Nov. 1, 2020
Newsletter MAFR - Law, Compliance, Regulation
Full reference: Frison-Roche, M.-A., Due process and Personal Data Compliance Law: same rules, one Goal (CJEU, Order, October 29, 2020, Facebook Ireland Ltd v/ E.C.), Newsletter MAFR - Law, Compliance, Regulation, 1st of November 2020
Read by freely subscribing other news of the Newsletter MAFR - Law, Compliance, Regulation
Summary of the news:
As part of a procedure initiated for anti-competitive behaviors, the European Commission has three times requested, between the 13th of March and the 11th of November 2019, from Facebook the communication of information, reitarated in a decision in May 2020.
Facebook contests it alleging that the requested documents would contain sensitive personal information that a transmission to the Commission would make accessible to a too broad number of observers, while "the documents requested under the contested decision were identified on the basis of wideranging search terms, (...) there is strong likelihood that many of those documents will not be necessary for the purposes of the Commission’s investigation".
The contestation therefore evokes the violation of the principles of necessity and proportionality but also of due process because these probatory elements are collected without any protection and used afterwards. Moreover, Facebook invokes what would be the violation of a right to the respect of personal data of its employees whose the emails are transferred.
The court reminds that the office of the judge is here constraint by the condition of emergency to adopt a temporary measure, acceptable by the way only if there is an imminent and irreversible damage. It underlines that public authorities benefit of a presumption of legality when they act and can obtain and use personal data since this is necessary to their function of public interest. Many allegations of Facebook are rejected as being hypothetical.
But the Court analyzes the integrality of the evoked principles with regards with the very concrete case. But, crossing these principles and rights in question, the Court estimates that the European Commission did not respect the principle of necessity and proportionality concerning employees' very sensitive data, these demands broadening the circle of information without necessity and in a disproportionate way, since the information is very sensitive (like employees' health, political opinions of third parties, etc.).
It is therefore appropriate to distinguish among the mass of required documents, for which the same guarantee must be given in a technique of communication than in a technic of inspection, those which are transferable without additional precaution and those which must be subject to an "alternative procedure" because of their nature of very sensitive personal data.
This "alternative procedure" will take the shape of an examination of documents considered by Facebook as very sensitive and that it will communicate on a separate electronic support, by European Commission's agents, that we cannot a priori suspect to hijack law. This examination will take place in a "virtual data room" with Facebook's attorneys. In case of disagreement between Facebook and the investigators, the dispute could be solved by the director of information, communication and medias of the Directorate-General for Competition of the European Commission.
We can draw three lessons from this ordinance:
Oct. 19, 2020
Newsletter MAFR - Law, Compliance, Regulation
Full reference: Frison-Roche, M.-A., Conditions for the legality of a platform managed by an American company hosting European health data: French Conseil d'Etat decision, Newsletter MAFR - Law, Compliance, Regulation, 19th of October 2020
Read by freely subscribing the other news of the Newsletter MAFR - Law, Compliance, Regulation
News Summary: In its ordinance of 13th of October 2020, Conseil national du logiciel libre (called Health Data Hub), the Conseil d'Etat (French Administrative Supreme Court) has determined the legal rules governing the possibility to give the management of sensitive data on a platform to a non-europeans firm, through the specific case of the decree and of the contract by which the management of the platform centralizing health data to fight against Covid-19 has been given to the Irish subsidiary of an American firm, Microsoft.
The Conseil d'Etat used firstly CJEU case law, especially the decision of 16th of July 2020, called Schrems 2, in the light of which it was interpreted and French Law and the contract linking GIP and
The Conseil d'Etat concluded that it was not possible to transfer this data to United-Sates, that the contract could be only interpreted like this and that decree and contract's modifications secured this. But it observed that the risk of obtention by American public authorities was remaining.
Because public order requires the maintenance of this platform and that it does not exist for the moment other technical solution, the Conseil d'Etat maintained the principle of its management by Microsoft, until a European operator is found. During this, the control by the CNIL (French Data Regulator), whose the observations has been taken into consideration, will be operated.
We can retain three lessons from this great decision:
To go further about the question of Compliance Law concerning health data protection, read the news of 25th of August 2020: The always in expansion "Right to be Forgotten": a legitimate Oxymore in Compliance Law built on Information. Example of Cancer Survivors Protection
May 15, 2019
Editorial responsibilities : Direction of the "Regulations & Compliance" series, JoRC & Dalloz
General reference : Frison-Roche, M.-A. (ed.), Pour une Europe de la Compliance, serie "Régulations & Compliance", Dalloz & Journal of Regulation & Compliance, 2019, 124 pages.
This book is written in French. The topic is : "For the Europe of the Compliance".
See below its general presentation in English.
The political dimension is intrinsic to the Compliance Law. Indeed, compliance mechanisms consist of internalizing in certains companies the obligation to implement goals of general interest set by Public Authorities. These public bodies control the Ex Ante reorganization that implies for these companies and punish Ex Post the possible structural inadequacy of these compagnies, becoming transparent for this purpose.
This political dimension must be increased: the Compliance Law of Compliance must today be used to build Europe.
One can observe not only the construction of the European Compliance Law, object-by-object, sector-by-sector, purpose-by-purpose, but also the construction of the European Compliance Law that transcends and unifies them. Becoming independent of American Law and ceasing to be in reaction, even on the defensive, the Compliance Law contributes to the European project, offering it a higher ambition, that Europe can carry and, by this way, can carry the Europe itself, not only to preserve the European economy from corruption or money laundering, but by claiming the protection of nature and human beings.
This is why the book describes the "reasons and objectives" of the Europe of the Compliance, which makes it possible to describe, detect and even predict the ways and means.
Authors: Thierry Bonneau, Monique Canto-Sperber, Jean-Jacques Daigre, Charles Duchaine, Marie-Anne Frison-Roche, Arnaud de La Cotardière, Koen Lenaerts, Jean-Claude Marin, Didier Martin, Xavier Musca, Pierre Sellal et Pierre Vimont.
Each mention of an author refers to a summary of his contribution.
Read the working paper written in English by Marie-Anne Frison-Roche, base for her article published in French in the book : What the Law of Compliance can build relying of the European Humanist tradition.
Jan. 8, 2019
La collection Droit & Economie sort son 33ième volume.
Il est consacré à l'Europe, c'est-à-dire à l'amitié franco-allemande, puisqu'aujourd'hui c'est sur cette amitié-là que l'on peut croire encore à l'Europe.
Si l'on a une vision politique des espaces, alors c'est la notion d'amitié qui doit ressortir.
C'est autour d'elle que Bruno Le Maire a construit sa préface : lire la préface que le ministre de l'économie et des finances a fait à l'ouvrage.
Oct. 26, 2018
Thesaurus : Doctrine
La conformité dans le règlement UE n° 2016/679, du 27 avril 2016, relatif à la protection des personnes physiques à l'égard du traitement des données à caractère personnel et à la libre circulation de ces données
Référence complète : Rabagny-Lagoa, A., La conformité dans le règlement UE n° 2016/679, du 27 avril 2016, relatif à la protection des personnes physiques à l'égard du traitement des données à caractère personnel et à la libre circulation de ces données, in Petites Affiches, octobre 2018, n°215, pp. 8-14.
Les étudiants de Sciences po peuvent lire l'article via le Drive dans le dossier "MAFR - Régulation & Compliance".
March 1, 2018
Organization of scientific events
Le cycle de conférences Pour une Europe de la compliance débutant le 2 mars 2018 est organisé par le Journal of Regulation & Compliance (JoRC), en collaboration avec l’École d'affaires publiques de l’École d’Affaires Publiques de Sciences po (Paris), le Département d’Économie de Sciences po,,École de Droit de l'Université Panthéon-Sorbonne (Paris I), l’École doctorale de Droit privé de l'Université Panthéon-Assas (Paris II) et les Éditions Dalloz.
Consulter les informations relatives aux conférences :
June 1, 2015
Thesaurus : Doctrine
Référence complète : M., Mezaguer, Approche transactionnelle et garanties procédurales en droit antitrust de l'Union européenne in Revue de l'Union européenne, n° 389, 2015, p. 353.
Les étudiants de Sciences-Po peuvent lire l'article via le drive " MAFR – Régulation & Compliance "