Full reference: Frison-Roche, M.-A., Conditions for the legality of a platform managed by an American company hosting European health data​: French Conseil d'Etat decision, Newsletter MAFR - Law, Compliance, Regulation, 19th of October 2020

Read by freely subscribing the other news of the Newsletter MAFR - Law, Compliance, Regulation

___

News Summary: In its ordinance of 13th of October 2020, Conseil national du logiciel libre (called Health Data Hub), the Conseil d'Etat (French Administrative Supreme Court) has determined the legal rules governing the possibility to give the management of sensitive data on a platform to a non-europeans firm, through the specific case of the decree and of the contract by which the management of the platform centralizing health data to fight against Covid-19 has been given to the Irish subsidiary of an American firm, Microsoft. 

The Conseil d'Etat used firstly CJEU case law, especially the decision of 16th of July 2020, called Schrems 2, in the light of which it was interpreted and French Law and the contract linking GIP and

The Conseil d'Etat concluded that it was not possible to transfer this data to United-Sates, that the contract could be only interpreted like this and that decree and contract's modifications secured this. But it observed that the risk of obtention by American public authorities was remaining. 

Because public order requires the maintenance of this platform and that it does not exist for the moment other technical solution, the Conseil d'Etat maintained the principle of its management by Microsoft, until a European operator is found. During this, the control by the CNIL (French Data Regulator), whose the observations has been taken into consideration, will be operated. 

We can retain three lessons from this great decision:

• There is a perfect continuum between Ex Ante and Ex Post, because by a referred, the Conseil d'Etat succeed in obtaining an update of the decree, a modification of the contractual clauses by Microsoft and of the words of the Minister in order to, as soon as possible, the platform is managed by an European operator. Thus, because it is Compliance Law, the relevant time of the judge is the future. 
• The Conseil d'Etat put the protection of people at the heart of its reasoning, what is compliant to the definition of Compliance Law. It succeeded to solve the dilemma: either protecting people thanks to the person to fight against the virus, or protecting people by preventing the centralization of data and their captation by American public authorities. Through a "political" decision, that is an action for the future, the Conseil found a provisional solution to protect people against the disease and against the dispossession of their data, requiring that an European solution is found. 
• The Conseil d'Etat emphasized the Court of Justice of The European Union as the alpha and omega of Compliance Law. By interpreting the contract between a GIP (Public interest Group) and an Irish subsidy of an American group only with regards to the case law of the Court of Justice of European Union, the Conseil d'Etat shows that sovereign Europe of Data can be built. And that courts are at the heart of this. 

___________

Read the interview given on this Ordinance Health Data Hub

To go further about the question of Compliance Law concerning health data protection, read the news of 25th of August 2020: The always in expansion "Right to be Forgotten"​: a legitimate Oxymore in Compliance Law built on Information. Example of​ Cancer Survivors Protection 

Full reference: Frison-Roche, M.-A., Judge between Platform and Regulator: current example of Uber case in U.K., Newsletter MAFR - Law, Compliance, Regulation, 29th of September 2020

Read by freely subscribing the other news of the Newsletter MAFR - Law, Compliance, Regulation

Summary of the news:

On 22nd of September 2017, Transport of London (TFL), London Transport Regulator, refused to renew the licence, granted on 31st of May 2012 for 5 years, authorizing Uber to transport people because of criminal offenses committed by Uber's drivers. On 26th of June 2018, The Westminster Court prolonged Uber's licence for 15 months under the condition that the platform prevent the reproachable behaviors of its drivers. After these 15 months, the TFL refused once again to prolonge Uber's licence because of the persistence of aggressions against passengers. Uber, once again, contest this decision before the Westminster Court. 

In a decision of 28th of September 2020, the Court observes that during the 15 months, the platform implemented many measures to prevent aggressions, that the level of maturity of these measures has improved over time and that the number of offenses was reduced over the period (passing from 55 in 2018 to 4 in 2020). The Court estimated the the implementation of this actions is sufficient to grant a new licence to Uber. 

We can learn three lessons from this decision: 

1. The Compliance obligation is not a result obligation but a mean obligation, which means that it is not reasonable to expect from a crucial operator (Uber, for instance) that it prevent every cases of agression but that it is salient to judge it on the effort it deploys to try to be closer to this ideal situation. Moreover, the crucial operator must be proactive, that is going away from the figure of passive subject of Law who apply measures enacted by the regulator in terms of fighting against aggressions to be an actor of the research of the best way to fight abusive behaviors, internalizing this "monumental goal. 
2. The judge appreciates the violation committed by those whose the firm is responsible "in context", that is evaluates the concrete situation in a reasonable way. 
3. It is the judge who decides in last resort and like the crucial operator, it must be reasonable. 

Read to go further:

• Frison-Roche, M.-A., Firm, Regulator and Judge: thinking Compliance through these three characters, 2018
• The report of the Assemblée nationale (French Parliament chamber) on the question 

🌐follow Marie-Anne Frison-Roche on LinkedIn

🌐subscribe to the Newsletter MAFR Regulation, Compliance, Law 

____

Full reference: M.-A. Frison-Roche, Se tenir bien dans l'espace numérique, in Penser le droit de la pensée. Mélanges en l'honneur de Michel Vivant, Lexis Nexis and Dalloz, 2020, pp. 155-168.

____

📝Read the article (in French)

____

🚧Read the working paper, written in English, on which this article is based, with additional developments, technical references, and hyperlinks

English summary of the article: The digital space is one of the scarce spaces not framed by a specific branch of Law, Freedom also offering opportunity to its actors to not "behave well", that is to express and diffuse broadly and immediately hateful thoughts through Hate speechs, which remained before in private or limited circles. The intimacy of Law and of the legal notion of Person is broken: Digital permits to individuals or organizations to act as demultiplied and anonymous characters, digital depersonalized actors who carry behaviors that are hurtful to other's dignity. 

Against that, Compliance Law offers an appropriate solution: internalizing in digital crucial operators the mission to disciplinary and substantially hold the digital space. The digital space has been structured by powerful firms able to maintain order. Because Law must not reduce digital space to be only a neutral market of digital prestations, these crucial operators, like social networks or search engines, must be forced to substantially control behaviors. It could be about an obligation of internet users to act with their face uncover, "real identity" policy controlled by firms, and to respect others' rights, privacy rights, dignity, intellectual property rights. In their Regulatory function, digital crucial firms must be supervised by public authorities. 

Thus, Compliance law substantially defined is the protector of the person as "subject of law" in the digital space, by the respect that others must have, this space passing from the status of free space to the one of civilized space, in which everyone is obliged to behave well. 

______

Read to go further: 

• Frison-Roche, M.-A., L'apport du Droit de la Compliance à la gouvernance d'Internet, 2019
• Frison-Roche, M.-A. (dir.), Internet, un espace d'interrégulation, 2016

Full reference: Faure-Muntian, Valeria and Fasquelle, Daniel, Information Report of the Commission des Affaires économiques (committee on economic affairs) on digital platforms, Assemblée National (National Assembly), June 2020, 104p.

Read the Report

The Finance Bill has proposed to the Parliament to vote an article 57 whose title is: Possibilité pour les administrations fiscales et douanières de collecter et exploiter les données rendues publiques sur les sites internet des réseaux sociaux et des opérateurs de plateformes (translation: Possibility for the tax and customs administrations to collect and exploit the data made public on the websites of social networks and platform operators).

Its content is as is in the text voted on in the National Assembly as follows:

"(1) I. - On an experimental basis and for a period of three years, for the purposes of investigating the offenses mentioned in b and c of 1 of article 1728, in articles 1729, 1791, 1791 ter, in 3 °, 8 ° and 10 ° of article 1810 of the general tax code, as well as articles 411, 412, 414, 414-2 and 415 of the customs code, the tax administration and the customs administration and indirect rights may, each as far as it is concerned, collect and exploit by means of computerized and automated processing using no facial recognition system, freely accessible content published on the internet by the users of the online platform operators mentioned in 2 ° of I of article L. 111-7 of the consumer code.

(2) The processing operations mentioned in the first paragraph are carried out by agents specially authorized for this purpose by the tax and customs authorities.

(3) When they are likely to contribute to the detection of the offenses mentioned in the first paragraph, the data collected are kept for a maximum period of one year from their collection and are destroyed at the end of this period. However, when used within the framework of criminal, tax or customs proceedings, this data may be kept until the end of the proceedings.

(4) The other data are destroyed within a maximum period of thirty days from their collection.

(5) The right of access to the information collected is exercised with the assignment service of the agents authorized to carry out the processing mentioned in the second paragraph under the conditions provided for by article 42 of law n ° 78-17 of January 6, 1978 relating to data processing, the files and freedoms.

(6) The right to object, provided for in article 38 of the same law, does not apply to the processing operations mentioned in the second paragraph.

(7) The terms of application of this I are set by decree of the Council of State.

(8) II. - The experiment provided for in I is the subject of an evaluation, the results of which are forwarded to Parliament as well as to the National Commission for Data Protection at the latest six months before its end. "

This initiative provoked many comments, rather reserved, even after the explanations given by the Minister of Budget to the National Assembly.

What to think of it legally?

Because the situation is quite simple, that is why it is difficult: on the one hand, the State will collect personal information without the authorization of the persons concerned, which is contrary to the very object of the law of 1978 , which results in full disapproval; on the other hand, the administration obtains the information to prosecute tax and customs offenses, which materializes the general interest itself.

So what about it?

Read below.

In what it presents as a set of guidelines designed by a risk-driven approach, the FATF published on 21 June 2019 recommendating to fight the use of crypto-assets and cryptocurrency platforms for launderind money and financing terrorism.

This fight against money laundering is (with the fight against corruption) often presented as the core of the Compliance Law. The FATF takes a large part of it. Even if this new branch of Law aims to crystallize other ambitions, such as the fight against tax fraud or climate change, or even the promotion of diversity or education and the preservation of democratie, the legislation of Compliance Law are mature in the matter of money laundering and the terrorism financing, as they are in the fight against corruption.

The news comes then not from the new legal mechanisms but rather from the new technological tools that could allow the realization of the behaviors against which these obligations of compliance have been inserted in the legal system. It is then to these technologies that the law must adapt. This is the case with crypto-assets and cryptocurrency platforms. Because these are rapidly evolving technologies, with the exercise of written guidelines in 2019 to inform the meaning of the provisions adopted in 2018, the FATF is taking the opportunity to change the definition it provides of crypto-assets and cryptocurrencies. So that a too narrow definition by the texts does not allow the operators to escape the supervision (phenomenon of "hole in the racket" - loophole)..  

___

In fact, in October 2018, the FATC (Financial Action Task Force) developed 15 principles applying to these platforms, to allow this intergovernmental organization to carry out its general mission to combat money laundering and the financing of terrorism. These June 2019 recommendations are to interpret them.

In this very important document, where it is expressly stated that it is a matter of fixing the obligations of those who propose crypto-assets and crypto-currencies, the notion of self-regulation is rejected. Il est writter : "Regarding VASP (virtual assets services providers) supervision, the Guidance makes clear that only competent authorities can act as VASP supervisory or monitoring bodies!footnote-1628, and not self-regulatory bodies. They should conduct risk-based supervision or monitoring, with adequate powers, including the power to conduct inspections, compel the production of information and impose sanctions. There is a specific focus on the importance of international co-operation between supervisors, given the cross-border nature of VASPs’ activities and provision of services."

On the contrary, it is a matter of elaborating the control obligations that these service providers must exercise over products and their customers (Due Diligences), which must be supervised by public authorities. 

In order to exercise this supervision and monitoring, the national authorities themselves must ensure that they work together : "As the Virtual Assets Services Providers (VASP) sector evolves, countries should consider examining the relationship between AML/CF (Anti-Money Laundering and Counter Terrorist Financint) measures for covered VA activities and other regulatory and supervisory measures (e.g., consumer protection, prudential safety and soundness, network IT security, tax, etc.), as the measures taken in other fields may affect the ML/TF risks. In this regard, countries should consider undertaking short- and longer-term policy work to develop comprehensive regulatory and supervisory frameworks for covered VA activities and VASPs (as well as other obliged entities operating in the VA space) as widespread adoption of VAs continues".

After particularly interesting comparative law information on Italy, the Scandinavian countries and the United States, the report concludes: "International Co-operation is Key", because of the global nature of this activity.

Since the issue is not the global Regulation of these platforms and types of products, but only the possible modes of money laundering and terrorist financing to which they may give rise, the FATF recalls that neither crypto-products nor product suppliers are not referred to as such. As the guidance's title recalls, common to the 2018 document adopting the 15 principles and this interpretive document, these are "risk-based" rules. Thus, it is according to the situations that these - products and suppliers - that they may or may not present risks of laundering and financing of terrorism: depending on the type of transaction, the type of client, the type of country, etc. For example, from the moment that the transaction is anonymous, that is impossible to know the "beneficiary", or that it is transnational and instantaneous, which makes it difficult to supervise because of the heterogeneity of national supervisions little articulated between them.

In reports that public supervisors must have with crypto-product suppliers, they must adjust according to the level of risk presented by them, higher or lower: "Adjusting the type of AML/CFT supervision or monitoring: supervisors should employ both offsite and onsite access to all relevant risk and compliance information.However, to the extent permitted by their regime, supervisors can determine the correct mix of offsite and onsite supervision or monitoring of Virtual Assets Services Providers (VASPs). Offsite supervision alone may not be appropriate in higher risk situations. However, where supervisory findings in previous examinations (either offsite or onsite) suggest a low risk for ML/TF, resources can be allocated to focus on higher risk VASPs. In that case, lower risk VASPs could be supervised offsite, for example through transaction analysis and questionnaires".

This "adjustment" required does not prevent a very broad conception of the power of supervision. So, for nothing escapes the recommendations (and in particular the obligations that ensue for the suppliers of these products), the definition of the crypo-assets and crypo-currencies is this one: “Virtual asset” as a digital representation of value that can be digitally traded or transferred and can be used for payment or investment purposes. Virtual assets do not include digital representations of fiat currencies, securities, and other financial assets that are already covered elsewhere in the FATF Recommendations."

And for the same reason of effectiveness is posited the principle of technological neutrality: "Whether a natural or legal person engaged in Virtual Assets (VA) activities is a Virtual Asset Services Provider (VASP) depends on how the person uses the VA and for whose benefit. As emphasized above, ...  then they are a VASP, regardless of what technology they use to conduct the covered VA activities. Moreover, they are a VASP, whether they use a decentralized or centralized platform, smart contract, or some other mechanism.".

The interpretative guidelines then formulate the obligations that these platforms have with regard to the supervisors they obey(question of the "jurisdiction", ratione loci ; ratione materiae): " The Guidance explains how these obligations should be fulfilled in a VA context and provides clarifications regarding the specific requirements applicable regarding the USD/EUR 1 000 threshold for virtual assets occasional transactions, above which VASPs must conduct customer due diligence (Recommendation 10); and the obligation to obtain, hold, and transmit required originator and beneficiary information, immediately and securely, when conducting VA transfers (Recommendation 16). As the guidance makes clear, relevant authorities should co-ordinate to ensure this can be done in a way that is compatible with national data protection and privacy rules. ".

These platforms are not uniformly defined due to the diversity of their activities. Because it is their activity that makes them responsible for this or that regulator. For example from the Central Bank or the Financial Regulator: "For example, a number of online platforms that provide a mechanism for trading assets, including VAs offered and sold in ICOs, may meet the definition of an exchange and/or a security-related entity dealing in VAs that are “securities” under various jurisdictions’ national legal frameworks. Other jurisdictions may have a different approach which may include payment tokens. The relevant competent authorities in jurisdictions should therefore strive to apply a functional approach that takes into account the relevant facts and circumstances of the platform, assets, and activity involved, among other factors, in determining whether the entity meets the definition of an “exchange”!footnote-1626 or other obliged entity (such as a securities-related entity) under their national legal framework and whether an entity falls within a particular definition. In reaching a determination, countries and competent authorities should consider the activities and functions that the entity in question performs, regardless of the technology associated with the activity or used by the entity".

____

Reading this very important document, it is possible to make 6 observations: 

1. Interpretative documents are often more important than rules interpretated themselves. En these guidances, first and foremost, these are major obligations that are stated, not only for platforms but also for national laws, and well beyond the issue of money laundering. So, it is laid: "Countries should designate one or more authorities that have responsibility for licensing and/or registering VASPs. ...  at a minimum, VASPs should be required to be licensed or registered in the jurisdiction(s) where they are created. ".This is a general prescription, involving a general regulation of these platform, which registered in a general way, will probably be supervised in a general way.

Secondly, it is a series of binding measures that is required of the National legal systems, for example the possibility of seizing crypto-values.

It shows that the soft Law illustrates the continuum of the texts, and allows their evolution. Here the evolution of the definition of the object itself: the definition of crypto-assets and crypto-currencies is widened, so that the techniques of money laundering and terrorist financing are always countered, without it being necessary to adopt new binding rules. We are beyond mere interpretation. And even more of the principle of restrictive interpretation, classically attached to the Repressive Law ...

2. Fort the effectiveness of the Compliance Law, definition become extremely broad. Thus, to follow the FATF, the definititon off a financial institution is as follows: "“Financial institution” as any natural or legal person who conducts as a business one or more of several specified activities or operations for or on behalf of a customer". This is more the definition of a company in Competition Law!footnote-1627....Why ? Because otherwise, an operator finds a status allowing him to escape the category and obligations listed. The principle of efficiency implies it. The principle of "legality", derived from criminal law, has hardly any existence. But this also corresponds to the general evolution of the financial world, in which one no longer stars from the organ (for example to be a"bank") but of activity, but from an activity or a fonction whose metamorphoses are so rapid that it is almost impossible to define them ....

3. In the same way, the definition of crypto-assets or crypto-currencies: "“Virtual asset” as a digital representation of value that can be digitally traded or transferred and can be used for payment or investment purposes. Virtual assets do not include digital representations of fiat currencies, securities, and other financial assets that are already covered elsewhere in the FATF Recommendations". This definition is purely operational because nothing can escape the FATF: all that is financial or monetary, whatever its form or support, its traditional form or a form that will be invented tomorrow, is within its competence and, through a such definition, is under national supervisors. In Compliance Law, and since everything is based on risk analysis, the idea is simple: nothing must escape obligations and supervision.

4. Platform apprehension is done by the criterion of activity, according to the "functional" method. Thus, its supervision, or even its regulation, and its obligations of compliance, will apply, depending on what it does, to the Financial Regulator (if it does ICO) or to others if it only uses tokens as an instrument of exchange. If it makes several uses, then it would fall under several Regulators (criterion ratione materiae).

5. The principle of "technological neutrality" is a classic principle in Telecommunications Law. Here we measure the interference between the principles of Telecommunications Law and Financial Law, which is logical because crypto-financial objects are born of digital technology. This neutrality allows both technological innovation to develop and supervision to be unhindered for not having foreseen an innovative technology appearing after the adoption of the legal text. Here again, the effectiveness of Compliance and risk management are served, without the innovation being thwarted, which is often opposed.

6. What is expected of national public authorities is a very wide "interregulation". This is both "positive". Indeed, this includes financial matters but also the security of networks, or the protection of consumers. It can be called equilibrium interregulation in that all goals converge. But this is also an "interregulation" that can be described as balance. Indeed, the FATF is concerned about the protection of personal data. However, it emphasizes that the effectiveness of the Compliance system must stop. But the protection of personal data is also a part of Compliance Law.... This is one of the major challenges in the future: the balance between security and the fight against global evils(here the fight against money laundering and terrorism) and the protection of the privacy of individuals, as both fall under Compliance, but both have opposite legal effects: one the transmission of information, and the other the secret of the information. 

____

Référence complète : Parachkévova, I., et Teller, M., (dir.) Quelles régulations pour l'économie collaborative ? Un défi pour le droit économique, Dalloz, coll. "Thèmes et commentaires", 2018, 202 p.

Lire la quatrième de couverture.

Lire le sommaire.

Référence générale : Études en l'honneur du Professeur Jérôme Huet. Liber amicorum, LGDJ - Lextenso, 2017, 423 p.

Lire la 4ième de couverture.

Lire la table des contributions.

Consulter la présentation des contributions suivantes :

• Seidowsky, O., Audits logiciels et conformité digitale

• Vogel, L., Réseaux contre plates-forme : la distribution sélective à l'épreuve de l'internet

• Warusfel, B., La transversalité du droit du numérique

• Derieux, E., Données à caractère personnel et communication publique . Règlement (UE) 2016/79 du 27 avril 2016 relatif à la protection des personnes physiques à l'égard du traitement des données à caractère personnel et à la libre circulation de ces données

Référence complète : Warusfel, B., La transversalité du droit du numérique, in Études en l'honneur du Professeur Jérôme Huet. Liber amicorum, LGDJ - Lextenso, 2017, pp. 411-423.

Consulter une présentation générale de l'ouvrage.

Les étudiants de Sciences po peuvent lire l'article via le Drive dans le dossier "MAFR - Régulation".

Référence complète : Seidowsky, O., Audits logiciels et conformité digitale, in Études en l'honneur du Professeur Jérôme Huet. Liber amicorum, LGDJ - Lextenso, 2017, pp. 329-338.

Consulter une présentation générale de l'ouvrage.

Les étudiants de Sciences po peuvent lire l'article via le Drive dans le dossier "MAFR - Régulation".

Référence complète : Vogel, L., Réseaux contre plates-formes : la distribution sélective à l'épreuve de l'internet, in Études en l'honneur du Professeur Jérôme Huet. Liber amicorum, LGDJ - Lextenso, 2017, pp. 401-410.

Consulter une présentation générale de l'ouvrage.

Les étudiants de Sciences po peuvent lire l'article via le Drive dans le dossier "MAFR - Régulation".

Référence complète : Derieux, E., Données à caractère personnel et communication publique . Règlement (UE) 2016/79 du 27 avril 2016 relatif à la protection des personnes physiques à l'égard du traitement des données à caractère personnel et à la libre circulation de ces données in Études en l'honneur du Professeur Jérôme Huet. Liber amicorum, LGDJ - Lextenso, 2017, pp. 127-138.

Consulter une présentation générale de l'ouvrage.

Les étudiants de Sciences po peuvent lire l'article via le Drive dans le dossier "MAFR - Régulation & Compliance".

Retourner à la présentation générale de l'enseignement.

Retourner au plan général du Cours.

Retourner à la présentation générale de la leçon, qui comprend la bibliographie de base et la bibliographie approfondie.

Lire la problématique de la leçon.

Référence : Rochfeld, J., Les géant de l'internet et l'appropriation des données personnelles : plaidoyer contre la reconnaissance de leur "propriété", in Behar-Touchais, M. (dir.), L'effectivité du droit face à la puissance des géants de l'Internet, coll. "Bibliothèque de l'IRJS - André Tunc", vol.1,  IRJS Éditions, Université Panthéon-Sorbonne, p.73-87.

L'auteur se demande si les "géants d'Internet" peuvent s'approprier les données.

Si l'on pose la question ainsi, à un esprit innocent ou au contraire à un juriste solidement formé : "un algorithme peut-il être loyal ?", il répondrait tout à trac  : "quelle question stupide ... Bien sûr que non ! Comment un processus mathématique pourrait-il avoir une qualité de cette sorte, laquelle est de nature éthique, morale, et à ce titre n'est imputable qu'à des personnes ?". Peut-être la réponse viendra-t-elle avec condescendance : à question bête, réponse hautaine.

Effectivement, la loyauté est un comportement qui renvoie à une éthique, laquelle est en lien avec la morale.

Pourtant, l'on rencontre depuis quelque temps l'affirmation selon laquelle "les algorithmes doivent être loyaux". Cela fût affirmé par exemple dans le colloque du 23 octobre 2014 sur l'économie des plateformes numériques. Plus encore, c'est l'un des points forts du Rapport annuel du Conseil d'Etat 2014, Le numérique et les droits fondamentaux.

Comment peut-on avancer une telle affirmation, revenant à imposer à un processus mathématique un comportement moral ? En effet, pour imposer un devoir, encore faut-il que celui qui le subit en ait l'aptitude. Or, un processus mathématique n'a pas d'aptitude éthique. Ainsi, la formule n'a pas littéralement pas de sens.

En réalité, la formule est utilisée afin d'imputer à ceux qui conçoivent ou bénéficient des effets économiques des algorithmes, sur lesquels fonctionnent par exemple les moteurs de recherches ou les plateformes de rencontres et les réseaux sociaux, des obligations.

Ainsi, pour atteindre le régime, c'est-à-dire produire des obligations, l'on propose d'inventer par la seule force du droit la source d'obligation, laquelle serait "l'obligation de loyauté". Parce que le droit pourrait tout dire, l'on impute (au sens kelsénien du terme) cette obligation directement à une chose (ici les mathématiques).

Attention, les choses ne sont pas à ce point flexibles et la réalité n'est pas à ce point disponible au droit. Or, transformer les mathématiques en personnes, afin de pouvoir faire naître des obligations parce qu'on ne trouve pas d'autres pistes, c'est porter atteinte à la summa divisio que le droit établit entre les personnes et les choses.

Or, si l'on s'autorise à traiter des choses comme des personnes (ce que l'on fait ici), l'on ne doit pas s'étonner par ailleurs que beaucoup ne trouvent rien à redire - ni en droit, ni en morale --, lorsque l'on traite des personnes comme des choses;

Perdre la distinction entre les personnes et les choses fait perdre dans le droit non seulement son premier repère mais encore son premier garde-fou, contre sa tentation de disposer totalement de la réalité.

Accéder à la présentation du colloque.

Accéder aux slides.

Ce Working paper a servi également de base à un article paru dans la Revue  Concurrences.

Parce qu'il est difficile de réguler un "marché biface", sauf le temps fugace du contrôle des concentrations, l'idée accessible est de réguler directement l'entreprise qui tire tout son pouvoir de sa position sur une telle structure de marché.

On peut, comme le propose le Conseil d'État, dans son Rapport annuel Le numérique et les droits fondamentaux, considérer que la prise en considération par le droit de cette situation nouvelle doit prendre la forme d'une reconnaissance de la notion de "plateforme", pour l'ériger en catégorie juridique et lui associer une obligation de loyauté, sous la surveillance du régulateur des données personnelles.

L'on peut aussi recourir à une notion plus générale, ici utilisée, d'"entreprise cruciale", à laquelle correspondent des entreprises comme Google, FaceBook, Amazon, etc., parce que ces entreprises remplissent les critères de la définition, à la fois négative et positive de l'entreprise cruciale. La puissance publique est alors légitime, sans que l'État ait à devenir actionnaire, à se mêler de la gouvernance des entreprises et à surveiller les contrats, voire à certifier ceux-ci, comme en finance, sans exiger de l'entreprise ainsi régulée un comportement moral, car ces entreprises privées doivent par ailleurs poursuivre leur fin naturelle constituée par le profit, le développement et la domination, moteur du développement économique. Le développement technologique des plateformes n'en serait pas entravé, tandis que l'aliénation des personnes que l'on peut craindre pourrait être contrée.