by the Internet. For Marie-Anne Frison-Roche, Law professor and specialist in Regulatory Law, the solution is to be found in Law, and more particularly in Compliance Law. This specific Law is already applied in the banking and finance sector, or in the area of ​​personal data. As it has done for green finance and through the GDPR, Europe could impose a compliance system which internalizes concern for the individual in large digital operators. It is up to them to put in place the means and bear the cost, such as the right to be forgotten erected by the CJEU. Marie-Anne Frison-Roche does not offer anything revolutionary, she is content to take elements of positive law that already exist and to correlate them.

 

Read the interview (in French)

 

Read the presentation of the official Report for the French Government about which this interview is given:: The contribution of Compliance Law to the Governance of Internet

Nov. 16, 2019

Publications

The Finance Bill has proposed to the Parliament to vote an article 57 whose title is: Possibilité pour les administrations fiscales et douanières de collecter et exploiter les données rendues publiques sur les sites internet des réseaux sociaux et des opérateurs de plateformes (translation: Possibility for the tax and customs administrations to collect and exploit the data made public on the websites of social networks and platform operators).

Its content is as is in the text voted on in the National Assembly as follows:

"(1) I. - On an experimental basis and for a period of three years, for the purposes of investigating the offenses mentioned in b and c of 1 of article 1728, in articles 1729, 1791, 1791 ter, in 3 °, 8 ° and 10 ° of article 1810 of the general tax code, as well as articles 411, 412, 414, 414-2 and 415 of the customs code, the tax administration and the customs administration and indirect rights may, each as far as it is concerned, collect and exploit by means of computerized and automated processing using no facial recognition system, freely accessible content published on the internet by the users of the online platform operators mentioned in 2 ° of I of article L. 111-7 of the consumer code.

(2) The processing operations mentioned in the first paragraph are carried out by agents specially authorized for this purpose by the tax and customs authorities.

 

(3) When they are likely to contribute to the detection of the offenses mentioned in the first paragraph, the data collected are kept for a maximum period of one year from their collection and are destroyed at the end of this period. However, when used within the framework of criminal, tax or customs proceedings, this data may be kept until the end of the proceedings.

(4) The other data are destroyed within a maximum period of thirty days from their collection.

(5) The right of access to the information collected is exercised with the assignment service of the agents authorized to carry out the processing mentioned in the second paragraph under the conditions provided for by article 42 of law n ° 78-17 of January 6, 1978 relating to data processing, the files and freedoms.

(6) The right to object, provided for in article 38 of the same law, does not apply to the processing operations mentioned in the second paragraph.

(7) The terms of application of this I are set by decree of the Council of State.

(8) II. - The experiment provided for in I is the subject of an evaluation, the results of which are forwarded to Parliament as well as to the National Commission for Data Protection at the latest six months before its end. "

 

This initiative provoked many comments, rather reserved, even after the explanations given by the Minister of Budget to the National Assembly.

What to think of it legally?

Because the situation is quite simple, that is why it is difficult: on the one hand, the State will collect personal information without the authorization of the persons concerned, which is contrary to the very object of the law of 1978 , which results in full disapproval; on the other hand, the administration obtains the information to prosecute tax and customs offenses, which materializes the general interest itself.

So what about it?

Read below.

Oct. 26, 2019

Thesaurus : Doctrine

Référence complète : Dulong de Rosnay, M., La mise à disposition des œuvres et des informations sur les réseaux: Régulation juridique et régulation technique, sous la direction de Danièle Bourcier, Université Panthéon-Assas Paris II, 26 octobre 2017, 610 p.

 

 

Sept. 27, 2019

Thesaurus : Soft Law

Full reference: Information Note From the European Commission to the Permanent Representatives Committee About the Progress on Combatting Hate Speech Online Through the EU Code of Conduct, Council of the European Union, 27th of September 2019, 7p.

Read the note

Sept. 27, 2019

Conferences

Generale Reference : Frison-Roche, M.-A., Les solutions offertes par le Droit de la Compliance pour lutter effectivement contre les contrefaçons de masse (The solutions offered by Compliance Law  to fight effectively against mass counterfeiting) , in Seminar of the Association des Praticiens du Droit Droit des Marques et des Modèles (APRAM), La contrefaçon de masse : va-t-on un jour réussi à y mettre un frein ? Quelques nouvelles pistes de réflexion (How to stop the mass Counterfeiting?, some new ideas), Paris, September 27, 2019. 

Read the program of the Seminar. (in French)

This conference is based on the report given to the French Government and published in July2019 : The contribution of Compliance Law to the Governance of Internet.

It is also based on the new contribution to the new edition of the Grands Arrêts de la propriété intellectuelle : "Le maniement de la propriété intellectuelle comme outil de régulation et de compliance"(in French).  This publication is based on this Working Paper : The use of Intellectuel Property as a tool for Regulatory and Compliance Perspectives

 

 

Summary : In this seminar devoted to new ways of reacting to "mass counterfeiting", the idea here is to start from the observation of an increase in the ineffectiveness of intellectual property rights - and thus of the I.P. Law. Law being a practical art, it is not a simple inconvenience, it is a central question. This can be remedied by improving the Ex Post legal process, but we can think of finding Ex Ante mechanisms. The Regulatory Law is Ex Ante, but digital world is not a sector, it is the world itself. A promising direction is therefore Compliance Law, in that it is both Ex Ante and non-sectoral. The contribution shows how Compliance Law is already useful, could be developed and how it could be applied so that these specific rights could be effectively protected in a digital world, where for the moment counterfactors have in fact the means to ignore them.

 

See the slides. (in French)

 

Sept. 8, 2019

Blog

Experience shows that in the digital the legal technique of consent is not protective enough.
 
If only because a simplest technology neutralizes the link that should exist between the "consent" of the user and the "free will" of the latter: the consent of the user only protects the latter to the extent that this one can in Law and in fact to say "no.
 
 
I. THE EXPERIENCE 
 
For example I found on my Facebook New an access to an unknown web site which puts online an article on "the rights of trees" ...
I go. In accordance with the European Regulation (GDPR) transposed into French legal system, the site informs that there is possibility for the user to accept or refuse the use of their personal data for the benefit of "partners".
If they continue reading, the user is supposed to accept everything, but they can click to "customize".
I click: there I find two options: "accept everything" or "reject everything". But the "reject all" option is disabled. It is only possible to click on the "accept all" option.
 
It is also possible, because the law obliges, to consult the list of the partners of this website: I click and find a list of unknown companies, with foreign denominations, which without doubt once will collect my personal data (and those of my contacts) , having their own head office outside the European Union.
It is stated in a text, which can not be copied, that these "partners" can use my data without my consent and for purposes that they do not have to inform me. But, again, these things I can "refuse everything". Here again the "reject all" mention exists but the fonctionality is not active, while the mention "accept all" is an active fonctionality.
 
As I can not refuse (since it's disabled), and as 99% of Internet users have never clicked on the first two buttons, all their data has been fed into the data market that allows the targeting of products that spill out in the digital space, to their detriment and that of their contact.
While believing to read a free article on the "right of the trees".
At the end, I do not read this article, since I did not click on the only active buttons: "accept everything".
 
In more than 50% of cases, the "reject all" or "customize" options are only images but are not active. And data absorption is also about contacts.
In exchange for a whimsical article about trees and their rights, or creams to be always young, or celebrities who change spouses, or about so-called tests to find what king or queen you should be if the all recognized all your merits, etc.
Proposed on the digital news feed by unknown sites; in partnership with foreign companies that you will never reach.
And mass-viewed by Internet users who are also told that "consent" is the proven solution for effective protection ....
While these are just panels hastily built by new Potemkins ...
 
II. WHAT TO DO ? 
 
1. Not be satisfied with "consent" from the moment that it is a mechanism that may not be the expression of a free will: how could it be if the option "to refuse" is not active?
 
2. The link between will and consent must therefore be "presumed" only in a simple presumption and in a non-irrefutable way, because we must refuse to live in a dehumanized society, operating on "mechanical consents", to which the digital does not lead necessarily.
 
3. Entrust by the Compliance Law to the "crucial digital operators" (in the case of Facebook thanks to which these proposals for free reading are made on the thread of news of the Net surfers) the care to verify in Ex Ante the effectiveness of the link between Will and Consent: Here and concretely the possibility for the user to read while refusing the capture of all its data (for the benefit of operators who do not even have the concrete obligation to give the information of the use that will be made of these personal data).
 
_____

Updated: Sept. 5, 2019 (Initial publication: April 30, 2019)

Publications

🌐 follow Marie-Anne Frison-Roche on LinkedIn

🌐subscribe to the Newsletter MAFR Regulation, Compliance, Law 

____

► Full Reference: M.-A. Frison-RocheL'apport du Droit de la Compliance dans la Gouvernance d'Internet  (The contribution of Compliance Law to the Internet Governance), Report asked by the French Government, published the 15th of July 2019, 139 p.

___

► Report Summary. Governing the Internet? Compliance Law can help.

Compliance Law is for the Policy Maker to aim for global goals that they require to be achieved by companies in a position to do so. In the digital space built on the sole principle of Liberty, the Politics must insert a second principle: the Person. The respect of this One, in balance with the Freedom, can be required by the Policy Maker via Compliance Law, which internalises this specific pretention in the digital companies. Liberalism and Humanism become the two pillars of Internet Governance.

The humanism of European Compliance Law then enriches US Compliance law. The crucial digital operators thus forced, like Facebook, YouTube, Google, etc., must then exercise powers only to better achieve these goals to protect persons (against hatred, inadequate exploitation of data, terrorism, violation of intellectual property, etc.). They must guarantee the rights of individuals, including intellectual property rights. To do this, they must be recognized as "second level regulators", supervised by Public Authorities.

This governance of the Internet by Compliance Law is ongoing. By the European Banking Union. By green finance. By the GDPR. We must force the line and give unity and simplicity that are still lacking, by infusing a political dimension to Compliance: the Person. The European Court of Justice has always done it. The European Commission through its DG Connect is ready.

 

► 📓 Read the reporte (in French)

📝 Read the Report Summary in 3 pages (in English)

📝 Read the Report Summary in 6 pages (in English)

____

 

►  Plan of the Report (4 chapters): an ascertainment of the digitization of the world (1), the challenge of civilization that this constitutes (2), the relations of Compliance mechanisms as it should be conceived between Europe and the United States, not to mention that the world is not limited to them, with the concrete solutions that result from this (3) and concrete practical solutions to better organize an effective digital governance, inspired by what is particularly in the banking sector, and continuing what has already been done in Europe in the digital field, which has already made it exemplary and what it must continue, France can be force of proposal by the example (4).

____

 

📝  Read the written presentation of the Report done by Minister Cédric O (in French).

🏛 Listen to the oral  presentation of the Report by Minister Cédric O durant the parliamentary discussion of the law against hate contente on the Internet (in French).

____

 

💬 Read the interview published the 18 July 2019 : "Gouvernance d'Internet : un enjeu de civilisation" ( "Governing Internet: an Issue of Civilization"), given in French, 

📻 Listen the Radio broadcast of July 21, 2019 during which its consequences are applied to the cryptocurrency "Libra" (given in French)

🏛 Presentation of the Report to the Conseil Supérieur de l'Audiovisuel- CSA (French Council of Audiovisual) on Septembre 5, by a discussion with its members presentation (in French)

💬 Read the  Interview published the 20 December 2019 : "Le droit de la compliance pour réguler l'Internet" ("Compliance Law for regulate Internet"), given in French

____

 

 

read below the 54 propositions of the Report ⤵️