Food for thoughts

🌐follow Marie-Anne Frison-Roche on LinkedIn

🌐subscribe to the Newsletter MAFR Regulation, Compliance, Law

____

► Full Reference: M.-A. Frison-Roche, "La compliance" ("Compliance"), in J.-B. Racine (ed.), Le droit économique au XXIe siècle. Notions et enjeux, LGDJ, "Droit & Économie" Serie, 2020, pp. 97-108

____

📝read the article (in French)

____

🚧read the bilingual Working Paper which is the basis of this article, with additional developments, technical references and hyperlinks

____

📕read a general presentation of the book, Le droit économique au XXIe siècle. Notions et enjeux, in which this article is published

____

📚see the presentation of the other books published in this Serie, founded and directed by Marie-Anne Frison-Roche

► English Summary of the article: 

________

Full reference: Vergnolle, S., L'effectivité de la protection des personnes par le droit des données à caractère personnel (The effectiveness of the protection of people by personal data Law (our translation)), Passa, J. (dir.), thesis, Law, Panthéon-Assas University (Paris II), 2020, 531 p.

Read the thesis (in French)

Read directly and only the table of contents (in French)

To go further about regulation of personal data, read: 

• Frison-Roche, M.-A., Rethinking the world from the notion of data, 2016
• Frison-Roche, M.-A., The regulatory conséquences of a world redesigned from the concept of data, 2016. 

Full Reference : Frison-Roche, M.-A., Rights, primary and natural Compliance Tools, Working Paper, July  2020.

This Working paper is the basis for an article published in the collective book  Compliance Tools .

____

There was a time when Regulatory techniques  were above all only calculations of the best tarifications, taken up by monopolistic companies, while Compliance techniques were only obedience to all rules governing us. All this could therefore only be business of abacus and badine, used by engineers and consisted only of mechanical reflexes of "conformity" to all kinds of rules with the corset ensuring that everyone is bent in front of them!footnote-1946. In the perspective of a Regulation and Compliance thus conceived, that is to say effective, it would not be necessary to insert prerogatives for people, since these could only be sources of inefficiency, of cost. and protest, where the order would come from figures set in advance and controlled processes.

Systems have since evolved to integrate these prerogatives of each person: rights. Is this evolution really acquired? Maybe more effectively in Regulation Law than in its extension which is Compliance Law. This may be surprising since Compliance Law, in that it extends Regulatory Law in enterprises should, on the contrary, promote rights by meeting the enterprise, which is a group of people ....!footnote-1986 . But the modern reluctance to define the enterprise (and the company) as a group of people and the preference given to a definition of the company (and the enterprise) as an "asset", a "good" of which investors would be the owners, maybe explains the sidelining of rights not only in Regulatory Law but also in Compliance Law even though it is being deployed in the space of the enterprise!footnote-1987.

In addition, if Regulation has long been the subject of a branch of Law in which rights have full place, the presentation of Compliance as "conformity", that is to say the proven assurance of obedience to all the applicable rules, leaves no space for the prerogatives of people, which appear rather as resistance to the obedience that would be expected of them. There again, the expectation of what would be a good ratio of conformity between behaviors and prescriptions would be obtained by a "design", data processing being the new form of calculation, improved by precision tools where the being human is not required!footnote-1989. His fallibility and the little confidence which one can place in him leads even to exclude the people and to conceive Compliance system between machines, not only to alert of the failures, but also to manufacture the "regulations" and to connect those. here, in a "regulatory fabric" without a jump stitch, entirely enveloping human beings!footnote-1990.

It would therefore be with regret, and probably because some constitutional jurisdictions still attach some value to fundamental rights that the systems of "conformity" of behavior to the rules make some room for the prerogatives of people, their more essential rights. It is sometimes said that this is part of the cost. It would therefore be as by "forcing" that rights would exist in Compliance systems, a kind of price that the effectiveness of Compliance must pay as a tribute to the Rule of Law principle!footnote-1991.

If in a poor definition Compliance is conceived in this only "conformity", leading to a landscape in which the behaviors of the people adjust to the rules governing the situations, Compliance being only the most "effective way" to ensure the application of the rules, in a mechanical perspective of Law, then it would effectively be necessary to reduce the prerogatives of people to a minimal part, because any "additional cost" is intended to disappear, even if it is produced here by constitutional requirements. In the looming battle between the effectiveness of the application of rules and the concern for the legal prerogatives of people who should above all obey and not claim their rights, especially their right not to obey , or their right to keep secret in Compliance techniques which is based on the centralization of information, the effectiveness of efficiency could only, by the very power of this tautology, prevail!footnote-1988... 

The defeat would not be total, however, collaboration would still be possible and active between people availing themselves of their rights and Compliance Law. Indeed, in many respects, if rights have been recognized in Compliance systems, it is not only because Compliance Law, like any branch of Law, can only be deployed with respect for fundamental rights. kept by fundamental legal texts, but also because of the effectiveness of rights as " Compliance Tools".

Indeed, because they constitute a very effective "tool" to ensure the entire functioning of a system whose goals are so difficult to achieve, because every effort must be made to achieve these goals, the public authorities not only rely on the power of crucial operators, but also distribute prerogatives to people who, thus encouraged, activate the Compliance system and participate in the achievement of the "monumental goals". Rights can prove to be the most effective tools to effectively achieve the goals set, to such an extent that they can be considered as "primary tools"  (I).

But it is necessary to be more ambitious, even to reverse the perspective. Indeed because all the Monumental Goals by which Compliance Law is defined can be reduced to the protection of people, that is to say to the effectiveness of their prerogatives, by a mirror effect between rights. given by Law to persons and the rights which constitute the very purpose of all Compliance Law, in particular the protection of all human beings, even if they are in a situation of great weakness, rights become a "natural tool" of Compliance Law (II).

Rights are the Compliance Law future. 

Full reference: Racine, J.-B. (ed.), Le droit économique au XXIe siècle. Notions et enjeux, Coll. Droit & Economie, LGDJ-Lextenso, 2020, 726 p.

____

Summary of the book : Economic Law has not been so important than today, at a time of phenomenal changes in our societies. Economics are everywhere and Law is directly requested, to accompany, frame and finalize economics. Economic Law, which remain without definition, must be perceived now as a fundamental understanding tool of the realities of our time. This book proposes both to take stock of what Economic Law is at the start of the XXIst century and to give prospective analysis of what it could be in the years to come. It has been designed as a collective research based on  30 key-words (like the firm, the market, globalization, artificial intelligence). Each author has taken a notion by placing it in a logic of Economic Law. It is therefore on a transversal and thematic analysis that the book is based.

Economic Law is an open house. While it seeks diverse schools of thought, it gives pride of place to diversity. The book has been realized in this spirit. If it gather many authors from Nice's school, it is also open to other perspectives and opinions. Economic Law, through its research topics and analysis methods is in constant change. This research shows that economics is a topic which crosses every legal branches, beyond business Law. 

The book is aimed at students wishing to familiarize themselves with Economic Law process, researchers intending to explore Economic Law themes in depth, and also practitioners who are looking for keys to understanding the current issues raised by the relationship between Law and Economics. 

List of authors:

• Jean-Baptiste Racine
• Éric Balate
• Jennifer Bardy
• Jean-Sylvestre Bergé
• Walid Chaiehloudj
• Jacques Chevallier
• Bruno Deffains
• Catherine Del Cont
• Pascale Deumier
• Isabelle Doussan
• Aude-Solveig Epstein
• Marie-Anne Frison-Roche
• Giulio Cesare Giorgini
• Lemy Godefroy
• Marie-Angèle Hermitte
• Clotilde Jourdain-Fortier
• Gilles J. Martin
• Frédéric Marty
• Séverine Menétrey
• Mehdi Mezaguer
• Eva Mouial Bassilana
• Irina Parachkévova-Racine
• Thomas Perroud
• Valérie Pironon
• Patrice Reis
• Fabrice Riem
• Jean-Christophe Roda
• Mahmoud Mohamed Salah
• Fabrice Siiriainen
• Katja Sontag
• Marina Teller
• Anne Trescases

Read the table of contents (in French)

Read Jean-Baptiste Racine's introductive article (in French)

Read Marie-Anne Frison-Roche's article (in French) and read the bilingual working paper on which this article is based. 

Full reference: Frison-Roche, M.-A., New SEC Report to Congress about Whistleblower Program: what is common between American and European conception, Newsletter MAFR - Law, Compliance, Regulation, 1st of December 2020

Read by freely subscribing other news of the Newsletter MAFR - Law, Compliance, Regulation

Summary of the news

Like every year since the adoption of the Dodd-Frank Act, the Securities and Exchanges Commission (SEC) and especially its Office of the Whistleblowers (OWB) handed to the Congress of the United-States a report about the success of its program concerning whistleblowers, especially estimated with the amount of financial rewards granted to them during the year. This report especially presents the amount granted to whistleblowers, the quality of the collected information and the efficacy of SEC's whistleblowers' protection process.

If Americans condition the effectiveness of whistleblowing to the remuneration of whistleblowers, Europeans oppose the "ethical whistleblower" who shares information for the love of Law to the "bounty hunter" uniquely motivated by financial reward and favor the former to the later, as it is proven in the French Law Sapin II of 2016 (which do not propose financial reward to whistleblowers) or the British Public Interest Disclosure of 1998 (which just propose a financial compensation of the whistleblower's losses linked to whistleblowing). 

However, American and European conceptions are not so far from each other. As United-States, Europe has a real care for legal effectivity, even if, because of their different legal traditions, Americans favor effectivity of rights while European favor effectivity of Law. If it places effectivity at the center of its preoccupations, Europe should conceive with less aversion the possibility to financially incite whistleblowers. Moreover, United-States and Europe share the same common willingness to protect whistleblowers and if rewarding would enable a better protection, then Europe should not reject it, as shows the recent declarations of the French Defenders of Rights. It is not excluded that both systems converges in a close future. 

Full reference: Chapron, J.-P., Dubost, C. and  Imalhayene, F., Labels RSE. Accompagner les entreprises et donner confiance à leurs parties prenantes (CSR labels. Support companies and give confidence to their stakeholders), Report submitted to the French Minister of Economy and Finances, 30th of November 2020, 81p.

Read the report (in French)

Read the synthesis of the observations and recommendations of this report by the Secretary to social, solidarity and responsible economy (in French)

Full reference: Lagarde, P., Preface of Le tournant global en droit international privé, Muir-Watt, H., Biziková, L., Brandão de Oliveira, A., Fernández Arroyo, D. P., Ma, M. (ed.), Editions Pedone, 2020, pp. 9-14

Read Paul Lagarde's preface (in French)

Full reference: Cour de Cassation, Chambre criminelle, 25th of November 2020 (18-86.955), Decision n°2333, société Iron mountain France SAS

Read the decision (in French)

Read the press release from the Cour de Cassation (in French)

​Read the explication note from the Cour de Cassation (in French)

Read Julie Gallois' comment

Summary of the decision

In this decision constituting a case law reversal, the Chambre criminelle of the Cour de Cassation decides that the firm which absorbs the one to which are imputable facts which can receive a penal qualification leading to penalties of fines has the aptitude to answer penally.

The decision precises that this reversal is applicable only to future cases, to respect the principle of predicability, except if this merging was operated only to escape from criminal responsibility of moral persons. 

This case is an example of the use of Criminal Liability Law as an incentive. 

Le Droit économique classique repose peu sur les droits subjectifs. Le droit de propriété est le seul droit subjectif nécessaire pour une économie de marché. En effet, la notion de "personne", c'est-à-dire l'aptitude à être titulaire de droits et d'obligations, est un préalable souvent mis de côté au profit de la notion d' "agent" ou d' "institution", et les autres  notions juridiques relèvent davantage des "libertés", tandis que la propriété est plutôt définie par les économistes présente la propriété plutôt comme le fait de maîtrise. Cette discrétion des droits subjectifs s'observe aussi bien en Droit de la concurrence qu'en Droit de la Régulation. 

Mais l'évolution du Droit de la Régulation se marque d'une part par l'explosion des droits subjectifs de toutes sortes, notamment processuels, et d'autre part par la reconnaissance du maniement de la propriété pour permettre à l'Etat de réguler un secteur, voire au-delà d'un secteur, notamment parce que la propriété du capital d'une société lui donne une puissance que le Droit public ne lui conférerait pas. C'est alors la puissance politique que le droit subjectif de propriété confère à travers la branche du Droit des Sociétés que l'Etat va utiliser, notamment à travers la constitution nouvelle et efficace de Groupe Public Unifié. C'est alors le Droit des sociétés, sur la base duquel il convient de revenir, qui donne à l'Etat un pouvoir de poursuivre un intérêt général, là où le Droit de la concurrence le lui conteste. En effet, basé sur le principe de la "neutralité du capital", la jurisprudence veut contraindre l'Etat à se comporter comme un investisseur normalement diligent..

Il demeure que la propriété privée, parce qu'elle n'exclut pas la qualification d'une entreprise comme "entreprise publique" peut être un moyen "efficace" de régulation. Il en est ainsi de la mutualisation des infrastructures et de la mutualisation des garanties. Dans une époque où l'Etat exprime de moins en moins sa souveraineté sous un mode budgétaire, c'est sans doute de cette façon que la Régulation peut exprimer le Politique.

Le Droit va lui-même accroître cette part politique que l'Etat peut exercer grâce au droit de propriété à travers le statut d'actionnaire ainsi conservé mais aussi à la technique de l'action spécifique. Ce pouvoir de bloquer les cessions dans les "opérateurs cruciaux" aura vocation à se développer d'autant plus que se dégagera la notion juridique d'Europe souveraine. De la même façon les buts d'intérêts collectifs ou d'intérêt général qui caractérisaient l'entreprise publique sont aujourd'hui partagées avec les entreprises à mission, telles que la loi dite PACTE de 2019 les a insérées en Droit français à travers la notion de raison d'être. 

D'une façon spécifique et au besoin :

• Se reporter au plan de la leçon
• Consulter les slides de la leçon

D'une façon plus générale et au besoin :

• Consulter le plan général du Cours de Droit commun de la Régulation
• Consulter la bibliographie générale du Cours de Droit commun de la Régulation

• Consulter le Dictionnaire bilingue de Droit de la Régulation et de Droit de la Compliance
• Consulter la Newsletter MAFR - Law, Compliance, Regulation

Voir ci-dessous la bibliographie spécifique à la leçon sur Droit de propriété privée et Régulation.

► Référence complète : Archives de Philosophie du Droit (APD), Le principe de précaution, t. 62, Dalloz, 2020, 580 p.

____

📗lire la 4ième de couverture

____

📗lire la table des matières

____

Voir la présentation d'autres tomes des Archives de Philosophie du Droit

________

► Référence complète : Margerie, G. de, "L'État et le Temps : Précaution, prospective et planification", in Archives de Philosophie du Droit (APD), Le principe de précaution, t. 62, Dalloz, 2020, pp.225-238. 

____

🦉Cet article est accessible en texte intégral pour les personnes inscrites aux enseignements de la Professeure Marie-Anne Frison-Roche

________

Full reference: Frison-Roche, M.-A., Facebook: Quand le Droit de la Compliance démontre sa capacité à protéger les personnes (Facebook: When Compliance Law proves its ability to protect people), interview with Olivia Dufour, Actu-juridiques Lextenso, 23rd of November 2020

Read the interview (in French)

Read the news of the Newsletter MAFR - Law, Compliance, Regulation about this question

Full reference: CJEU, 1st chamber, 18th of November 2020, decision C‑519/19, Ryanair DAC vs DelayFix

Read the decision

Summary of the decision

This decision of the CJEU of 18th of November 2020 is about the jurisdiction clause for any dispute in air transport contracts, here those of Ryanair. This decision is especially interesting about the question to know whether the professional assignee (collection company) of a debt whose holder was a consumer may or may not avail itself of the consumer protection provisions, canceling the scope of this type of clause. 

The Court takes back the criteria and the solution already used in 2019 about a credit contract: the protection applies by the criterion of the parties to the contract and not of the parties to the disputes. Such a clause is effective only if the integrality of the contract is transferred to the professional, and not only some of the stipulations.

This Regulatory decision, through "private enforcement", incentivizes consumers to transfer their compensation claim (around 250 euros) to collection companies which, in turn, discipline airlines to stay on schedule.

Full reference: US Securities and Exchanges Commission, Whistleblower Program. 2020 Annual Report to Congress, 16th of November 2020

Read the report

Read, to go further on the question of whistleblowers:

• Frison-Roche, M.-A., The impossible unicity of the legal category of whistleblowers, working paper, 2019

Full reference: Kessedjian, C., Le tiers impartial et indépendant en droit international. Juge, arbitre, médiateur, conciliateur, Académie de Droit international de La Haye, 2020, 769p.

Read the forth of cover (in French)

Read the table of content (in French)

This working paper served as a basis for an interview organized by Olivia Dufour in French in Actu-juridiques-Lextenso on 11st of January 2021. 

Full reference: Frison-Roche, M.-A., Due process and Personal Data Compliance Law: same rules, one Goal (CJEU, Order, October 29, 2020, Facebook Ireland Ltd v/ E.C.), Newsletter MAFR - Law, Compliance, Regulation, 1st of November 2020

Read by freely subscribing other news of the Newsletter MAFR - Law, Compliance, Regulation

Read Marie-Anne Frison-Roche's interview in Actu-juridiques about this decision (in French)

Summary of the news: 

As part of a procedure initiated for anti-competitive behaviors, the European Commission has three times requested, between the 13th of March and the 11th of November 2019, from Facebook the communication of information, reitarated in a decision in May 2020.  

Facebook contests it alleging that the requested documents would contain sensitive personal information that a transmission to the Commission would make accessible to a too broad number of observers, while "the documents requested under the contested decision were identified on the basis of wideranging search terms, (...) there is strong likelihood that many of those documents will not be necessary for the purposes of the Commission’s investigation". 

The contestation therefore evokes the violation of the principles of necessity and proportionality but also of due process because these probatory elements are collected without any protection and used afterwards. Moreover, Facebook invokes what would be the violation of a right to the respect of personal data of its employees whose the emails are transferred. 

The court reminds that the office of the judge is here constraint by the condition of emergency to adopt a temporary measure, acceptable by the way only if there is an imminent and irreversible damage. It underlines that public authorities benefit of a presumption of legality when they act and can obtain and use personal data since this is necessary to their function of public interest. Many allegations of Facebook are rejected as being hypothetical. 

But the Court analyzes the integrality of the evoked principles with regards with the very concrete case. But, crossing these principles and rights in question, the Court estimates that the European Commission did not respect the principle of necessity and proportionality concerning employees' very sensitive data, these demands broadening the circle of information without necessity and in a disproportionate way, since the information is very sensitive (like employees' health, political opinions of third parties, etc.). 

It is therefore appropriate to distinguish among the mass of required documents, for which the same guarantee must be given in a technique of communication than in a technic of inspection, those which are transferable without additional precaution and those which must be subject to an "alternative procedure" because of their nature of very sensitive personal data. 

This "alternative procedure" will take the shape of an examination of documents considered by Facebook as very sensitive and that it will communicate on a separate electronic support, by European Commission's agents, that we cannot a priori suspect to hijack law. This examination will take place in a "virtual data room" with Facebook's attorneys. In case of disagreement between Facebook and the investigators, the dispute could be solved by the director of information, communication and medias of the Directorate-General for Competition of the European Commission. 

___

We can draw three lessons from this ordinance: 

1. This decision shows that Procedural Law and Compliance Law are not opposed. Some often say that Compliance guarantees the efficacy and that Procedure guarantees fundamental rights, the protection of the one must result in the diminution of the guarantee of the other. It is false. As this decision shows it, through the key notion of sensitive personal data protection (heart of Compliance Law) and the care for procedure (equivalence between communication and inspection procedures; contradictory organization of the examination of sensitive personal data), we see once again that two branches of Law express the same care, have the same objective: protecting people. 
2. The judge is able to immediately find an operational solution, proposing "an alternative procedure" axed around the principle of contradictory and conciliating Commision's and Facebook's interests has shown that it was able to bring alternative solutions to the one it suspends the execution, appropriate solution to the situation and which equilibrate the interest of both parties. 
3. The best Ex Ante is the one which anticipate the Ex Post by the pre-constitution of evidence. Thus the firm must be able to prove later the concern that it had for human rights, here of employees, to not being exposed to sanctioning pubic authorities. This Ex Ante probatory culture is required not only from firms but also from public authorities which also have to give justification of their action. 

__________

Full reference: Frison-Roche, M.-A., From Competition Law to Compliance Law: example of French Competition Authority decision on central purchasing body in Mass Distribution, Newsletter MAFR - Law, Compliance, Regulation, 27th of October 2020

Read by freely subscribing the other news of the Newsletter MAFR - Law, Compliance

_____

Summary of the news: Through its decision of 22nd of October 2020, the Autorité de la concurrence (French Competition Authority) accepted the commitments proposed by retail sector's firms Casino, Auchan, Metro and Schiever so that their agreement by which a common body centralizes purchases from numerous retailers, allowing each to offer these products under private label, is admissible with regard to competitive requirements. 

In this particular case, the Authority had self-sized in July 2018, estimating that such a purchase center could harm competition, opening immediately a large consultation on the terms of the contract. In October 2018, the law Egalim permitted to the Authority to take temporary measures to suspend such a contract, what the Authority did from September. 

The convention parties' firms committed on the one hand to update their contract limiting the power on suppliers, especially small and very small suppliers, excluding totally of the field of the contract some kind of products, especially food products and reducing the share of bought products volume dedicated to their transformation in distributor brand. 

The Autorité de la concurrence accepts this proposal of commitments, congratulates itself of the protection of small suppliers operating like that and observe the similarity with the contract consisting in a purchase center between Carrefour and Tesco, which will be examined soon. 

_____

We can draw three lessons of this innovating decision, which could be a model for after: 

1. The technique of Compliance Law permits to the Autorité de la concurrence to find a reasonable solution for the future. 

• Indeed, rather than punishing much later by a simple fine or to annihilate the performing mechanism of the purchase center, the Authority obtains contract modifications. 
• The contract is structured and the obtained modifications are also structural. 
• The commitments are an Ex Ante technique, imposed to operators, for the future, in an equilibrium between competition, operators and consumers protection and the efficacy of the coordination between powerful operators. 
• The nomination of a monitor permits to build the future of the sector, thanks to the Ex Ante nature of Compliance Law. 

2. The retail sector finally regulated by Compliance technics.

• "Distribution law" always struggle to find its place, between Competition law and Contract Law, especially because we cannot consider it as a common "sector". 
• The Conseil constitutionnel (French constitutional court) refused a structural injunction power to the authority because it was contrary to business freedom and without any doubt ethics of business is not sufficient to the equilibrium of the sector.
• Through commitments given against a stop of pursuits relying on structuring contracts, it is by Compliance law that a Regulation law free of the condition of existence of a sector could leave.

3. The political nature of Compliance law in the retail sector

• As for digital space, which is not a sector, Compliance law can directly impose to actors imperatives that are strangers to them. 
• In the digital space, the care for fighting against Hate and for protecting private life; here the care for small and very small suppliers. 

___________

See in counterpoints the pursuit of a contentious procedure against Sony, whose the proposals of commitments, made after a public consultation, were not found satisfying.

To go further, on the question of Compliance law permitting through indirect way the rewriting by the Conseil of a structuring contract (linking a platform created by the State to centralize health data with an American firm subsidy to manage them).

Full reference: Frison-Roche, M.-A., "Health Data Hub est un coup de maître du Conseil d'Etat", interview realized by Olivia Dufour for Actu-juridiques, Lextenso, 22nd of October 2020

Read the news of 19th of October 2020 of the Newsletter MAFR - Law, Compliance, Regulation on which relies this interview: Conditions for the legality of a platform managed by an American company hosting European health data​: French Conseil d'Etat decision 

To go further, on the question of Compliance Law concerning Health Data Protection, read the news of 25th of August 2020: The always in expansion "Right to be Forgotten"​: a legitimate Oxymore in Compliance Law built on Information. Example of​ Cancer Survivors Protection 

Full reference: Coeurquetin, R., Comparaison mécanique des versions 2017 et 2020 des recommendations de l'Agence Française Anti-corruption sur la cartographie des risques de corruption, October 2020, 9 p. 

Read the mechanical comparison (in French)

To go further on the question of risk mapping, read Marie-Anne Frison-Roche's working papers: Drawing up Risk Maps a an Obligation and the Paradoxe of "Compliance Risks" and Anchor Points of the Risk Mapping in the Legal System

Full reference: Frison-Roche, M.-A., Conditions for the legality of a platform managed by an American company hosting European health data​: French Conseil d'Etat decision, Newsletter MAFR - Law, Compliance, Regulation, 19th of October 2020

Read by freely subscribing the other news of the Newsletter MAFR - Law, Compliance, Regulation

___

News Summary: In its ordinance of 13th of October 2020, Conseil national du logiciel libre (called Health Data Hub), the Conseil d'Etat (French Administrative Supreme Court) has determined the legal rules governing the possibility to give the management of sensitive data on a platform to a non-europeans firm, through the specific case of the decree and of the contract by which the management of the platform centralizing health data to fight against Covid-19 has been given to the Irish subsidiary of an American firm, Microsoft. 

The Conseil d'Etat used firstly CJEU case law, especially the decision of 16th of July 2020, called Schrems 2, in the light of which it was interpreted and French Law and the contract linking GIP and

The Conseil d'Etat concluded that it was not possible to transfer this data to United-Sates, that the contract could be only interpreted like this and that decree and contract's modifications secured this. But it observed that the risk of obtention by American public authorities was remaining. 

Because public order requires the maintenance of this platform and that it does not exist for the moment other technical solution, the Conseil d'Etat maintained the principle of its management by Microsoft, until a European operator is found. During this, the control by the CNIL (French Data Regulator), whose the observations has been taken into consideration, will be operated. 

We can retain three lessons from this great decision:

• There is a perfect continuum between Ex Ante and Ex Post, because by a referred, the Conseil d'Etat succeed in obtaining an update of the decree, a modification of the contractual clauses by Microsoft and of the words of the Minister in order to, as soon as possible, the platform is managed by an European operator. Thus, because it is Compliance Law, the relevant time of the judge is the future. 
• The Conseil d'Etat put the protection of people at the heart of its reasoning, what is compliant to the definition of Compliance Law. It succeeded to solve the dilemma: either protecting people thanks to the person to fight against the virus, or protecting people by preventing the centralization of data and their captation by American public authorities. Through a "political" decision, that is an action for the future, the Conseil found a provisional solution to protect people against the disease and against the dispossession of their data, requiring that an European solution is found. 
• The Conseil d'Etat emphasized the Court of Justice of The European Union as the alpha and omega of Compliance Law. By interpreting the contract between a GIP (Public interest Group) and an Irish subsidy of an American group only with regards to the case law of the Court of Justice of European Union, the Conseil d'Etat shows that sovereign Europe of Data can be built. And that courts are at the heart of this. 

___________

Read the interview given on this Ordinance Health Data Hub

To go further about the question of Compliance Law concerning health data protection, read the news of 25th of August 2020: The always in expansion "Right to be Forgotten"​: a legitimate Oxymore in Compliance Law built on Information. Example of​ Cancer Survivors Protection 

Full reference: Serious Fraud Office, Operational Handbook about Deferred Prosecution Agreements, October 2020

Read the Operational Handbook

Full reference: Frison-Roche, M.-A., Et si le secret de l’avocat était l’allié de la lutte contre le blanchiment ?, interview realized by Olivia Dufour for Actu-juridiques, Lextenso, 15th of October 2020

Read the interview (in French)

To go deeper on the place of the attorney in Compliance Law, read Marie-Anne Frison-Roche's working paper: The Attorney, Vector of Conviction in the New Compliance System

Full reference: Petit, N., Droit européen de la concurrence, 3rd edition, Collection "Précis Domat Droit Public/Droit privé", LGDJ-Lextenso, 2020

Read the forth of cover (in French)

Read the table of contents (in French)

Full reference: Financial Stability Board, The Use of Supervisory and Regulatory Technology by Authorities and Regulated Institutions. Market Developments and Stability Implications, Report of 9th of October 2020, 36 p. 

Read the report

Read the presentation of the report by the Financial Stability Board

To go further on the question of the use of new technologies in regulatory processes, read Marie-Anne Frison-Roche's working paper: Analysis of blockchains with regards with the uses they can fulfill and the functions that the ministerial officers must ensure