► Full Reference : E. Netter, "Les technologies de conformité pour satisfaire les exigences du droit de la compliance. Exemple du numérique" (Conformity technologies to meet the requirements of Compliance Caw. Digital example), in M.-A. Frison-Roche (dir.), L'obligation de Compliance, Journal of Regulation & Compliance (JoRC) and Dalloz, coll. "Régulations & Compliance", 2024, forthcoming.

____

📕read the general presentation of the book, L'obligation de Compliance, in which this contribution is published.

____

► English summary of this contribution (done by the Journal of Regulation & Compliance) :The author distinguishes between Compliance, which refers to Monumental Goals, and conformity, which are the concrete means that the company uses to tend towards them, through processes, check-lists in the monitoring of which the operator is accountable (art. 5.2. GRPD). Technology enables the operator to meet this requirement, as the changing nature of technology fits in well with the very general nature of the goals pursued, which leave plenty of room for businesses and public authorities to produce soft law.

The contribution focuses firstly on existing technologies. Through Compliance, Law can prohibit a technology or restrict its use because it runs counter to the goal pursued, for example the technology of fully automated decisions producing legal effects on individuals. Because it is a perilous exercise to dictate by law what is good and what is bad in this area, the method is rather one of explicability, i.e. control through knowledge by others.

Regulators are nevertheless developing numerous requirements stemming from the Monumental Goals of Compliance. Operators must update their technology or abandon obsolete technology in the light of new risks or to enable effective competition that does not lock users into a closed system. But technological power must not become too intrusive, as the privacy and freedom of the individuals concerned must be respected, which leads to the principles of necessity and proportionality.

The author stresses that operators must comply with the regulations by using certain technologies if these technologies are available, or even to counteract them if they are contrary to the goals of the regulations, but this obligation of conformity is applied only if these technologies are available. The notion of "available technology" therefore becomes the criterion of the obligation, which means that its content varies with circumstances and time, particularly in the area of cybersecurity.

In the second part of this contribution, the author examines technologies that are only potential, those that Law, and in particular the courts, might require companies to invent in order to fulfill their conformity obligation. This is quite understandable when we are talking about technologies that are in the making, but which will come to fruition, for example in the area of personal data transfer to satisfy the right to portability (GRPD), or where companies must be encouraged to develop technologies that are of less immediate benefit to them, or in the area of secure payment to ensure strong authentication (SPD 2).

This is more difficult for technologies whose feasibility is not even certain, such as online age verification or the interoperability of secure messaging systems, two requirements which appear to be technologically contradictory in their terms, and which therefore still come under the heading of "imaginary technology". But Compliance is putting so much pressure on companies, particularly digital technology companies, that considerable investment is required to achieve it.

The author concludes that this is the very ambition of Compliance and that the future will show how successful it will be. 

____

🦉This article is available in full texte for persons following Professor Marie-Anne Frison-Roche teaching.

________

🌐suivre Marie-Anne Frison-Roche sur LinkedIn

🌐s'abonner à la Newsletter MAFR. Regulation, Compliance, Law

🌐s'abonner à la Newsletter Surplomb, par MAFR

____

► Référence complète : M.-A. Frison-Roche, "Cumul et articulation Droit spécial de la Compliance et Droit commun de la concurrence déloyale : l’arrêt de la CJUE du 4 octobre 2024 ND/DR", in série de vidéos Surplomb, 25 octobre 2024

____

🌐visionner sur LinkedIn cette vidéo de la série Surplomb

____

🌐visionner sur LinkedIn cette vidéo de la série Surplomb, publiée dans la Newsletter Surplomb, par MAFR

____

🎬visionner ci-dessous cette vidéo de la série Surplomb⤵️

____

Surplomp, par mafr

la série de vidéos dédiée à la Régulation, la Compliance et la Vigilance

► Référence complète : CJUE, Grande chambre, 4 octobre 2024, aff. C-21/23, ND c/ DR

____

🏛️lire l'arrêt

________

🌐follow Marie-Anne Frison-Roche on LinkedIn

🌐subscribe to the Newsletter MAFR Regulation, Compliance, Law

____

► Full Reference: F. Ancel &  M.-A. Frison-Roche, Droit de la compliance (Compliance Law), École nationale de la magistrature - ENM (French National School for the Judiciary), in collaboration with the École de Formation professionnelle des Barreaux du ressort de la cour d'appel de Paris - EFB (Paris Bar School), Paris, February 1 and 2, 2024

This teaching is given in French.

____

🌐consult on LinkedIn a general présentation of this event, which links to a presentation and a report of each speech

____

► Presentation of the Teaching: The aim of this two-day conference is to enable judges and lawyers to grasp the issues, objectives and methods that define Compliance Law as it is practised in companies.

The speakers will illustrate the growing trend towards litigation, which is difficult to reconcile with the supranational dimension, or even indifference to territories, for example when disputes concern systemic climate or digital issues: the result is a renewal of the role of the judge and the role of lawyers.

This must be set against the renewal of the role and operation of companies themselves.

This is analysed from the perspective of Civil Law, in particular Contract Law and Liability Law. Company Law and Criminal Law are also addressed, as well as the way in which the legal system now integrates governance, regulation, climate and digital issues and the smooth operation of financial markets through Compliance techniques.

____

► Organisation of the Teaching: This conference is divided into two parts.

The first day is designed as a presentation of the major themes through which Compliance Law crosses the branches of traditional Law. The speakers will be professors of Law who will successively summarise the branches of Law and put into perspective the way in which Compliance imperatives give rise to new situations, new difficulties and new solutions.

This enables the second day to focus on practical and topical issues and to debate controversial questions between people of different sensibilities. The participants tend to be judges, members of regulatory authorities, lawyers, members of associations and so on.

____

► Enrolment procedure: The course is open to all judicial and consular magistrates, as well as lawyers.

Registrations can be made directly with the ENM or with the EFB.

____

► Speakers :  

🎤François Ancel, Judge at the Première Chambre civile de la Cour de cassation (First Civil Chamber of the French Court of cassation) 

🎤Thomas Baudesson, Attorney at the Paris Bar, Partner at Clifford Chance

🎤Guillaume Beaussonie, Full Professor at Toulouse 1 Capitole University

🎤Jacques Boulard, Premier Président de la Cour d’appel de Paris (First President of the Paris Court of Appeal)

🎤Marie Caffin-Moi, Full Professor at Paris Panthéon-Assas University

🎤Malik Chapuis, Judge at the Tribunal judiciaire de Paris (Paris First Instance Civil Court)

🎤Lucie Chatelain, Advocacy and Litigation Manager - Civil Liability of Parent Companies, Sherpa

🎤Jean-Benoît Devauges, Directeur Juridique, Ethique et Gouvernance des entreprises (Legal, Ethics and enterprises governance Director), MEDEF

🎤Marie-Anne Frison-Roche, Professor of Regulatory and Compliance Law, Director of the Journal of Regulation & Compliance (JoRC)

🎤Arnaud Gossement, Attorney at the Paris Bar, Partner at Gossement Avocats

🎤Thibault Goujon-Bethan, Full Professor at Jean Moulin Lyon 3 University

🎤Christophe Ingrain, Attorney at the Paris Bar, Partner at Darrois Villey Maillot Brochier

🎤Isabelle Jegouzo, Director of the Agence française anticorruption - AFA (French Anti-Corruption Agency) 

🎤Anne-Valérie Le Fur, Full Professor at Versailles Saint-Quentin-en-Yvelines University

🎤Charlotte Michon, Attorney at the Paris Bar, partner at Charlotte Michon Avocat

🎤Jean-Baptiste Racine, Full Professor at Paris Panthéon-Assas University

🎤 Jean-Christophe Roda, Full Professor at Jean-Moulin Lyon 3 University

🎤Jérôme Simon, 1er Vice-Procureur Financier (First Financial Vice-Prosecutor)

____

🧮read below the programme put together and organised by François Ancel and Marie-Anne Frison-Roche, as well as the reports of each presentation⤵️

► Full Reference: CJUE, 1st Chamber, 22 June 2023, C-579/21, Pankki S.

____

🏛️read the judgment

________

► Full Reference: I. Gavanon, "Data Protection Law in the Digital Economy Confronted to Monumental Goals", in M.-A. Frison-Roche (ed.), Compliance Monumental Goals, coll. "Compliance & Regulation", Journal of Regulation & Compliance (JoRC) and Bruylant, 2023, p. 137-146.

____

📘read a general presentation of the book, Compliance Monumental Goals, in which this article is published.

____

► Summary of the article: 

________

► Law is slow, but firm. By its judgment of June 15, 2021, Facebook , the European Union Court of Justice widely interprets the powers of National Authorities, since they serve the people protection in the digital space (➡️📝(CJEU, June 15, 2021, Facebook). 

Law is slow. The reproach is so often made. But the bottom line is that, in the noise of changing regulations, it establishes clear and firm principles, letting everyone know what to stand for. The more the world is changing, the more Law is required.

When Law degenerates into regulations, then it is up to the Judge to make Law. "Supreme Courts" appear, de jure as in the United States, de facto as in the European Union by the Court of Justice of the European Union which lays down the principles, before everyone else, as it did for the "right to be forgotten" in 2014 (➡️📝CJEU, Google Spain, May 13, 2014), and then with the impossibility of transferring data to third countries without the consent of the people concerned (➡️📝CJEU, Schrems, October 6, 2015).

Facebook litigation is kind of a novel. The company knows that it is above all to the Courts that it speaks. In Europe, it is doing it behind the walls of the Irish legal space, from which it would like to be able not to leave before better dominating the global digital space, while national regulatory authorities want to take it to protect citizens.

There is therefore a technical question of "jurisdictional competence". The texts have provided for this, but Law is clumsy because it was designed for a world still anchored in the ground: the GDPR of 2016 therefore organizes cooperation between national regulatory authorities through a "one-stop-shop", forcing the authorities to relinquish jurisdiction so that the case is only handled by the "lead" National Authority. This avoids splintering and contradiction. But before the adoption of the GDPR, the Belgian data protection regulator had opened a procedure against Facebook concerning cookies. The "one-stop-shop" mechanism, introduced in 2016, is therefore only mentioned before the Brussels Court of Appeal, which is asked to relinquish jurisdiction in favor of the Irish Regulatory Authority, since the company has in Europe its head office in this country. The Court of Appeal referred to the CJEU for a preliminary ruling.

By its judgment of June 15, 2021 (➡️📝CJUE, Facebook, June 15, 2021), it follows the conclusions of its Advocate General and maintains the jurisdiction of the Belgian National Regulator because, even after the GDPR, the case still undergoes national treatment. In this decision, the most important is its reasoning and the principle adopted. The Court notes that the "one-stop-shop" rule is not absolute and that the national regulatory authority has the power to maintain its jurisdiction, in particular if cooperation between national authorities is difficult.

Even more, will it not one day have to adjust Law more radically? We need to consider the fact that the digital space is not bound by borders and that the ambition of "cross-border cooperation" is ill-suited. It is of course on this observation of inefficiency, consubstantial with the digital space, that the European Public Prosecutor's Office (EPPO) was designed and set up, which is not a cooperation, nor a "one-stop shop", but a body of the Union, acting locally for the Union, directly linked to Compliance concerns (➡️📝Frison-Roche, M.-A. "The European Public Prosecutor's Office is a considerable contribution to Compliance Law", 2021 and ., European Public Prosecutor's Office comes on stage: the company having itself become a private prosecutor, are we going towards an alliance of all prosecutors ?, 2021).

So that's what we should be inspired by.

Full reference: CJEU, Grand chamber, Judgment Facebook Ireland e.a. v. Gegevensbeschermingsautoriteit, C-645-19, June 15, 2021

Read the judgment

Read the abstract of the judgment done by the Court

Read the press release

Référence complète : Mounoussamy, L., Le smart contract, acte ou hack juridique ?, in Petites Affiches, n°37, 20 février 2020, pp. 12-19.

Résumé par les Petites Affiches : Dans cet article, l'auteur analyse l'arrivée du smart contract, système innovant né du développement des nouvelles technologies, dans un environnement juridique déjà structuré. Il commence par définir la nature du smart contract, et le positionne dans cet ensemble juridique mondialisé. Il en présente les impacts et les perspectives de développement, les forces et les faiblesses ainsi que l'intime relation que noues les technologies informatiques et le droit. Le smart contract est un outil dont l'utilisateur définira s'il viendra disrupter le contrat ou le parfaire.

🌐 follow Marie-Anne Frison-Roche on LinkedIn

🌐subscribe to the Newsletter MAFR Regulation, Compliance, Law 

____

► Full Reference: M.-A. Frison-Roche, L'apport du Droit de la Compliance dans la Gouvernance d'Internet  (The contribution of Compliance Law to the Internet Governance), Report asked by the French Government, published the 15th of July 2019, 139 p.

___

► Report Summary. Governing the Internet? Compliance Law can help.

Compliance Law is for the Policy Maker to aim for global goals that they require to be achieved by companies in a position to do so. In the digital space built on the sole principle of Liberty, the Politics must insert a second principle: the Person. The respect of this One, in balance with the Freedom, can be required by the Policy Maker via Compliance Law, which internalises this specific pretention in the digital companies. Liberalism and Humanism become the two pillars of Internet Governance.

The humanism of European Compliance Law then enriches US Compliance law. The crucial digital operators thus forced, like Facebook, YouTube, Google, etc., must then exercise powers only to better achieve these goals to protect persons (against hatred, inadequate exploitation of data, terrorism, violation of intellectual property, etc.). They must guarantee the rights of individuals, including intellectual property rights. To do this, they must be recognized as "second level regulators", supervised by Public Authorities.

This governance of the Internet by Compliance Law is ongoing. By the European Banking Union. By green finance. By the GDPR. We must force the line and give unity and simplicity that are still lacking, by infusing a political dimension to Compliance: the Person. The European Court of Justice has always done it. The European Commission through its DG Connect is ready.

► 📓 Read the reporte (in French)

📝 Read the Report Summary in 3 pages (in English)

📝 Read the Report Summary in 6 pages (in English)

____

►  Plan of the Report (4 chapters): an ascertainment of the digitization of the world (1), the challenge of civilization that this constitutes (2), the relations of Compliance mechanisms as it should be conceived between Europe and the United States, not to mention that the world is not limited to them, with the concrete solutions that result from this (3) and concrete practical solutions to better organize an effective digital governance, inspired by what is particularly in the banking sector, and continuing what has already been done in Europe in the digital field, which has already made it exemplary and what it must continue, France can be force of proposal by the example (4).

____

📝  Read the written presentation of the Report done by Minister Cédric O (in French).

🏛 Listen to the oral  presentation of the Report by Minister Cédric O durant the parliamentary discussion of the law against hate contente on the Internet (in French).

____

💬 Read the interview published the 18 July 2019 : "Gouvernance d'Internet : un enjeu de civilisation" ( "Governing Internet: an Issue of Civilization"), given in French, 

📻 Listen the Radio broadcast of July 21, 2019 during which its consequences are applied to the cryptocurrency "Libra" (given in French)

🏛 Presentation of the Report to the Conseil Supérieur de l'Audiovisuel- CSA (French Council of Audiovisual) on Septembre 5, by a discussion with its members presentation (in French)

💬 Read the  Interview published the 20 December 2019 : "Le droit de la compliance pour réguler l'Internet" ("Compliance Law for regulate Internet"), given in French

____

read below the 54 propositions of the Report ⤵️

Référence complète : Thierache, C., RGPD vs Cloud Act : le nouveau cadre légal américain est-il anti-RGPD ?, in La Revue juridique Dalloz IP/IT,  n°6, 2019, p.367

Les étudiants de Sciences po peuvent lire l'article via le Drive dans le dossier "MAFR - Régulation & Compliance"