Oct. 22, 2020
Interviews
Full reference: Frison-Roche, M.-A., "Health Data Hub est un coup de maître du Conseil d'Etat", interview realized by Olivia Dufour for Actu-juridiques, Lextenso, 22nd of October 2020
Read the news of 19th of October 2020 of the Newsletter MAFR - Law, Compliance, Regulation on which relies this interview: Conditions for the legality of a platform managed by an American company hosting European health data: French Conseil d'Etat decision
To go further, on the question of Compliance Law concerning Health Data Protection, read the news of 25th of August 2020: The always in expansion "Right to be Forgotten": a legitimate Oxymore in Compliance Law built on Information. Example of Cancer Survivors Protection
Oct. 5, 2020
Thesaurus
Oct. 1, 2020
Thesaurus : Soft Law
Full reference of the guidelines: Commission Nationale de l'Informatique et des Libertés (CNIL), Délibération n°2020-091 du 17 septembre 2020 portant adoption de lignes directrices relatives à l'application de l'article 82 de la loi du 6 janvier 1978 modifiée aux opérations de lecture et écriture dans le terminal d'un utilisateur (notamment aux "cookies et autres traceurs") et abrogeant la délibération n°2019-093 du 4 juillet 2019
Full reference of the recommendation: Commission Nationale de l'Informatique et des Libertés (CNIL), Délibération n°2020-092 du 17 septembre 2020 portant adoption d'une recommandation proposant des modalités pratiques de mise en conformité en cas de recours aux "cookies et autres traceurs".
Read the guidelines (in French)
Read the recommendation (in French)
Read the presentation of these guilines and of this recommendation by the CNIL (in French)
Read Marie-Anne Frison-Roche's comment about this in the Newsletter MAFR - Law, Regulation & Compliance of 1st of October 2020
Sept. 16, 2020
Publications
🌐follow Marie-Anne Frison-Roche on LinkedIn
🌐subscribe to the Newsletter MAFR Regulation, Compliance, Law
____
Full reference: M.-A. Frison-Roche, Se tenir bien dans l'espace numérique, in Penser le droit de la pensée. Mélanges en l'honneur de Michel Vivant, Lexis Nexis and Dalloz, 2020, pp. 155-168.
____
📝Read the article (in French)
____
English summary of the article: The digital space is one of the scarce spaces not framed by a specific branch of Law, Freedom also offering opportunity to its actors to not "behave well", that is to express and diffuse broadly and immediately hateful thoughts through Hate speechs, which remained before in private or limited circles. The intimacy of Law and of the legal notion of Person is broken: Digital permits to individuals or organizations to act as demultiplied and anonymous characters, digital depersonalized actors who carry behaviors that are hurtful to other's dignity.
Against that, Compliance Law offers an appropriate solution: internalizing in digital crucial operators the mission to disciplinary and substantially hold the digital space. The digital space has been structured by powerful firms able to maintain order. Because Law must not reduce digital space to be only a neutral market of digital prestations, these crucial operators, like social networks or search engines, must be forced to substantially control behaviors. It could be about an obligation of internet users to act with their face uncover, "real identity" policy controlled by firms, and to respect others' rights, privacy rights, dignity, intellectual property rights. In their Regulatory function, digital crucial firms must be supervised by public authorities.
Thus, Compliance law substantially defined is the protector of the person as "subject of law" in the digital space, by the respect that others must have, this space passing from the status of free space to the one of civilized space, in which everyone is obliged to behave well.
______
Read to go further:
Sept. 10, 2020
Newsletter MAFR - Law, Compliance, Regulation
Full reference: Frison-Roche, M.-A., Responding to an email with "serious anomalies",transferring personal data, blocks reimbursement by the bank: French Cour de cassation, July 1st 2020, Newsletter MAFR - Law, Compliance, Regulation, 10th of September 2020
Read by freely subscribing other news of the Newsletter MAFR - Law, Compliance, Regulation
Summary of the news
"Phishing" is a kind of cyber criminality aiming to obtain, by sending fraudulent emails which look like to those sent by legitimate organisms, recipient's personal information in order to impersonate or steal him or her. As it is difficult to find the authors of "phishing" and to prove their intentionality in order to punish them directly, on mean to fight against "phishing" could be to entitle banks to secure their information network and, to accompany this obligation with a strong incentive, to convict them to reimburse the victims in case of robbery of their personal data.
In 2015, a client victime of this kind of fraud asked to his bank, the Crédit Mutuel, to reimburse him the amount stole, what the bank refused to do on the grounds that the client committed a fault, transferring its confidential information without checking the email, however grossly counterfeit. The Court of first instance gave reason to the client because although he committed this fault, he was in good faith. This judgment was broken by the Chambre commerciale de la Cour de cassation (French Judicial Supreme Court) by a decision of 1st of July 2020 which states that this serious negligence, exclusive of any consideration of good faith, justifies the absence of reimbursement by the bank.
___
From this particular case, we can draw three lessons:
______
Sept. 2, 2020
Newsletter MAFR - Law, Compliance, Regulation
Full reference: Frison-Roche, M.-A., For regulating or supervising, technical competence is required: example of the French creation of the "Pôle d'expertise de la régulation numérique", Newsletter MAFR - Law, Regulation, Compliance, 2nd of September 2020
Lire par abonnement gratuit d'autres news de la Newsletter MAFR - Law, Regulation, Compliance
Summary of the news
Through a decree of 31st of August 2020, the government created a national service, the "Pôle d'expertise de la régulation numérique" (digital regulation expertise pole). It has to furnish to State services a technical expertise in computer science, data science and algorithm processes in order to assist them in their role of control, investigation and study. The aim is to favor information sharing between researchers and State services in charge of regulating digital space.
As its acronym indicates, this pole of expertise aims to represents constance in a changing world. Moreover, more than being a national service, this organism must adopt a transversal dimension, its creation decree being signed by the Prime Minister, Minister of Economy, Minister of Culture and Minister of Digital Transition. The creation of such a pole shows the awareness of the government of the importance of technical competency in the regulation of digital space and of the necessity to centralize these expertises in one organ.
However, as the decree indicates, this pole of expertise could be consulted only by "State services", that excludes regulators which are independent from the State and which could put the pole in conflict of interest, and courts even if they are supposed to play a central role in the regulation of digital space and even if they are allowed to ask the advice of the regulator about some cases. But if regulators cannot size the pole, to whom does it benefit except the legislator and a few officials?
It would therefore have been better for this pole of expertise to be placed under the direction of regulatory and supervisory bodies, which would have enabled it to be able to be consulted both by regulators and by judges, both of whom are key players in digital regulation.
Aug. 31, 2020
Newsletter MAFR - Law, Compliance, Regulation
Full reference: Frison-Roche, M.-A., Compliance by Design, a new weapon? Opinion of Facebook about Apple new technical dispositions on Personal Data protection, Newsletter MAFR - Law, Compliance, Regulation, 31st of August 2020
Read by freely subscribing other news of the Newsletter MAFR - Law, Compliance, Regulation
Summary of the news:
Personal Data, as they are information, are Compliance Tools. They represent a precious resource for firms which must implement a vigilance plan in order to prevent corruption, money laundering or terrorism financing, for examples. It is the reason why personal data are the angular stone of "Compliance by design" systems. However, the use of these data cannot clear the firm of its simultaneous obligation to protect these same personal data, that is also a "monumental goal" of Compliance Law.
In order to be able to exploit these data in an objective of Compliance and protecting them in the same time, the digital firm Apple adopted for example new dispositions in order to the exploitation of the Identifier For Advertisers (IDFA) integrated in the iPad and in the iPhone and broadly used by targeted advertising firms, is conditioned to the consumer's consent.
Facebook reacted to this new disposition explaining that such measures will restrict the access to data for advertisers who will suffer from that. Facebook suspects Apple to block the access to advertisers in order to develop its own advertising tool. Facebook guaranteed to advertisers who work with it that it will not take similar measures and that it will always favor consultation before decision making in order to concile sometimes divergent interests.
We can sleep and already make some remarks:
The whole paradox of Compliance Law rests in the equilibrium between circulation of information and secret.
Aug. 27, 2020
Newsletter MAFR - Law, Compliance, Regulation
Full reference: Frison-Roche, M.-A., "Interregulation" between Payments System and Personal Data Protection: how to organize this "interplay"?, Newsletter MAFR - Law, Compliance, Regulation, 27th of August 2020
Read by freely subscribing the other news of the Newsletter MAFR - Law, Compliance, Regulation
Summary of the news
Regulation Law, in order to recognize and draw the consequences from the specificities of some objects, has been build, at the start, around the notion of "technical sector" although their delimitation is partially related to a political choice. But, in facts, there are multiple points of contacts between sectors, actors moving from one to another as objects. The regulatory solution is so to climb over some technical borders through the methodology of interregulation which is by the way the only one to enable the regulation of some phenomena going beyond the notion of sector and related to Compliance Law.
This news takes the exemple of companies furnishing new payment services. In order to they can provide these services, these firms needs to access to banking accounts of concerned people and so to very sensitive personal data. Regulation of such a configuration needs a cooperation between the banking regulator and the personal data regulator. Legislation being not sufficient to organize in Ex Ante this interregulation, the European Data Protection Board has published some guidelines on 17th of July 2020 about the way it conceives the articulation between the PSD2 (European directive about payment services) and GDPR and has announced that it intended to expand the circle of its interlocutors to do this interregulation. Such an initiative from EDPB can be justified by the uncertainty about how interpreting both texts and articulating them.
Aug. 14, 2020
Newsletter MAFR - Law, Compliance, Regulation
Full reference: Frison-Roche, M.-A., Is Regulating Hate and Infox a legal obligation imposed to the Digital Enterprises or the expression of their free will to contribute to Democracy?, Newsletter MAFR - Law, Compliance, Regulation, 14th of August 2020
Read, by freely subscribing, other news in the Newsletter MAFR - Law, Compliance, Regulation
Summary of the news
Internet permits to access to expanded knowledge but also make easier the broadcasting of fake news and hate speeches. Unfortunately, public powers cannot know who broadcast these fake news and hate speeches and are so not able to fight efficiently against this. A solution would be to expect from digital firms that they find a way to contain these fake news and hate speeches that they structurally contribute to diffuse.
Digital firms already do that and especially Facebook which plans to sensibilize its American users to 2020 presidential elections. However, digital firms explain that if they fight against fake news and hate speeches, it is only because of its Corporate Social Responsibility (CSR). But, even if it is a calculus to get a better reputation and avoid boycott actions, this remains a willingness of the firm which is therefore neither forced to succeed, nor even to act.
The solution proposed by Compliance Law is to make of this effort a legal obligation by internalizing in crucial operators (digital firms) the "monumental goal" to fight against fake news and hate speeches so that digital companies are required to act and that they are supervised by public authorities in this task. The forthcoming law about digital services will impose to digital firms Ex Ante obligations while the law of 22 of December 2018 related to the fight against information manipulation already forces platforms operators a legal obligation to "cooperate" in the fight against fake news.
To go further, read :
July 15, 2020
Thesaurus : Soft Law
Reference complète : Conseil Supérieur de l'Audiovisuel (CSA), Bilan Infox, 2019.
Ce rapport sera bientôt aussi disponible en anglais.
July 8, 2020
Thesaurus : Doctrine
► Référence complète : D. Chelly, Stratégie web. Le rôle central des noms de domaine, Gecop, 2020, 253 p.
____
____
📗lire la table des matières de l'ouvrage
____
► Résumé de l'ouvrage (fait par l'éditeur) : "Simple outil technique avant 2000, le nom de domaine est devenu un élément-clé de la stratégie internet.
Les entreprises sont à la recherche de référentiels pour les questions juridiques, paramétrages informatiques, optimisation pour le référencement et choix marketing.
L'ouvrage propose un état des bonnes pratiques pour l'utilisation des noms de domaine, dans une démarche multidisciplinaire.".
________
June 24, 2020
Thesaurus : Soft Law
Full reference: Faure-Muntian, Valeria and Fasquelle, Daniel, Information Report of the Commission des Affaires économiques (committee on economic affairs) on digital platforms, Assemblée National (National Assembly), June 2020, 104p.
June 10, 2020
Thesaurus : Doctrine
Full reference : Quéméner, M., Dalle, F. and Wierre, Cl., Quels droits face aux innovations numériques ? Législations, jurisprudences et bonnes pratiques du cyberespecac. Défis et protections face aux dérives du numérique, preface by Agathe Lepage, Gualino-Lextenso, 223 pages, 2020.
March 23, 2020
Publications
Without any request, on his or her newsfeed, those who surfs on the social network built by Facebook, has found on 23 of March 2020, in the morning, the following message :
« X (prénom de l'internaute), agissez maintenant pour ralentir la propagation du coronavirus (COVID-19) Retrouvez les actualités des autorités sanitaires et institutions publiques, des conseils pour ralentir la propagation du coronavirus et des ressources pour vous et vos proches dans le Centre d’information sur le coronavirus (COVID-19)" ("X (user's name), act now to slow down the spread of the Coronavirus (COVID-19). Find the health authorities and public institutions' news, advices to slow down the spread of the Coronavirus for you and your entourage in the Information Center about Coronavirus (COVID-19) »).
This corresponds to the more general declaration done the same day by Kang-Xing Jin, director of Health at Facebook, who declares : "In response to the coronavirus outbreak, Facebook is supporting the global public health community’s work to keep people safe and informed. Since the World Health Organization declared the coronavirus a public health emergency in January, we’ve taken steps to make sure everyone has access to accurate information, stop misinformation and harmful content, and support global health experts, local governments, businesses and communities.".
Thanks, Facebook to indicate how to do ; by the way, thanks to having invited me to do it. By the way, is it really an « invitation » ? Since the expression is « act now ». Just miss the exclamation point, and the pointed finger of Uncle Sam for « war effort »!footnote-1770.
If in Law, we can consider « invitation », it would be not to the "invitation" that in the past Bank of France did to shareholders banks to refinance a bank which risks to be soon into difficulties that we could consider, invitation from which the invited cannot really escape. No, obviously no, it is just the same message that you and me can write on our Facebook pages to tell similar things about the same purpose ! But, Facebook would be, like you and me, editor of contents ?
Questions and difficulties which encourage to proceed to the legal analysis to know under which title Facebook posted such a message.
The first hypothesis is that this firm has acted spontaneously, following its « Corporate Social Responsibility » (I) If it is the right qualification, with regards to the content of the message, legal consequences are important because this firm, without generalizing to others, by the expression of its care of common good, shows, by transitivity, that it is an editor.
The second hypothesis starts from the observation that Facebook is a « crucial digital operator ». In this perspective, the firm is constraint to Compliance Law (II). It is the reason why, it is constraint by specific obligations, that excludes the spontaneous message emission qualification. If it is the right qualification, with regards to the content of the message, legal consequences are also important and of a totally different nature. Indeed, the qualification leads to develop the relation between the obligation to fight against fake news and malicious websites towards those of redirecting towards public websites, benefiting for the operator of a reliability presumption.
Read the developments below.
Jan. 15, 2020
Interviews
Référence complète : Frison-Roche, M.-A., Haine sur Internet : il faut responsabiliser les opérateurs numériques, entretien avec Olivia Dufour, Actu-juridique Lextenso, 15 janvier 2020.
Les questions posées étaient :
Lire les trois réponses données dans l'interview.
______
Dec. 19, 2019
Interviews
Reference Frison-Roche, M.-A., Le droit de la compliance pour réguler l'internet (Compliance Law to Regulate the Internet), Interview given in French to Sylvie Rozenfeld, Expertises, December 2019, p.385-390.
Summary. Law seems increasingly powerless to stem the social disorder generated by the Internet. For Marie-Anne Frison-Roche, Law professor and specialist in Regulatory Law, the solution is to be found in Law, and more particularly in Compliance Law. This specific Law is already applied in the banking and finance sector, or in the area of personal data. As it has done for green finance and through the GDPR, Europe could impose a compliance system which internalizes concern for the individual in large digital operators. It is up to them to put in place the means and bear the cost, such as the right to be forgotten erected by the CJEU. Marie-Anne Frison-Roche does not offer anything revolutionary, she is content to take elements of positive law that already exist and to correlate them.
Read the interview (in French)
Read the presentation of the official Report for the French Government about which this interview is given:: The contribution of Compliance Law to the Governance of Internet.
Dec. 4, 2019
MAFR TV : MAFR TV - case
Regarder le film de 5 minutes sur le contenu, le sens et la portée de l'arrêt rendu par la première chambre civile de la Cour de cassation du 27 novembre 2019, M.X.A. c/ Google.
Cet arrêt casse l'arrêt de la Cour d'appel de Paris qui valide le non-déférencement, après que la CNIL a demandé l'interprétation des textes, notamment du RGPD, parce que le droit à l'oubli doit limiter l'exception ici invoquée, à savoir le droit à l'information, même s'il s'agit d'une décision pénale concernant un commissaire-aux-comptes, car il s'agit d'une affaire privée et non pas ce qui concerne l'exercice de sa profession réglementée coeur du système financier.
Dec. 1, 2019
Thesaurus : Doctrine
► Référence complète : De Backer, N., « Le principe de proportionnalité à l’épreuve de la liberté d’expression numérique », J.E.D.H., 2019/4, p. 243-277.
____
Dec. 1, 2019
Thesaurus : Doctrine
► Référence complète : De Backer, N., « Le principe de proportionnalité à l’épreuve de la liberté d’expression numérique », J.E.D.H., 2019/4, p. 243-277.
____
Nov. 16, 2019
Publications
The Finance Bill has proposed to the Parliament to vote an article 57 whose title is: Possibilité pour les administrations fiscales et douanières de collecter et exploiter les données rendues publiques sur les sites internet des réseaux sociaux et des opérateurs de plateformes (translation: Possibility for the tax and customs administrations to collect and exploit the data made public on the websites of social networks and platform operators).
Its content is as is in the text voted on in the National Assembly as follows:
"(1) I. - On an experimental basis and for a period of three years, for the purposes of investigating the offenses mentioned in b and c of 1 of article 1728, in articles 1729, 1791, 1791 ter, in 3 °, 8 ° and 10 ° of article 1810 of the general tax code, as well as articles 411, 412, 414, 414-2 and 415 of the customs code, the tax administration and the customs administration and indirect rights may, each as far as it is concerned, collect and exploit by means of computerized and automated processing using no facial recognition system, freely accessible content published on the internet by the users of the online platform operators mentioned in 2 ° of I of article L. 111-7 of the consumer code.
(2) The processing operations mentioned in the first paragraph are carried out by agents specially authorized for this purpose by the tax and customs authorities.
(3) When they are likely to contribute to the detection of the offenses mentioned in the first paragraph, the data collected are kept for a maximum period of one year from their collection and are destroyed at the end of this period. However, when used within the framework of criminal, tax or customs proceedings, this data may be kept until the end of the proceedings.
(4) The other data are destroyed within a maximum period of thirty days from their collection.
(5) The right of access to the information collected is exercised with the assignment service of the agents authorized to carry out the processing mentioned in the second paragraph under the conditions provided for by article 42 of law n ° 78-17 of January 6, 1978 relating to data processing, the files and freedoms.
(6) The right to object, provided for in article 38 of the same law, does not apply to the processing operations mentioned in the second paragraph.
(7) The terms of application of this I are set by decree of the Council of State.
(8) II. - The experiment provided for in I is the subject of an evaluation, the results of which are forwarded to Parliament as well as to the National Commission for Data Protection at the latest six months before its end. "
This initiative provoked many comments, rather reserved, even after the explanations given by the Minister of Budget to the National Assembly.
What to think of it legally?
Because the situation is quite simple, that is why it is difficult: on the one hand, the State will collect personal information without the authorization of the persons concerned, which is contrary to the very object of the law of 1978 , which results in full disapproval; on the other hand, the administration obtains the information to prosecute tax and customs offenses, which materializes the general interest itself.
So what about it?
Read below.
Oct. 10, 2019
Thesaurus : Soft Law
Full reference: Alexandre Neyret, La cybercriminalité boursière. Définition, cas et perspectives (Stock market cybercriminality. Définition, cases and perspectives), Report to l'AMF, 10th of October 2019, 70p.
Sept. 8, 2019
Blog
Updated: Sept. 5, 2019 (Initial publication: April 30, 2019)
Publications
🌐 follow Marie-Anne Frison-Roche on LinkedIn
🌐subscribe to the Newsletter MAFR Regulation, Compliance, Law
____
► Full Reference: M.-A. Frison-Roche, L'apport du Droit de la Compliance dans la Gouvernance d'Internet (The contribution of Compliance Law to the Internet Governance), Report asked by the French Government, published the 15th of July 2019, 139 p.
___
► Report Summary. Governing the Internet? Compliance Law can help.
Compliance Law is for the Policy Maker to aim for global goals that they require to be achieved by companies in a position to do so. In the digital space built on the sole principle of Liberty, the Politics must insert a second principle: the Person. The respect of this One, in balance with the Freedom, can be required by the Policy Maker via Compliance Law, which internalises this specific pretention in the digital companies. Liberalism and Humanism become the two pillars of Internet Governance.
The humanism of European Compliance Law then enriches US Compliance law. The crucial digital operators thus forced, like Facebook, YouTube, Google, etc., must then exercise powers only to better achieve these goals to protect persons (against hatred, inadequate exploitation of data, terrorism, violation of intellectual property, etc.). They must guarantee the rights of individuals, including intellectual property rights. To do this, they must be recognized as "second level regulators", supervised by Public Authorities.
This governance of the Internet by Compliance Law is ongoing. By the European Banking Union. By green finance. By the GDPR. We must force the line and give unity and simplicity that are still lacking, by infusing a political dimension to Compliance: the Person. The European Court of Justice has always done it. The European Commission through its DG Connect is ready.
► 📓 Read the reporte (in French)
📝 Read the Report Summary in 3 pages (in English)
📝 Read the Report Summary in 6 pages (in English)
____
► Plan of the Report (4 chapters): an ascertainment of the digitization of the world (1), the challenge of civilization that this constitutes (2), the relations of Compliance mechanisms as it should be conceived between Europe and the United States, not to mention that the world is not limited to them, with the concrete solutions that result from this (3) and concrete practical solutions to better organize an effective digital governance, inspired by what is particularly in the banking sector, and continuing what has already been done in Europe in the digital field, which has already made it exemplary and what it must continue, France can be force of proposal by the example (4).
____
📝 Read the written presentation of the Report done by Minister Cédric O (in French).
____
💬 Read the interview published the 18 July 2019 : "Gouvernance d'Internet : un enjeu de civilisation" ( "Governing Internet: an Issue of Civilization"), given in French,
📻 Listen the Radio broadcast of July 21, 2019 during which its consequences are applied to the cryptocurrency "Libra" (given in French)
🏛 Presentation of the Report to the Conseil Supérieur de l'Audiovisuel- CSA (French Council of Audiovisual) on Septembre 5, by a discussion with its members presentation (in French)
💬 Read the Interview published the 20 December 2019 : "Le droit de la compliance pour réguler l'Internet" ("Compliance Law for regulate Internet"), given in French
____
read below the 54 propositions of the Report ⤵️
Sept. 1, 2019
Thesaurus : Doctrine
Full reference: Bounie, D. and Maxwell, W., L'explicabilité des algorithmes est-elle un droit fondamental?, Column in Le Monde, 1st of September 2019
Read the column (in French)
July 18, 2019
Interviews
Référence complète : interview à propos du rapport reçu par le Gouvernement le 15 juillet 2019 : Frison-Roche, M.-A., "Gouvernance d'Internet : nous sommes face à un enjeu de civilisation", Petites affiches, 18 juillet 2019, entretien mené avec Olivia Dufour.
Résumé de l'interview :
"Dans le rapport qu’elle a remis au secrétaire d’État au numérique en juillet, Marie-Anne Frison-Roche émet 55 propositions visant à élaborer une gouvernance d’internet fondée sur la compliance. Il s’agit en pratique pour le politique de définir des buts monumentaux : par exemple la lutte contre le réchauffement climatique et de les internaliser dans les acteurs cruciaux, par exemple Facebook ou Google sous le contrôle d’un superviseur. Ainsi Facebook serait-il appelé à surveiller les échanges numériques de la même façon qu’aujourd’hui Euronext surveille les échanges financiers. Au-delà de la question cruciale de la régulation du numérique, l’ambition consiste pour l’Europe à être fidèle à sa tradition humaniste en imposant par le droit la protection de la personne.".
Se reporter au Rapport de Marie-Anne Frison-Roche, L'apport du Droit de la Compliance dans la Gouvernance d'Internet, à propos duquel l'interview a été donné.