Food for thoughts

Full reference: Frison-Roche, M.-A., Due process and Personal Data Compliance Law: same rules, one Goal (CJEU, Order, October 29, 2020, Facebook Ireland Ltd v/ E.C.), Newsletter MAFR - Law, Compliance, Regulation, 1st of November 2020

Read by freely subscribing other news of the Newsletter MAFR - Law, Compliance, Regulation

Read Marie-Anne Frison-Roche's interview in Actu-juridiques about this decision (in French)

Summary of the news: 

As part of a procedure initiated for anti-competitive behaviors, the European Commission has three times requested, between the 13th of March and the 11th of November 2019, from Facebook the communication of information, reitarated in a decision in May 2020.  

Facebook contests it alleging that the requested documents would contain sensitive personal information that a transmission to the Commission would make accessible to a too broad number of observers, while "the documents requested under the contested decision were identified on the basis of wideranging search terms, (...) there is strong likelihood that many of those documents will not be necessary for the purposes of the Commission’s investigation". 

The contestation therefore evokes the violation of the principles of necessity and proportionality but also of due process because these probatory elements are collected without any protection and used afterwards. Moreover, Facebook invokes what would be the violation of a right to the respect of personal data of its employees whose the emails are transferred. 

The court reminds that the office of the judge is here constraint by the condition of emergency to adopt a temporary measure, acceptable by the way only if there is an imminent and irreversible damage. It underlines that public authorities benefit of a presumption of legality when they act and can obtain and use personal data since this is necessary to their function of public interest. Many allegations of Facebook are rejected as being hypothetical. 

But the Court analyzes the integrality of the evoked principles with regards with the very concrete case. But, crossing these principles and rights in question, the Court estimates that the European Commission did not respect the principle of necessity and proportionality concerning employees' very sensitive data, these demands broadening the circle of information without necessity and in a disproportionate way, since the information is very sensitive (like employees' health, political opinions of third parties, etc.). 

It is therefore appropriate to distinguish among the mass of required documents, for which the same guarantee must be given in a technique of communication than in a technic of inspection, those which are transferable without additional precaution and those which must be subject to an "alternative procedure" because of their nature of very sensitive personal data. 

This "alternative procedure" will take the shape of an examination of documents considered by Facebook as very sensitive and that it will communicate on a separate electronic support, by European Commission's agents, that we cannot a priori suspect to hijack law. This examination will take place in a "virtual data room" with Facebook's attorneys. In case of disagreement between Facebook and the investigators, the dispute could be solved by the director of information, communication and medias of the Directorate-General for Competition of the European Commission. 

___

We can draw three lessons from this ordinance: 

1. This decision shows that Procedural Law and Compliance Law are not opposed. Some often say that Compliance guarantees the efficacy and that Procedure guarantees fundamental rights, the protection of the one must result in the diminution of the guarantee of the other. It is false. As this decision shows it, through the key notion of sensitive personal data protection (heart of Compliance Law) and the care for procedure (equivalence between communication and inspection procedures; contradictory organization of the examination of sensitive personal data), we see once again that two branches of Law express the same care, have the same objective: protecting people. 
2. The judge is able to immediately find an operational solution, proposing "an alternative procedure" axed around the principle of contradictory and conciliating Commision's and Facebook's interests has shown that it was able to bring alternative solutions to the one it suspends the execution, appropriate solution to the situation and which equilibrate the interest of both parties. 
3. The best Ex Ante is the one which anticipate the Ex Post by the pre-constitution of evidence. Thus the firm must be able to prove later the concern that it had for human rights, here of employees, to not being exposed to sanctioning pubic authorities. This Ex Ante probatory culture is required not only from firms but also from public authorities which also have to give justification of their action. 

__________

Full reference: Frison-Roche, M.-A., From Competition Law to Compliance Law: example of French Competition Authority decision on central purchasing body in Mass Distribution, Newsletter MAFR - Law, Compliance, Regulation, 27th of October 2020

Read by freely subscribing the other news of the Newsletter MAFR - Law, Compliance

_____

Summary of the news: Through its decision of 22nd of October 2020, the Autorité de la concurrence (French Competition Authority) accepted the commitments proposed by retail sector's firms Casino, Auchan, Metro and Schiever so that their agreement by which a common body centralizes purchases from numerous retailers, allowing each to offer these products under private label, is admissible with regard to competitive requirements. 

In this particular case, the Authority had self-sized in July 2018, estimating that such a purchase center could harm competition, opening immediately a large consultation on the terms of the contract. In October 2018, the law Egalim permitted to the Authority to take temporary measures to suspend such a contract, what the Authority did from September. 

The convention parties' firms committed on the one hand to update their contract limiting the power on suppliers, especially small and very small suppliers, excluding totally of the field of the contract some kind of products, especially food products and reducing the share of bought products volume dedicated to their transformation in distributor brand. 

The Autorité de la concurrence accepts this proposal of commitments, congratulates itself of the protection of small suppliers operating like that and observe the similarity with the contract consisting in a purchase center between Carrefour and Tesco, which will be examined soon. 

_____

We can draw three lessons of this innovating decision, which could be a model for after: 

1. The technique of Compliance Law permits to the Autorité de la concurrence to find a reasonable solution for the future. 

• Indeed, rather than punishing much later by a simple fine or to annihilate the performing mechanism of the purchase center, the Authority obtains contract modifications. 
• The contract is structured and the obtained modifications are also structural. 
• The commitments are an Ex Ante technique, imposed to operators, for the future, in an equilibrium between competition, operators and consumers protection and the efficacy of the coordination between powerful operators. 
• The nomination of a monitor permits to build the future of the sector, thanks to the Ex Ante nature of Compliance Law. 

2. The retail sector finally regulated by Compliance technics.

• "Distribution law" always struggle to find its place, between Competition law and Contract Law, especially because we cannot consider it as a common "sector". 
• The Conseil constitutionnel (French constitutional court) refused a structural injunction power to the authority because it was contrary to business freedom and without any doubt ethics of business is not sufficient to the equilibrium of the sector.
• Through commitments given against a stop of pursuits relying on structuring contracts, it is by Compliance law that a Regulation law free of the condition of existence of a sector could leave.

3. The political nature of Compliance law in the retail sector

• As for digital space, which is not a sector, Compliance law can directly impose to actors imperatives that are strangers to them. 
• In the digital space, the care for fighting against Hate and for protecting private life; here the care for small and very small suppliers. 

___________

See in counterpoints the pursuit of a contentious procedure against Sony, whose the proposals of commitments, made after a public consultation, were not found satisfying.

To go further, on the question of Compliance law permitting through indirect way the rewriting by the Conseil of a structuring contract (linking a platform created by the State to centralize health data with an American firm subsidy to manage them).

Full reference: Coeurquetin, R., Comparaison mécanique des versions 2017 et 2020 des recommendations de l'Agence Française Anti-corruption sur la cartographie des risques de corruption, October 2020, 9 p. 

Read the mechanical comparison (in French)

To go further on the question of risk mapping, read Marie-Anne Frison-Roche's working papers: Drawing up Risk Maps a an Obligation and the Paradoxe of "Compliance Risks" and Anchor Points of the Risk Mapping in the Legal System

Full reference: Frison-Roche, M.-A., "Health Data Hub est un coup de maître du Conseil d'Etat", interview realized by Olivia Dufour for Actu-juridiques, Lextenso, 22nd of October 2020

Read the news of 19th of October 2020 of the Newsletter MAFR - Law, Compliance, Regulation on which relies this interview: Conditions for the legality of a platform managed by an American company hosting European health data​: French Conseil d'Etat decision 

To go further, on the question of Compliance Law concerning Health Data Protection, read the news of 25th of August 2020: The always in expansion "Right to be Forgotten"​: a legitimate Oxymore in Compliance Law built on Information. Example of​ Cancer Survivors Protection 

Full reference: Frison-Roche, M.-A., Conditions for the legality of a platform managed by an American company hosting European health data​: French Conseil d'Etat decision, Newsletter MAFR - Law, Compliance, Regulation, 19th of October 2020

Read by freely subscribing the other news of the Newsletter MAFR - Law, Compliance, Regulation

___

News Summary: In its ordinance of 13th of October 2020, Conseil national du logiciel libre (called Health Data Hub), the Conseil d'Etat (French Administrative Supreme Court) has determined the legal rules governing the possibility to give the management of sensitive data on a platform to a non-europeans firm, through the specific case of the decree and of the contract by which the management of the platform centralizing health data to fight against Covid-19 has been given to the Irish subsidiary of an American firm, Microsoft. 

The Conseil d'Etat used firstly CJEU case law, especially the decision of 16th of July 2020, called Schrems 2, in the light of which it was interpreted and French Law and the contract linking GIP and

The Conseil d'Etat concluded that it was not possible to transfer this data to United-Sates, that the contract could be only interpreted like this and that decree and contract's modifications secured this. But it observed that the risk of obtention by American public authorities was remaining. 

Because public order requires the maintenance of this platform and that it does not exist for the moment other technical solution, the Conseil d'Etat maintained the principle of its management by Microsoft, until a European operator is found. During this, the control by the CNIL (French Data Regulator), whose the observations has been taken into consideration, will be operated. 

We can retain three lessons from this great decision:

• There is a perfect continuum between Ex Ante and Ex Post, because by a referred, the Conseil d'Etat succeed in obtaining an update of the decree, a modification of the contractual clauses by Microsoft and of the words of the Minister in order to, as soon as possible, the platform is managed by an European operator. Thus, because it is Compliance Law, the relevant time of the judge is the future. 
• The Conseil d'Etat put the protection of people at the heart of its reasoning, what is compliant to the definition of Compliance Law. It succeeded to solve the dilemma: either protecting people thanks to the person to fight against the virus, or protecting people by preventing the centralization of data and their captation by American public authorities. Through a "political" decision, that is an action for the future, the Conseil found a provisional solution to protect people against the disease and against the dispossession of their data, requiring that an European solution is found. 
• The Conseil d'Etat emphasized the Court of Justice of The European Union as the alpha and omega of Compliance Law. By interpreting the contract between a GIP (Public interest Group) and an Irish subsidy of an American group only with regards to the case law of the Court of Justice of European Union, the Conseil d'Etat shows that sovereign Europe of Data can be built. And that courts are at the heart of this. 

___________

Read the interview given on this Ordinance Health Data Hub

To go further about the question of Compliance Law concerning health data protection, read the news of 25th of August 2020: The always in expansion "Right to be Forgotten"​: a legitimate Oxymore in Compliance Law built on Information. Example of​ Cancer Survivors Protection 

Full reference: Serious Fraud Office, Operational Handbook about Deferred Prosecution Agreements, October 2020

Read the Operational Handbook

Full reference: Frison-Roche, M.-A., Et si le secret de l’avocat était l’allié de la lutte contre le blanchiment ?, interview realized by Olivia Dufour for Actu-juridiques, Lextenso, 15th of October 2020

Read the interview (in French)

To go deeper on the place of the attorney in Compliance Law, read Marie-Anne Frison-Roche's working paper: The Attorney, Vector of Conviction in the New Compliance System

Full reference: Petit, N., Droit européen de la concurrence, 3rd edition, Collection "Précis Domat Droit Public/Droit privé", LGDJ-Lextenso, 2020

Read the forth of cover (in French)

Read the table of contents (in French)

Full reference: Tribunal judiciaire de Paris, 9th of October 2020, Ordonnance de référé, Veolia/Suez, N° RG 20/56077

Read the ordonnance de référé (in French)

Full reference: Financial Stability Board, The Use of Supervisory and Regulatory Technology by Authorities and Regulated Institutions. Market Developments and Stability Implications, Report of 9th of October 2020, 36 p. 

Read the report

Read the presentation of the report by the Financial Stability Board

To go further on the question of the use of new technologies in regulatory processes, read Marie-Anne Frison-Roche's working paper: Analysis of blockchains with regards with the uses they can fulfill and the functions that the ministerial officers must ensure  

Full reference: CJEU, Grand Chamber, 6th of October 2020, Privacy International c/ Secretary of State for Foreign and Commonwealth Affairs, C-623/17.

Read the judgment 

Read the summary of the judgment (in French)

Read the opinion of the Advocate General 

Read the reference for a preliminary ruling from the Investigatory Powers Tribunal - London (United Kingdom)

Full reference of the guidelines: Commission Nationale de l'Informatique et des Libertés (CNIL), Délibération n°2020-091 du 17 septembre 2020 portant adoption de lignes directrices relatives à l'application de l'article 82 de la loi du 6 janvier 1978 modifiée aux opérations de lecture et écriture dans le terminal d'un utilisateur (notamment aux "cookies et autres traceurs") et abrogeant la délibération n°2019-093 du 4 juillet 2019 

Full reference of the recommendation: Commission Nationale de l'Informatique et des Libertés (CNIL), Délibération n°2020-092 du 17 septembre 2020 portant adoption d'une recommandation proposant des modalités pratiques de mise en conformité en cas de recours aux "cookies et autres traceurs". 

Read the guidelines (in French)

Read the recommendation (in French)

Read the presentation of these guilines and of this recommendation by the CNIL (in French) 

Read Marie-Anne Frison-Roche's comment about this in the Newsletter MAFR - Law, Regulation & Compliance of 1st of October 2020

Full reference: Frison-Roche, M.-A., Judge between Platform and Regulator: current example of Uber case in U.K., Newsletter MAFR - Law, Compliance, Regulation, 29th of September 2020

Read by freely subscribing the other news of the Newsletter MAFR - Law, Compliance, Regulation

Summary of the news:

On 22nd of September 2017, Transport of London (TFL), London Transport Regulator, refused to renew the licence, granted on 31st of May 2012 for 5 years, authorizing Uber to transport people because of criminal offenses committed by Uber's drivers. On 26th of June 2018, The Westminster Court prolonged Uber's licence for 15 months under the condition that the platform prevent the reproachable behaviors of its drivers. After these 15 months, the TFL refused once again to prolonge Uber's licence because of the persistence of aggressions against passengers. Uber, once again, contest this decision before the Westminster Court. 

In a decision of 28th of September 2020, the Court observes that during the 15 months, the platform implemented many measures to prevent aggressions, that the level of maturity of these measures has improved over time and that the number of offenses was reduced over the period (passing from 55 in 2018 to 4 in 2020). The Court estimated the the implementation of this actions is sufficient to grant a new licence to Uber. 

We can learn three lessons from this decision: 

1. The Compliance obligation is not a result obligation but a mean obligation, which means that it is not reasonable to expect from a crucial operator (Uber, for instance) that it prevent every cases of agression but that it is salient to judge it on the effort it deploys to try to be closer to this ideal situation. Moreover, the crucial operator must be proactive, that is going away from the figure of passive subject of Law who apply measures enacted by the regulator in terms of fighting against aggressions to be an actor of the research of the best way to fight abusive behaviors, internalizing this "monumental goal. 
2. The judge appreciates the violation committed by those whose the firm is responsible "in context", that is evaluates the concrete situation in a reasonable way. 
3. It is the judge who decides in last resort and like the crucial operator, it must be reasonable. 

Read to go further:

• Frison-Roche, M.-A., Firm, Regulator and Judge: thinking Compliance through these three characters, 2018
• The report of the Assemblée nationale (French Parliament chamber) on the question 

Full reference: Giuliani-Viallard, A., The Europe of Compliance, at the heart of tomorrow's world. For a transformation of our European businesses and the upturn in their international competitiveness, European Issue, n°572, policy paper from the Robert Schuman Foundation, 28th of September 2020, 3 p.

Read the policy paper

Full reference: Frison-Roche, M.-A., The Economic Impact of Law: a new report about it. And what about Regulation & Compliance? 3 lessons, Newsletter MAFR - Law, Regulation, Compliance, 24th of September 2020

Read by freely subscribing the other news of the Newsletter MAFR - Law, Regulation, Compliance

Summary of the news: 

On 18th of September 2020, the European Economic and Social Committee (EESC) published a report about the impact of Rule of Law on Economic Growth. 

The EESC defines the Rule of Law as the obligation to "all public powers act within the constraints laid down by law, in accordance with the values of democracy and fundamental rights, and under the control of independent and impartial courts". According to the Committee, the Rule of Law thus defined is favorable and even necessary to a durable economic growth especially because instability of regulations, absence of guarantee of labor and property rights, discrimination or non-application of contracts poorly favors or are detrimental for investments and economic agents' productive activities. The EESC observes by the way that countries which respect the Rule of Law grow more rapidly than those which do not respect it. The Committee also insists on the destructive effect of corruption which destroys public services, public action, public institutions on the long run and confidence, increasing inequalities. 

Although EESC approves the actions of European Commission to advance Rule of Law in the Union, it however invites the Commission to continue its efforts by giving a more important place to jurisdictions and by protecting better media freedom in a context of rising autocratic forces in Eastern Europe. 

We can learn three lessons from this report:

1. The common interest of European Union States to guarantee the Rule of Law. Indeed, Rule of Law is not only written in article 2 of TFEU and has been consecrated by CJEU case law, it is also a condition of economic progress. 
2. The fight against corruption must be the object of a redoubled effort. In this perspective, Compliance Law is able to offer appropriate innovating legal tools.
3. To a definition of Regulation and Compliance Law as a simple process of application of mechanical legal rules, it is necessary to substitute a definition of Regulation and Compliance Law based on the notion of "monumental goals" and people protection. In this perspective, these branches of Law would prove to be powerful tools in the service of the advancement of the rule of law in the European space.

Full reference: Frison-Roche, M.-A., Interregulation: way of "cooperation protocol"​ between Regulatory Bodies. Example between French Financial Markets Authority and Anticorruption Agency, Newsletter MAFR - Law, Compliance, Regulation, 22nd of September 2020

Read by freely subscribing other news of the Newsletter MAFR - Law, Compliance, Regulation

Summary of the news: 

Although Regulation Law was born from the notion "sector", constant interferences between sectors and frequent interactions between some sectors and more general questions common to different sectors, make interregulation necessary. Compliance Law being the extension of Regulation Law, this interregulation mechanism is also necessary in Compliance Law. 

This interregulation can take many legal paths like letters exchanges between regulators, the creation of a network of regulators and supervisors at the world level or about some specific question or the adoption of a "cooperation protocol" as the AMF (French Financial Market Regulator) and the AFA (French Anticorruption Agency) did on 16th of September 2020 to reinforce their respective fight against corruption, against market abuses and for the protection of investors. 

This cooperation protocol between the AFA and the AMF has the following subjects:

• A more efficient methodology concerning the research and the analysis of corruption and market abuses.
• A more efficient prevention of corruption and market abuses.
• A better capacity to give recommendations of new regulations to the Legislator.
• A more rigorous monitoring of international works on the topic. 
• A more coherent information for the public.

Are regulators the new teachers? 

Full reference: Frison-Roche, M.-A., Regulation, Compliance & Cinema: learning about Internet Regulation with the series "Criminals"​, Newsletter MAFR - Law, Compliance, Regulation, 21st of September 2020

Read by freely subscribing other news of the Newsletter MAFR - Law, Compliance, Regulation

Summary of the news: 

Season 2 Episode 3 of the British version of the series "Criminals" features the character of Danielle. Danielle is a mother which has decided to hunt down pedophiles on social networks in order to trap them and show to the world their acts. Danielle insists on the efficiency of her action with regard to the police and justice that she finds unproductive. In the episode, Danielle is accused of defamation by the police. While policemen try to explain to Danielle the importance of using a regular procedure and to respect the Rule of Law aiming to prove its accusations, she makes efficiency her only principle. According to her, her methods get results (on the contrary of those used by the police which respect procedures) and those she accuses to be pedophiles do not deserve defense rights. 

We can learn three lessons from Danielle's story: 

1. If Compliance Law is just a process of application of mechanical rules, then Rule of Law is not salient face to the principle of efficiency. But, if Compliance Law is defined by its "monumental goals" and that the respect of Rule of Law is erected in "monumental goal", then efficiency and Rule of Law become compatible and congruent. 
2. The digital space must be disciplined by crucial digital firms supervised by public authorities, like in France or Germany for hate speeches and disinformation. 
3. Compliance Law, and Law in general, must be pedagogue towards individuals as Danielle which do not understand why their behaviors are reproachable. 

This working paper is an extraction of an eponym newsletter published in the Newsletter MAFR - Law, Regulation & Compliance on 21st of September 2020 on LinkedIn.

Read the newsletter of 21st of September 2020

Full reference: Lamoureux, M., Droit de l'énergie, Collection "Précis Domat Droit public/Droit privé", LGDJ-Lextenso, 2020

Read the forth of cover (in French)

Read the table of contents (in French)

🌐follow Marie-Anne Frison-Roche on LinkedIn

🌐subscribe to the Newsletter MAFR Regulation, Compliance, Law 

____

Full reference: M.-A. Frison-Roche, Se tenir bien dans l'espace numérique, in Penser le droit de la pensée. Mélanges en l'honneur de Michel Vivant, Lexis Nexis and Dalloz, 2020, pp. 155-168.

____

📝Read the article (in French)

____

🚧Read the working paper, written in English, on which this article is based, with additional developments, technical references, and hyperlinks

English summary of the article: The digital space is one of the scarce spaces not framed by a specific branch of Law, Freedom also offering opportunity to its actors to not "behave well", that is to express and diffuse broadly and immediately hateful thoughts through Hate speechs, which remained before in private or limited circles. The intimacy of Law and of the legal notion of Person is broken: Digital permits to individuals or organizations to act as demultiplied and anonymous characters, digital depersonalized actors who carry behaviors that are hurtful to other's dignity. 

Against that, Compliance Law offers an appropriate solution: internalizing in digital crucial operators the mission to disciplinary and substantially hold the digital space. The digital space has been structured by powerful firms able to maintain order. Because Law must not reduce digital space to be only a neutral market of digital prestations, these crucial operators, like social networks or search engines, must be forced to substantially control behaviors. It could be about an obligation of internet users to act with their face uncover, "real identity" policy controlled by firms, and to respect others' rights, privacy rights, dignity, intellectual property rights. In their Regulatory function, digital crucial firms must be supervised by public authorities. 

Thus, Compliance law substantially defined is the protector of the person as "subject of law" in the digital space, by the respect that others must have, this space passing from the status of free space to the one of civilized space, in which everyone is obliged to behave well. 

______

Read to go further: 

• Frison-Roche, M.-A., L'apport du Droit de la Compliance à la gouvernance d'Internet, 2019
• Frison-Roche, M.-A. (dir.), Internet, un espace d'interrégulation, 2016

Full reference: Agence Française Anticorruption (French anticorruption agency), Département de l'appui aux acteurs économiques (Support to economic actors department), La politique cadeaux et invitations dans les entreprises, les EPIC, les associations et les fondations (Gifts and invitations policy for firms, public firms, associations and fondations), Guide pratique 2020 (Practical Guide 2020), 11th of September 2020, 14 p.

Read the practical guide in French

Full reference: Frison-Roche, M.-A., Responding to an email with "serious anomalies"​,transferring personal data, blocks reimbursement by the bank: French Cour de cassation, July 1st 2020, Newsletter MAFR - Law, Compliance, Regulation, 10th of September 2020

Read by freely subscribing other news of the Newsletter MAFR - Law, Compliance, Regulation

Summary of the news

"Phishing" is a kind of cyber criminality aiming to obtain, by sending fraudulent emails which look like to those sent by legitimate organisms, recipient's personal information in order to impersonate or steal him or her. As it is difficult to find the authors of "phishing" and to prove their intentionality in order to punish them directly, on mean to fight against "phishing" could be to entitle banks to secure their information network and, to accompany this obligation with a strong incentive, to convict them to reimburse the victims in case of robbery of their personal data.  

In 2015, a client victime of this kind of fraud asked to his bank, the Crédit Mutuel, to reimburse him the amount stole, what the bank refused to do on the grounds that the client committed a fault, transferring its confidential information without checking the email, however grossly counterfeit. The Court of first instance gave reason to the client because although he committed this fault, he was in good faith. This judgment was broken by the Chambre commerciale de la Cour de cassation (French Judicial Supreme Court) by a decision of 1st of July 2020 which states that this serious negligence, exclusive of any consideration of good faith, justifies the absence of reimbursement by the bank.

___

From this particular case, we can draw three lessons: 

1. The Cour de Cassation states that good faith is not a salient criterion and that, as the bank must react when a banking account is objectively abnormal, the client must react face to an obviously abnormal email. 
2. The Cour de Cassation describes the repartition of proof burden. Proof obligations are alternatively distributed between the bank and its client. First, the bank must secure its information network but, secondly, the client must take every reasonable measure to preserve its safety. It results from this that, if the email seems normal, phishing damages must be supported by the bank, and more generally of by the firm, while if the email is obviously abnormal, they must be supported by the client, but the burden to prove the abnormality of the email must be supported by the firm and not by the client. 
3. Such a proof system shows that Compliance Law includes a pedagogic mission by educating each client in order to he or she would be able to distinguish among his or her emails, those which are normal and those which are obviously suspect. This pedagogic dimension, with the legal consequences associated to it, will not stop to spread. 

______

Full reference: Frison-Roche, M.-A., Freedom&Media: when Italian Media Regulation's real "goal"​ is not Pluralism Protection, Freedom of Establishment prevails (CJEU, 3 Sept.2020,Vivendi), Newsletter MAFR - Law, Regulation, Compliance, 9th of September 2020

Read by freely subscribing other news of the Newsletter MAFR - Law, Regulation, Compliance

Summary of the news

The media sector is organized on an equilibrium between the principle of competition and other concerns like information pluralism. Generally, competition Law by making market accessible to many competitors ensures information pluralism. But, this is not the case if an operator get an excessive market power, running risk not only for competition but also for information pluralism. It is the reason why the Italian legal system forbids the constitution of an operator gathering more than 40% of the total income generated by the media sector or more than 10% of the total income generated by the Italian communication sector. 

In 2016, Vivendi, a French media group, got more than 28% of the Mediaset Group's actions and around 30% of its voting right. The Italian communication regulation authority sized by Mediaset demands in 2017 to Vivendi to ends its participations in the group Mediaset. Vivendi contested this decision before the regional administrative court which referred to the Court of Justice of the European Union in order to know if freedom of establishment can legitimately be discarded in favor of information pluralism in this concrete case. The Court of Justice answered, in a decision of 3rd of September 2020, that the restriction of the freedom of establishment can in principle be justified by a general interest objective such as information pluralism protection but that in this concrete case, this is not justified because the fact that a firm is committed in the transmission of contents does not necessarily give it the power to control the production of such contents.

We can learn three lessons form this case:

1. The Court precises that even if the principle is the freedom of establishment, it is possible to discard it to protect information pluralism protection under the condition that the concerned member State do not use this legitimate power to create a political monopoly, the burden of proof falling on the person attacking national legislation and not on the Member State.
2. The Court distinguishes transmission of contents and production of contents and explains that if the State rejects this decision, the burden falling to it to prove the concrete links between these two activities.
3. This case shows that the power to share the respective places of the "principle" and of the "exception" always comes back to the judges. 

Full reference: Frison-Roche, M.-A., Conflict of interests & "revolving doors"​: what the European Ombudsman said in May 2020, the European Banking Authority agreed in August.Three lessons, Newsletter MAFR - Law, Compliance, Regulation, 7th of September 2020

Read by freely subscribing other news of the Newsletter MAFR - Law, Compliance, Regulation

Summary of the news: 

Supervision and regulation authorities' impartiality and independence are conditioned to the fact that their members do not have any conflict of interest with the sector that they supervise or regulate. Such an absence of conflict of interest is necessary to guarantee a climate of trust between the authority and operators. This supposes that regulation and supervision authority members do not cumulate functions of operator and of regulator/supervision during but also after their mandate in the regulation/supervision authority because the anticipation of a future hiring can influence present decisions. 

On 2nd of August 2019, the executive director of the European Banking Authority (EBA) informed the authority of its willingness to become PDG of the Association des marchés financiers en Europe, lobby of the financial sector. EBA approved this perspective. However, "Change Finance", a civil coalition, sized the European Mediator explaining that such a professional reorientation created an inevitable conflict of interest. The European Mediator reacted on 7th of May 2020 through a recommendation saying that although EBA took preventive measures, theses measures are not sufficient with regard to the risks. In this recommendation, the European Mediator also made some general propositions to manage future conflicts of interest:

• The interdiction for senior managers to have positions able to create a conflict of interest for two years.
• The information of senior managers and candidates to senior managers positions of the actual rules.
• The implementation of internal procedures blocking access to confidential information to the member who notified its willingness to occupy later a position able to constitute a conflict of interest with its current position. 

In a letter of 28th of August 2020, the president of EBA told to the European Mediator that he accepts these remarks and propositions. 

In this particular case, we can draw three lessons:

1. The difficult articulation between independence/impartiality (necessary for trust) and regulator/supervisor expertise. The European Mediator and the ABE are agree that the interdiction to get some positions must be limited in time.
2. The necessity that everyone can anticipate rules correctly.
3. The necessity to preserve legal security. 

Full reference: Frison-Roche, M.-A., Compliance & Regulatory Soft Law, legal Certainty and Cooperation: example of the U.S. Financial Crimes Enforcement Network new Guidelines on AML/FT, Newsletter MAFR - Law, Compliance, Regulation, 2nd of September 2020

Read by freely subscribing other news of the Newsletter MAFR - Law, Compliance, Regulation

Summary of the news

The Financial Crimes Enforcement Network (FinCEN) is an organ, depending on the American Treasury, in charge of fighting against financial criminality and especially against money laundering and terrorism financing. For this, it has large control and sanction powers. 

In August 2020, the FinCEN published a document untitled "Statement on Enforcement" which aimed to explicit its control and sanction methods. It reveals what firms risk in case of offense (from the simple warning letter to criminal pursuits passing through financial fines) and the different criteria on which FinCEN is based to use one sanction rather than another. Among these criteria, we find for examples the nature and the seriousness of committed violations or the firm's history but also the implementation of compliance program or the quality and the spread of the cooperation with FinCEN durning the investigation. 

One of the objectives of the publication of such an information document is to obtain the cooperation of firms by creating a confidence relationship between the regulator and the regulated firm. However, it is very difficult to ask to the firms to cooperate and to furnish information if they can fear that this same information can be used later as proof against them by the FinCEN. 

Another objective is to reinforce legal security and transparency. However, the FinCEN's declaration does not seem to commit it, because it is not presented as a chart but as a simple declaration. Indeed, the list of the possible sanctions and the criteria used by the FinCEN are far from being exhaustive and can be completed in concreto by the FinCEN without any justification.