► An article from March 3, 2021, Smile for the camera: the dark side of China's emotion-recognition tech, then an article from June 16, 2021, "Every smile you fake" - an AI emotion - recognition system can assess how "happy" China's workers are in the office describes how a new technology of emotional recognition is able, through what will soon be out of fashion to call "facial recognition", to distinguish a smile that reflects a mind state of real satisfaction from a smile which does not correspond to it. This allows the employer to measure the suitability of the human being for his or her work. It is promised that it will be used in an ethical way, to improve well-being at work. But isn't it in itself that this technology is incompatible with any compensation through ethical support?

The technology developed by a Chinese technology company and acquired by other Chinese companies with many employees, allows to have information on the actual state of mind of the person through and beyond his or her facial expressions and bodily behavior.

Previously, the technology of emotional recognition had been developed to ensure security, by fighting against people with hostile plans, public authorities using it for example in the controls at airports to detect the criminal plans which some passengers could have.

It is now affirmed that it is not about fighting against some evil people ("dangerousness") to protect the group before the act is committed ("social defense”) but that it is about helping all workers.

Indeed, the use that will be made of it will be ethical, because first the people who work for these Chinese companies with global activity, like Huawaï, do it freely and have accepted the operation of these artificial intelligence tools (which is not the case with people who travel, control being then a kind of necessary evil that they do not have to accept, which is imposed on them for the protection of the group), but even and above all, the purpose is itself ethical: if it turns out that the person does not feel well at work, that they are not happy there, even before they are perhaps aware, the company can assist.

Let’s take this practical case from the perspective of Law and let’s imagine that it is contested before a judge applying the principles of Western Law.

Would this be acceptable?

No, and for three reasons.

1. An "ethical use" cannot justify an unethical process in itself

2. The first freedoms are negative

3. "Consent" should not be the only principle governing the technological and digital space

I. AN "ETHICAL USE" CAN NEVER LEGITIMATE AN UNETHICAL PROCESS IN ITSELF

These unethical processes in themselves cannot be made "acceptable" by an "ethical use" which will be made of them.

This principle was especially reminded by Sylviane Agacinski in bioethics: if one cannot dispose of another through a disposition of his or her body which makes his or her very person available (see not. Agacinski, S., ➡️📗Le tiers-corps. Réflexions sur le don d’organes, 2018).

Except to make the person reduced to the thing that his or her body is, which is not ethically admissible in itself, that is excluded, and Law is there in order to this is not possible.

This is even why the legal notion of "person", which is not a notion that goes without saying, which is a notion built by Western thought, acts as a bulwark so that human beings cannot be fully available to others, for example by placing their bodies on the market (see Frison-Roche, M.-A., ➡️📝To protect human beings, the ethical imperative of the legal notion of person, 2018). This is why, for example, as Sylviane Agacinski emphasizes, there is no ethical slavery (a slave who cannot be beaten, who must be well fed, etc.).

That the human being agrees ("and what about if it pleases me to be beaten?") does not change anything.

II. THE FIRST FREEDOM IS THE ONE TO SAY NO, FOR EXAMPLE BY REFUSING TO REVEAL YOUR EMOTIONS: FOR EXAMPLE HIDING IF YOU ARE HAPPY OR NOT TO WORK

The first freedom is not positive (being free to say Yes); it is negative (being free to say No). For example, the freedom of marriage is having the freedom not to marry before having the freedom to marry: if one does not have the freedom not to marry, then the freedom to marry loses any value. Likewise, the freedom to contract implies the freedom not to contract, etc.

Thus, freedom in the company can take the form of freedom of speech, which allows people, according to procedures established by Law, to express their emotions, for example their anger or their disapproval, through the strike.

But this freedom of speech, which is a positive freedom, has no value unless the worker has the fundamental freedom not to express his or her emotions. For example if he or she is not happy with his or her job, because he or she does not appreciate what he or she does, or he or she does not like the place where he or she works, or he or she does not like people with whom he or she works, his or her freedom of speech demands that he or she have the right not to express it.

If the employer has a tool that allows him or her to obtain information about what the worker likes and dislikes, then the employee loses this first freedom.

In the Western legal order, we must be able to consider that it is at the constitutional level that the infringement is carried out through Law of Persons (on the intimacy between the Law of Persons and the Constitutional Law, see Marais , A., ➡️📕Le Droit des personnes, 2021).

III. CONSENT SHOULD NOT BE THE ONLY PRINCIPLE GOVERNING THE TECHNOLOGICAL AND DIGITAL SPACE

We could consider that the case of the company is different from the case of the controls operated by the State for the monitoring of airports, because in the first case observed people are consenting.

"Consent" is today the central notion, often presented as the future of what everyone wants: the "regulation" of technology, especially when it takes the form of algorithms ("artificial intelligence"), especially in digital space.

"Consent" would allow "ethical use" and could establish the whole (on these issues, see Frison-Roche, M.-A., ➡️📝Having a good behavior in the digital space, 2019).

"Consent" is a notion from which Law is today moving away in Law of Persons, in particular as regards the "consent" given by adolescents on the availability of their body, but not yet on digital.

No doubt because in Contract Law, "consent" is almost synonymous with "free will", whereas they must be distinguished (see Frison-Roche, M.-A., ➡️📝Remarques sur la distinction entre la volonté et le consentement en Droit des contrats, 1995).

But we see through this case, which precisely takes place in China, that "consent" is in Law as elsewhere a sign of submission. It is only in a probative way that it can constitute proof of a free will; this proof must not turn into an irrebuttable presumption.

The Data Regulatory Authorities (for example in France the CNIL) seek to reconstitute this probative link between "consent" and "freedom to say No" so that technology does not allow by "mechanical consents", cut off from any connection with the principle of freedom which protects human beings, from dispossessing themselves (see Frison-Roche, M.-A., Yes to the principle of will, No to pure consents, 2018).

The more the notion of consent will be peripheral, the more human beings will be able to be active and protected.

________

► Référence complète : Douville, T., Quel droit pour les plateformes ?, in Delpech, X. (dir.), L'émergence d'un droit des plateformes, coll. « Thèmes et commentaires », Dalloz, 2021, pp.217-239.

_____

► Lire la présentation générale de l'ouvrage dans lequel est publié cet article. 

► Law is slow, but firm. By its judgment of June 15, 2021, Facebook , the European Union Court of Justice widely interprets the powers of National Authorities, since they serve the people protection in the digital space (➡️📝(CJEU, June 15, 2021, Facebook). 

Law is slow. The reproach is so often made. But the bottom line is that, in the noise of changing regulations, it establishes clear and firm principles, letting everyone know what to stand for. The more the world is changing, the more Law is required.

When Law degenerates into regulations, then it is up to the Judge to make Law. "Supreme Courts" appear, de jure as in the United States, de facto as in the European Union by the Court of Justice of the European Union which lays down the principles, before everyone else, as it did for the "right to be forgotten" in 2014 (➡️📝CJEU, Google Spain, May 13, 2014), and then with the impossibility of transferring data to third countries without the consent of the people concerned (➡️📝CJEU, Schrems, October 6, 2015).

Facebook litigation is kind of a novel. The company knows that it is above all to the Courts that it speaks. In Europe, it is doing it behind the walls of the Irish legal space, from which it would like to be able not to leave before better dominating the global digital space, while national regulatory authorities want to take it to protect citizens.

There is therefore a technical question of "jurisdictional competence". The texts have provided for this, but Law is clumsy because it was designed for a world still anchored in the ground: the GDPR of 2016 therefore organizes cooperation between national regulatory authorities through a "one-stop-shop", forcing the authorities to relinquish jurisdiction so that the case is only handled by the "lead" National Authority. This avoids splintering and contradiction. But before the adoption of the GDPR, the Belgian data protection regulator had opened a procedure against Facebook concerning cookies. The "one-stop-shop" mechanism, introduced in 2016, is therefore only mentioned before the Brussels Court of Appeal, which is asked to relinquish jurisdiction in favor of the Irish Regulatory Authority, since the company has in Europe its head office in this country. The Court of Appeal referred to the CJEU for a preliminary ruling.

By its judgment of June 15, 2021 (➡️📝CJUE, Facebook, June 15, 2021), it follows the conclusions of its Advocate General and maintains the jurisdiction of the Belgian National Regulator because, even after the GDPR, the case still undergoes national treatment. In this decision, the most important is its reasoning and the principle adopted. The Court notes that the "one-stop-shop" rule is not absolute and that the national regulatory authority has the power to maintain its jurisdiction, in particular if cooperation between national authorities is difficult.

Even more, will it not one day have to adjust Law more radically? We need to consider the fact that the digital space is not bound by borders and that the ambition of "cross-border cooperation" is ill-suited. It is of course on this observation of inefficiency, consubstantial with the digital space, that the European Public Prosecutor's Office (EPPO) was designed and set up, which is not a cooperation, nor a "one-stop shop", but a body of the Union, acting locally for the Union, directly linked to Compliance concerns (➡️📝Frison-Roche, M.-A. "The European Public Prosecutor's Office is a considerable contribution to Compliance Law", 2021 and ., European Public Prosecutor's Office comes on stage: the company having itself become a private prosecutor, are we going towards an alliance of all prosecutors ?, 2021).

So that's what we should be inspired by.

► Compliance Law and Competition: for building, is it necessary to legislate ? Example of quasi-public interest judicial agreement: the French Competition Authority's Statement of June 3, 2021 on Facebook

The French law so-called "Sapin 2" of 2016, organized the "convention judiciaire d’intérêt public - CJIP" (Public Interest Judicial Agreement) which allows the prosecutor to undertake not to prosecute a company in returns for this company's commitments for the future. Is this mechanism reserved for this law, which only concerns corruption and bribery? The answer is often positive.

Is it so obvious?

Since the entity having the power to prosecute therefore always has the power not to prosecute. As the company always has the freedom to make commitments for the future. And everything stops.

News in Competition Law illustrate this. On June 9, 2021, as part of a transaction, the Autorité de la concurrence (French Competition Authority) sanctions Google (➡️📝 Communiqué of the Autorité de la Concurrence , translated in English by the French Competition Authority) , which has not contested the facts, for abuse of dominant position for having privileged its services in the online advertising services. Similar facts were alleged against Facebook. But on June 3, 2021, the Autorité de la concurrence (French Competition Authority) published a "communiqué de presse" (➡️📝statement translated in English by the French Competition Authority) saying that Facebook has, during the investigation, proposed commitments regarding its future behavior. It is remarkable that this statement on Facebook is published as an “acte de régulation” (regulatory act).

Yes, it is indeed an regulatory act about the future and structuring the online advertising area, internalized in this company which engages itself in its future behavior. With its statement, the Competition Authority invites the “acteurs du secteur” (actors of this sector) to make observations, for the development of what will be a sort of compliance program.

In these negotiations which are akin to a game table, where everyone calculates without knowing if they enter into a negotiation or a confrontation, the first game assuming that one shows more cards than in the second, it is indeed towards a kind of Public Interest Judicial Agreement that they are going with a Competition Authority which is both Judge and Prosecutor, concludes the agreement and, through a later decision, gives it force. Under the various legal qualifications, it is indeed the same general mechanism of Compliance Law, well beyond the specific French law known as Sapin 2.

Managed in this way, Compliance Law being an Ex Ante corpus, transforms the Competition Authority, an Ex Post Authority, into an Ex Ante Authority, openly taking "acte de régulation" (Regulatory Act), and allows it to rely on the power of companies, thus “committed”, to structure markets, which are however not regulated. Like advertising or retailing areas (➡️📝see Frison-Roche, M.-A., From Competition Law to Compliance Law: Example of French Competition Authority's decision on central purchasing body in mass distribution, 2020).

Thus Compliance Law has achieved the autonomy of Regulatory Law with regards to the notion, which nevertheless seemed intimate to it, of "sector".

► register to the French Newsletter MaFR ComplianceTech®

Full reference: CJEU, Grand chamber, Judgment Facebook Ireland e.a. v. Gegevensbeschermingsautoriteit, C-645-19, June 15, 2021

Read the judgment

Read the abstract of the judgment done by the Court

Read the press release

Full reference: Frison-Roche, M.-A., "Let's Use the Power of GAFAMs in the Service of General Interest!" ("Utilisons la puissance des GAFAMs au service de l'intérêt général!"), interview done by Olivia Dufour, Actu-juridiques Lextenso, 11st of January 2021

Read the interview (in French)

To read the article translated in English by us, read the working paper on which this interview is based

Summary of the interview by Olivia Dufour:

Marie-Anne Frison-Roche, Professor of Regulation and Compliance Law, reported to the government in 2019 about Internet governance. For this expert, giving a disciplinary power to GAFAMs is the only effective solution. And the suppression of Donald Trump's account is not likely to call this analysis into question.

The three questions (translated in English here by ourselves) asked by Olivia Dufour are: 

• The deletion of Donald Trump's Twitter account arouses strong emotions on social networks, and not only among his supporters. What do you think about this ?
• However, this incident does raise concern. Are we not giving too much power to these private companies? This raises the question in France of the relevance of the Avia system ...
• Should we therefore resolve by default to give our freedoms to private and opaque mastodons?

Read the answers to these three questions (in French)

To go further, especially about the logics that guide the Avia system, see:

• Frison-Roche, M.-A., "Hate on internet: we need to responsibilize digital operators" ("Haine sur internet: il faut responsabiliser les opérateurs numériques"), 2020
• Frison-Roche, M.-A., The contribution of Compliance Law to Internet Governance, report to Government, 2019

Full reference: Zittrain, J. L., "Gaining Power, Losing Control", Clare Hall Tanner Lecture 2020, 2020

See the intervention

Read the intervention's report

This intervention is divided in two parts: 

• Between Abdication and Suffocation: Three Eras of Governing Digital Platforms 
• With Great Power Comes Great Ignorance: What’s Wrong When Machine Learning Gets It Right 

► Référence complète : L. Godefroy, "Le numérique", in J.-B. Racine (dir.), Le droit économique au XXIe siècle. Notions et enjeux, LGDJ, coll. "Droit & Économie", 2020, pp. 513-526

____

📕consulter une présentation générale de l'ouvrage, Le droit économique au XXIe siècle. Notions et enjeux, dans lequel cet article est publié 

____

► Résumé de l'article : 

____

🦉Cet article est accessible en texte intégral pour les personnes inscrites aux enseignements de la Professeure Marie-Anne Frison-Roche

________

Full reference: Vergnolle, S., L'effectivité de la protection des personnes par le droit des données à caractère personnel (The effectiveness of the protection of people by personal data Law (our translation)), Passa, J. (dir.), thesis, Law, Panthéon-Assas University (Paris II), 2020, 531 p.

Read the thesis (in French)

Read directly and only the table of contents (in French)

To go further about regulation of personal data, read: 

• Frison-Roche, M.-A., Rethinking the world from the notion of data, 2016
• Frison-Roche, M.-A., The regulatory conséquences of a world redesigned from the concept of data, 2016. 

Full reference: Frison-Roche, M.-A., Facebook: Quand le Droit de la Compliance démontre sa capacité à protéger les personnes (Facebook: When Compliance Law proves its ability to protect people), interview with Olivia Dufour, Actu-juridiques Lextenso, 23rd of November 2020

Read the interview (in French)

Read the news of the Newsletter MAFR - Law, Compliance, Regulation about this question

This working paper served as a basis for an interview organized by Olivia Dufour in French in Actu-juridiques-Lextenso on 11st of January 2021. 

Full reference: Frison-Roche, M.-A., "Health Data Hub est un coup de maître du Conseil d'Etat", interview realized by Olivia Dufour for Actu-juridiques, Lextenso, 22nd of October 2020

Read the news of 19th of October 2020 of the Newsletter MAFR - Law, Compliance, Regulation on which relies this interview: Conditions for the legality of a platform managed by an American company hosting European health data​: French Conseil d'Etat decision 

To go further, on the question of Compliance Law concerning Health Data Protection, read the news of 25th of August 2020: The always in expansion "Right to be Forgotten"​: a legitimate Oxymore in Compliance Law built on Information. Example of​ Cancer Survivors Protection 

Full reference of the guidelines: Commission Nationale de l'Informatique et des Libertés (CNIL), Délibération n°2020-091 du 17 septembre 2020 portant adoption de lignes directrices relatives à l'application de l'article 82 de la loi du 6 janvier 1978 modifiée aux opérations de lecture et écriture dans le terminal d'un utilisateur (notamment aux "cookies et autres traceurs") et abrogeant la délibération n°2019-093 du 4 juillet 2019 

Full reference of the recommendation: Commission Nationale de l'Informatique et des Libertés (CNIL), Délibération n°2020-092 du 17 septembre 2020 portant adoption d'une recommandation proposant des modalités pratiques de mise en conformité en cas de recours aux "cookies et autres traceurs". 

Read the guidelines (in French)

Read the recommendation (in French)

Read the presentation of these guilines and of this recommendation by the CNIL (in French) 

Read Marie-Anne Frison-Roche's comment about this in the Newsletter MAFR - Law, Regulation & Compliance of 1st of October 2020

🌐follow Marie-Anne Frison-Roche on LinkedIn

🌐subscribe to the Newsletter MAFR Regulation, Compliance, Law 

____

Full reference: M.-A. Frison-Roche, Se tenir bien dans l'espace numérique, in Penser le droit de la pensée. Mélanges en l'honneur de Michel Vivant, Lexis Nexis and Dalloz, 2020, pp. 155-168.

____

📝Read the article (in French)

____

🚧Read the working paper, written in English, on which this article is based, with additional developments, technical references, and hyperlinks

English summary of the article: The digital space is one of the scarce spaces not framed by a specific branch of Law, Freedom also offering opportunity to its actors to not "behave well", that is to express and diffuse broadly and immediately hateful thoughts through Hate speechs, which remained before in private or limited circles. The intimacy of Law and of the legal notion of Person is broken: Digital permits to individuals or organizations to act as demultiplied and anonymous characters, digital depersonalized actors who carry behaviors that are hurtful to other's dignity. 

Against that, Compliance Law offers an appropriate solution: internalizing in digital crucial operators the mission to disciplinary and substantially hold the digital space. The digital space has been structured by powerful firms able to maintain order. Because Law must not reduce digital space to be only a neutral market of digital prestations, these crucial operators, like social networks or search engines, must be forced to substantially control behaviors. It could be about an obligation of internet users to act with their face uncover, "real identity" policy controlled by firms, and to respect others' rights, privacy rights, dignity, intellectual property rights. In their Regulatory function, digital crucial firms must be supervised by public authorities. 

Thus, Compliance law substantially defined is the protector of the person as "subject of law" in the digital space, by the respect that others must have, this space passing from the status of free space to the one of civilized space, in which everyone is obliged to behave well. 

______

Read to go further: 

• Frison-Roche, M.-A., L'apport du Droit de la Compliance à la gouvernance d'Internet, 2019
• Frison-Roche, M.-A. (dir.), Internet, un espace d'interrégulation, 2016

Full reference: Frison-Roche, M.-A., Responding to an email with "serious anomalies"​,transferring personal data, blocks reimbursement by the bank: French Cour de cassation, July 1st 2020, Newsletter MAFR - Law, Compliance, Regulation, 10th of September 2020

Read by freely subscribing other news of the Newsletter MAFR - Law, Compliance, Regulation

Summary of the news

"Phishing" is a kind of cyber criminality aiming to obtain, by sending fraudulent emails which look like to those sent by legitimate organisms, recipient's personal information in order to impersonate or steal him or her. As it is difficult to find the authors of "phishing" and to prove their intentionality in order to punish them directly, on mean to fight against "phishing" could be to entitle banks to secure their information network and, to accompany this obligation with a strong incentive, to convict them to reimburse the victims in case of robbery of their personal data.  

In 2015, a client victime of this kind of fraud asked to his bank, the Crédit Mutuel, to reimburse him the amount stole, what the bank refused to do on the grounds that the client committed a fault, transferring its confidential information without checking the email, however grossly counterfeit. The Court of first instance gave reason to the client because although he committed this fault, he was in good faith. This judgment was broken by the Chambre commerciale de la Cour de cassation (French Judicial Supreme Court) by a decision of 1st of July 2020 which states that this serious negligence, exclusive of any consideration of good faith, justifies the absence of reimbursement by the bank.

___

From this particular case, we can draw three lessons: 

1. The Cour de Cassation states that good faith is not a salient criterion and that, as the bank must react when a banking account is objectively abnormal, the client must react face to an obviously abnormal email. 
2. The Cour de Cassation describes the repartition of proof burden. Proof obligations are alternatively distributed between the bank and its client. First, the bank must secure its information network but, secondly, the client must take every reasonable measure to preserve its safety. It results from this that, if the email seems normal, phishing damages must be supported by the bank, and more generally of by the firm, while if the email is obviously abnormal, they must be supported by the client, but the burden to prove the abnormality of the email must be supported by the firm and not by the client. 
3. Such a proof system shows that Compliance Law includes a pedagogic mission by educating each client in order to he or she would be able to distinguish among his or her emails, those which are normal and those which are obviously suspect. This pedagogic dimension, with the legal consequences associated to it, will not stop to spread. 

______

Full reference: Frison-Roche, M.-A., For regulating or supervising, technical competence is required: example of the French creation of the "Pôle d'expertise de la régulation numérique"​, Newsletter MAFR - Law, Regulation, Compliance, 2nd of September 2020

Lire par abonnement gratuit d'autres news de la Newsletter MAFR - Law, Regulation, Compliance

Summary of the news

Through a decree of 31st of August 2020, the government created a national service, the "Pôle d'expertise de la régulation numérique" (digital regulation expertise pole). It has to furnish to State services a technical expertise in computer science, data science and algorithm processes in order to assist them in their role of control, investigation and study. The aim is to favor information sharing between researchers and State services in charge of regulating digital space. 

As its acronym indicates, this pole of expertise aims to represents constance in a changing world. Moreover, more than being a national service, this organism must adopt a transversal dimension, its creation decree being signed by the Prime Minister, Minister of Economy, Minister of Culture and Minister of Digital Transition. The creation of such a pole shows the awareness of the government of the importance of technical competency in the regulation of digital space and of the necessity to centralize these expertises in one organ. 

However, as the decree indicates, this pole of expertise could be consulted only by "State services", that excludes regulators which are independent from the State and which could put the pole in conflict of interest, and courts even if they are supposed to play a central role in the regulation of digital space and even if they are allowed to ask the advice of the regulator about some cases. But if regulators cannot size the pole, to whom does it benefit except the legislator and a few officials? 

It would therefore have been better for this pole of expertise to be placed under the direction of regulatory and supervisory bodies, which would have enabled it to be able to be consulted both by regulators and by judges, both of whom are key players in digital regulation.

Full reference: Frison-Roche, M.-A., Compliance by Design, a new weapon? Opinion of Facebook about Apple new technical dispositions on Personal Data protection, Newsletter MAFR - Law, Compliance, Regulation, 31st of August 2020

Read by freely subscribing other news of the Newsletter MAFR - Law, Compliance, Regulation

Summary of the news:

Personal Data, as they are information, are Compliance Tools. They represent a precious resource for firms which must implement a vigilance plan in order to prevent corruption, money laundering or terrorism financing, for examples. It is the reason why personal data are the angular stone of "Compliance by design" systems. However, the use of these data cannot clear the firm of its simultaneous obligation to protect these same personal data, that is also a "monumental goal" of Compliance Law. 

In order to be able to exploit these data in an objective of Compliance and protecting them in the same time, the digital firm Apple adopted for example new dispositions in order to the exploitation of the Identifier For Advertisers (IDFA) integrated in the iPad and in the iPhone and broadly used by targeted advertising firms, is conditioned to the consumer's consent.

Facebook reacted to this new disposition explaining that such measures will restrict the access to data for advertisers who will suffer from that. Facebook suspects Apple to block the access to advertisers in order to develop its own advertising tool. Facebook guaranteed to advertisers who work with it that it will not take similar measures and that it will always favor consultation before decision making in order to concile sometimes divergent interests. 

We can sleep and already make some remarks:

• GDPR imposing to companies that they guarantee a minimal level of protection for personal data does not apply in the United-States. It is then possible that Apple acted through Corporate Social Responsibility (CSR), more than through legal obligation. 
• The mode of regulation used here is the "conversational regulation" theorized by Julia Black. Indeed, regulators let the forces in presence discuss. 
• This "conversational regulation" does not seem to be very efficient in this case and an intervention of administrative authorities or of judges could be justified via Competition Law, Regulation Law or Compliance Law, knowing that Competition Law will favor access right to information and Regulation or Compliance Law private life right. 

The whole paradox of Compliance Law rests in the equilibrium between circulation of information and secret. 

Full reference: Frison-Roche, M.-A., "Interregulation"​ between Payments System and Personal Data Protection: how to organize this "interplay"​?, Newsletter MAFR - Law, Compliance, Regulation, 27th of August 2020

Read by freely subscribing the other news of the Newsletter MAFR - Law, Compliance, Regulation

Summary of the news

Regulation Law, in order to recognize and draw the consequences from the specificities of some objects, has been build, at the start, around the notion of "technical sector" although their delimitation is partially related to a political choice. But, in facts, there are multiple points of contacts between sectors, actors moving from one to another as objects. The regulatory solution is so to climb over some technical borders through the methodology of interregulation which is by the way the only one to enable the regulation of some phenomena going beyond the notion of sector and related to Compliance Law. 

This news takes the exemple of companies furnishing new payment services. In order to they can provide these services, these firms needs to access to banking accounts of concerned people and so to very sensitive personal data. Regulation of such a configuration needs a cooperation between the banking regulator and the personal data regulator. Legislation being not sufficient to organize in Ex Ante this interregulation, the European Data Protection Board has published some guidelines on 17th of July 2020 about the way it conceives the articulation between the PSD2 (European directive about payment services) and GDPR and has announced that it intended to expand the circle of its interlocutors to do this interregulation. Such an initiative from EDPB can be justified by the uncertainty  about how interpreting both texts and articulating them.   

Full reference: Frison-Roche, M.-A., Is Regulating Hate and Infox a legal obligation imposed to the Digital Enterprises or the expression of their free will to contribute to Democracy?, Newsletter MAFR - Law, Compliance, Regulation, 14th of August 2020

Read, by freely subscribing, other news in the Newsletter MAFR - Law, Compliance, Regulation

Summary of the news

Internet permits to access to expanded knowledge but also make easier the broadcasting of fake news and hate speeches. Unfortunately, public powers cannot know who broadcast these fake news and hate speeches and are so not able to fight efficiently against this. A solution would be to expect from digital firms that they find a way to contain these fake news and hate speeches that they structurally contribute to diffuse. 

Digital firms already do that and especially Facebook which plans to sensibilize its American users to 2020 presidential elections. However, digital firms explain that if they fight against fake news and hate speeches, it is only because of its Corporate Social Responsibility (CSR). But, even if it is a calculus to get a better reputation and avoid boycott actions, this remains a willingness of the firm which is therefore neither forced to succeed, nor even to act. 

The solution proposed by Compliance Law is to make of this effort a legal obligation by internalizing in crucial operators (digital firms) the "monumental goal" to fight against fake news and hate speeches so that digital companies are required to act and that they are supervised by public authorities in this task. The forthcoming law about digital services will impose to digital firms Ex Ante obligations while the law of 22 of December 2018 related to the fight against information manipulation already forces platforms operators a legal obligation to "cooperate" in the fight against fake news. 

To go further, read : 

• Frison-Roche, M.-A., When Facebook "Invite" Each Internet User to Act Against COVID-19 by Redirecting Him or Her Towards Public Information Center, Is It by Legal Obligation (Compliance) or by Corporate Social Responsibility (CSR)? With Which Consequences?, working paper, 2020
• Frison-Roche, M.-A., Having a Good Behavior in the Digital Space, working paper, 2020

Reference complète : Conseil Supérieur de l'Audiovisuel (CSA), Bilan Infox, 2019.

Lire le rapport. 

Ce rapport sera bientôt aussi disponible en anglais. 

► Référence complète : D. Chelly, Stratégie web. Le rôle central des noms de domaine, Gecop, 2020, 253 p.

____

📗lire la 4ième de couverture

____

📗lire la table des matières de l'ouvrage

____

► Résumé de l'ouvrage (fait par l'éditeur) : "Simple outil technique avant 2000, le nom de domaine est devenu un élément-clé de la stratégie internet.

Les entreprises sont à la recherche de référentiels pour les questions juridiques, paramétrages informatiques, optimisation pour le référencement et choix marketing.

L'ouvrage propose un état des bonnes pratiques pour l'utilisation des noms de domaine, dans une démarche multidisciplinaire.". 

________

Full reference: Faure-Muntian, Valeria and Fasquelle, Daniel, Information Report of the Commission des Affaires économiques (committee on economic affairs) on digital platforms, Assemblée National (National Assembly), June 2020, 104p.

Read the Report

Full reference : Quéméner, M., Dalle, F. and Wierre, Cl., Quels droits face aux innovations numériques ? Législations, jurisprudences et bonnes pratiques du cyberespecac. Défis et protections face aux dérives du numérique, preface by Agathe Lepage, Gualino-Lextenso, 223 pages, 2020.

Read the back cover.

Read the table of contents.

Read the preface.

Without any request, on his or her newsfeed, those who surfs on the social network built by Facebook, has found on 23 of March 2020, in the morning, the following message :

« X (prénom de l'internaute), agissez maintenant pour ralentir la propagation du coronavirus (COVID-19) Retrouvez les actualités des autorités sanitaires et institutions publiques, des conseils pour ralentir la propagation du coronavirus et des ressources pour vous et vos proches dans le Centre d’information sur le coronavirus (COVID-19)" ("X (user's name), act now to slow down the spread of the Coronavirus (COVID-19). Find the health authorities and public institutions' news, advices to slow down the spread of the Coronavirus for you and your entourage in the Information Center about Coronavirus (COVID-19) »).

This corresponds to the more general declaration done the same day by Kang-Xing Jin, director of Health at Facebook, who declares : "In response to the coronavirus outbreak, Facebook is supporting the global public health community’s work to keep people safe and informed. Since the World Health Organization declared the coronavirus a public health emergency in January, we’ve taken steps to make sure everyone has access to accurate information, stop misinformation and harmful content, and support global health experts, local governments, businesses and communities.".

Thanks, Facebook to indicate how to do ; by the way, thanks to having invited me to do it. By the way, is it really an « invitation » ? Since the expression is « act now ». Just miss the exclamation point, and the pointed finger of Uncle Sam for « war effort »!footnote-1770.

If in Law, we can consider « invitation », it would be not to the "invitation" that in the past Bank of France did to shareholders banks to refinance a bank which risks to be soon into difficulties that we could consider, invitation from which the invited cannot really escape. No, obviously no, it is just the same message that you and me can write on our Facebook pages to tell similar things about the same purpose ! But, Facebook would be, like you and me, editor of contents ?

Questions and difficulties which encourage to proceed to the legal analysis to know under which title Facebook posted such a message.

The first hypothesis is that this firm has acted spontaneously, following its « Corporate Social Responsibility » (I) If it is the right qualification, with regards to the content of the message, legal consequences are important because this firm, without generalizing to others, by the expression of its care of common good, shows, by transitivity, that it is an editor.

The second hypothesis starts from the observation that Facebook is a « crucial digital operator ». In this perspective, the firm is constraint to Compliance Law (II). It is the reason why, it is constraint by specific obligations, that excludes the spontaneous message emission qualification. If it is the right qualification, with regards to the content of the message, legal consequences are also important and of a totally different nature. Indeed, the qualification leads to develop the relation between the obligation to fight against fake news and malicious websites towards those of redirecting towards public websites, benefiting for the operator of a reliability presumption.

Read the developments below.