The recent news

Full reference: Frison-Roche, M.-A., Due process and Personal Data Compliance Law: same rules, one Goal (CJEU, Order, October 29, 2020, Facebook Ireland Ltd v/ E.C.), Newsletter MAFR - Law, Compliance, Regulation, 1st of November 2020

Read by freely subscribing other news of the Newsletter MAFR - Law, Compliance, Regulation

Read Marie-Anne Frison-Roche's interview in Actu-juridiques about this decision (in French)

Summary of the news: 

As part of a procedure initiated for anti-competitive behaviors, the European Commission has three times requested, between the 13th of March and the 11th of November 2019, from Facebook the communication of information, reitarated in a decision in May 2020.  

Facebook contests it alleging that the requested documents would contain sensitive personal information that a transmission to the Commission would make accessible to a too broad number of observers, while "the documents requested under the contested decision were identified on the basis of wideranging search terms, (...) there is strong likelihood that many of those documents will not be necessary for the purposes of the Commission’s investigation". 

The contestation therefore evokes the violation of the principles of necessity and proportionality but also of due process because these probatory elements are collected without any protection and used afterwards. Moreover, Facebook invokes what would be the violation of a right to the respect of personal data of its employees whose the emails are transferred. 

The court reminds that the office of the judge is here constraint by the condition of emergency to adopt a temporary measure, acceptable by the way only if there is an imminent and irreversible damage. It underlines that public authorities benefit of a presumption of legality when they act and can obtain and use personal data since this is necessary to their function of public interest. Many allegations of Facebook are rejected as being hypothetical. 

But the Court analyzes the integrality of the evoked principles with regards with the very concrete case. But, crossing these principles and rights in question, the Court estimates that the European Commission did not respect the principle of necessity and proportionality concerning employees' very sensitive data, these demands broadening the circle of information without necessity and in a disproportionate way, since the information is very sensitive (like employees' health, political opinions of third parties, etc.). 

It is therefore appropriate to distinguish among the mass of required documents, for which the same guarantee must be given in a technique of communication than in a technic of inspection, those which are transferable without additional precaution and those which must be subject to an "alternative procedure" because of their nature of very sensitive personal data. 

This "alternative procedure" will take the shape of an examination of documents considered by Facebook as very sensitive and that it will communicate on a separate electronic support, by European Commission's agents, that we cannot a priori suspect to hijack law. This examination will take place in a "virtual data room" with Facebook's attorneys. In case of disagreement between Facebook and the investigators, the dispute could be solved by the director of information, communication and medias of the Directorate-General for Competition of the European Commission. 

___

We can draw three lessons from this ordinance: 

1. This decision shows that Procedural Law and Compliance Law are not opposed. Some often say that Compliance guarantees the efficacy and that Procedure guarantees fundamental rights, the protection of the one must result in the diminution of the guarantee of the other. It is false. As this decision shows it, through the key notion of sensitive personal data protection (heart of Compliance Law) and the care for procedure (equivalence between communication and inspection procedures; contradictory organization of the examination of sensitive personal data), we see once again that two branches of Law express the same care, have the same objective: protecting people. 
2. The judge is able to immediately find an operational solution, proposing "an alternative procedure" axed around the principle of contradictory and conciliating Commision's and Facebook's interests has shown that it was able to bring alternative solutions to the one it suspends the execution, appropriate solution to the situation and which equilibrate the interest of both parties. 
3. The best Ex Ante is the one which anticipate the Ex Post by the pre-constitution of evidence. Thus the firm must be able to prove later the concern that it had for human rights, here of employees, to not being exposed to sanctioning pubic authorities. This Ex Ante probatory culture is required not only from firms but also from public authorities which also have to give justification of their action. 

__________

Full reference: Frison-Roche, M.-A., From Competition Law to Compliance Law: example of French Competition Authority decision on central purchasing body in Mass Distribution, Newsletter MAFR - Law, Compliance, Regulation, 27th of October 2020

Read by freely subscribing the other news of the Newsletter MAFR - Law, Compliance

_____

Summary of the news: Through its decision of 22nd of October 2020, the Autorité de la concurrence (French Competition Authority) accepted the commitments proposed by retail sector's firms Casino, Auchan, Metro and Schiever so that their agreement by which a common body centralizes purchases from numerous retailers, allowing each to offer these products under private label, is admissible with regard to competitive requirements. 

In this particular case, the Authority had self-sized in July 2018, estimating that such a purchase center could harm competition, opening immediately a large consultation on the terms of the contract. In October 2018, the law Egalim permitted to the Authority to take temporary measures to suspend such a contract, what the Authority did from September. 

The convention parties' firms committed on the one hand to update their contract limiting the power on suppliers, especially small and very small suppliers, excluding totally of the field of the contract some kind of products, especially food products and reducing the share of bought products volume dedicated to their transformation in distributor brand. 

The Autorité de la concurrence accepts this proposal of commitments, congratulates itself of the protection of small suppliers operating like that and observe the similarity with the contract consisting in a purchase center between Carrefour and Tesco, which will be examined soon. 

_____

We can draw three lessons of this innovating decision, which could be a model for after: 

1. The technique of Compliance Law permits to the Autorité de la concurrence to find a reasonable solution for the future. 

• Indeed, rather than punishing much later by a simple fine or to annihilate the performing mechanism of the purchase center, the Authority obtains contract modifications. 
• The contract is structured and the obtained modifications are also structural. 
• The commitments are an Ex Ante technique, imposed to operators, for the future, in an equilibrium between competition, operators and consumers protection and the efficacy of the coordination between powerful operators. 
• The nomination of a monitor permits to build the future of the sector, thanks to the Ex Ante nature of Compliance Law. 

2. The retail sector finally regulated by Compliance technics.

• "Distribution law" always struggle to find its place, between Competition law and Contract Law, especially because we cannot consider it as a common "sector". 
• The Conseil constitutionnel (French constitutional court) refused a structural injunction power to the authority because it was contrary to business freedom and without any doubt ethics of business is not sufficient to the equilibrium of the sector.
• Through commitments given against a stop of pursuits relying on structuring contracts, it is by Compliance law that a Regulation law free of the condition of existence of a sector could leave.

3. The political nature of Compliance law in the retail sector

• As for digital space, which is not a sector, Compliance law can directly impose to actors imperatives that are strangers to them. 
• In the digital space, the care for fighting against Hate and for protecting private life; here the care for small and very small suppliers. 

___________

See in counterpoints the pursuit of a contentious procedure against Sony, whose the proposals of commitments, made after a public consultation, were not found satisfying.

To go further, on the question of Compliance law permitting through indirect way the rewriting by the Conseil of a structuring contract (linking a platform created by the State to centralize health data with an American firm subsidy to manage them).

Like the previous cycles devoted to the general theme of Compliance and aiming to build a "Compliance Law", intended like them to be published in the Regulations & Compliance collection, this cycle addresses a particular aspect of this branch of Law in progress. to develop. "Compliance tools" having been the subject of the previous cycle of conferences and showing judges, lawyers, jurisdictions, this new cycle addresses a new phenomenon in Compliance: La juridictionnalisation de la Compliance (The jurisdictionalisation of Compliance).

It will take place in parallel with the series of conferences on the theme: Les buts monumental de la Compliance (The monumental goals of Compliance).

There have always been judges and lawyers in Compliance Law, in particular because this is the extension of Regulatory Law in which they have a full place. This results from the fact that the decisions taken in respect of Compliance are contestable in court, those issued by the company, such as those of States or Authorities. The novelty lies more in the phenomenon of "legalization", that is to say that the jurisdictional model penetrates all Compliance Law, and not only the Ex Post part that this includes. Furthermore, it seems that this jurisdictionalization influences the non-legal dimension of Compliance. This movement has effects that must be measured and causes that must be understood. Advantages and disadvantages that must be balanced. If only to form an opinion on this "juridictionalization of Compliance".

📅 Inaugural colloquium:  Compliance jurisdictionalisation: why? Who? How? Where? and Toward What? , organized by the JoRC under the scientific direction of Marie-Anne Frison-Roche : read more information here

📅 Colloquium of March 31, 2021 :  Arbitration and Compliance, co-organized by the JoRC and Paris II University, under the scientific direction of Marie-Anne Frison-Roche and Jean-Baptiste Racine : read more information here

📅 Colloquium of June 23, 2021 : The firm instituted as Court by Compliance Law, co-organized by the JoRC and the équipe de recherche Louis Josserand of Lyon 3 University, under the scientific direction of Marie-Anne Frison-Roche and Jean-Christophe Roda : read more information here 

📅 Colloquium of September 23, 2021 :  Which judges for Compliance? , co-organized by the JoRC and the CR2D of Paris-Dauphine University, under the scientific direction of Marie-Anne Frison-Roche and  Sophie Schiller : read more information here

​

📅 Colloquium of October 2021 :  Compliance Law, crucible between American Procedure Law and Procedure Law, co-organized by the JoRC and the Brussels University, under the scientific direction of Marie-Anne Frison-Roche and Arnaud van Waeyenberge: read more information here

Technical registration modes are specific to each colloquium. 

The Journal of Regulation & Compliance (JoRC) benefits from the partnership of : 

🏫 L’École d’Affaires Publiques de Sciences Po,

🏫 Le Département d’Économie de Sciences Po,

🏫 L' École de Droit de l'Université Panthéon-Sorbonne (Paris I),

🏫 L’École doctorale de Droit privé de l'Université Panthéon-Assas (Paris 2),

🏫 La Faculté de droit et de sciences politiques de l'Université de Montpellier

🏫 Le Centre Perelman de l'Université Libre de Bruxelles,

🏫 Le GREDEG de l'Université de Nice,

🏫 La Fédération de recherche "L'Europe en mutation" de l'Université de Strasbourg

🏫 Le Centre Louis Josserand de la Faculté de Droit de Lyon III.

🏫 La Faculté de droit et de sciences politiques de l'Université de Toulouse-I-Capitole,

🏫 L'école de droit de l'Université de Clermont-Ferrand.

🏫 Le centre de recherche Droit-Dauphine de l'Université Paris-Dauphine

🏫 L'École des hautes études commerciales de Paris (HEC Paris)

The cycle is supported by :

• La Chambre de Commerce et d'Industrie de Paris.
• L'Ecole de Formation du Barreau de Paris.

Full reference: Frison-Roche, M.-A., Conditions for the legality of a platform managed by an American company hosting European health data​: French Conseil d'Etat decision, Newsletter MAFR - Law, Compliance, Regulation, 19th of October 2020

Read by freely subscribing the other news of the Newsletter MAFR - Law, Compliance, Regulation

___

News Summary: In its ordinance of 13th of October 2020, Conseil national du logiciel libre (called Health Data Hub), the Conseil d'Etat (French Administrative Supreme Court) has determined the legal rules governing the possibility to give the management of sensitive data on a platform to a non-europeans firm, through the specific case of the decree and of the contract by which the management of the platform centralizing health data to fight against Covid-19 has been given to the Irish subsidiary of an American firm, Microsoft. 

The Conseil d'Etat used firstly CJEU case law, especially the decision of 16th of July 2020, called Schrems 2, in the light of which it was interpreted and French Law and the contract linking GIP and

The Conseil d'Etat concluded that it was not possible to transfer this data to United-Sates, that the contract could be only interpreted like this and that decree and contract's modifications secured this. But it observed that the risk of obtention by American public authorities was remaining. 

Because public order requires the maintenance of this platform and that it does not exist for the moment other technical solution, the Conseil d'Etat maintained the principle of its management by Microsoft, until a European operator is found. During this, the control by the CNIL (French Data Regulator), whose the observations has been taken into consideration, will be operated. 

We can retain three lessons from this great decision:

• There is a perfect continuum between Ex Ante and Ex Post, because by a referred, the Conseil d'Etat succeed in obtaining an update of the decree, a modification of the contractual clauses by Microsoft and of the words of the Minister in order to, as soon as possible, the platform is managed by an European operator. Thus, because it is Compliance Law, the relevant time of the judge is the future. 
• The Conseil d'Etat put the protection of people at the heart of its reasoning, what is compliant to the definition of Compliance Law. It succeeded to solve the dilemma: either protecting people thanks to the person to fight against the virus, or protecting people by preventing the centralization of data and their captation by American public authorities. Through a "political" decision, that is an action for the future, the Conseil found a provisional solution to protect people against the disease and against the dispossession of their data, requiring that an European solution is found. 
• The Conseil d'Etat emphasized the Court of Justice of The European Union as the alpha and omega of Compliance Law. By interpreting the contract between a GIP (Public interest Group) and an Irish subsidy of an American group only with regards to the case law of the Court of Justice of European Union, the Conseil d'Etat shows that sovereign Europe of Data can be built. And that courts are at the heart of this. 

___________

Read the interview given on this Ordinance Health Data Hub

To go further about the question of Compliance Law concerning health data protection, read the news of 25th of August 2020: The always in expansion "Right to be Forgotten"​: a legitimate Oxymore in Compliance Law built on Information. Example of​ Cancer Survivors Protection 

Like the previous cycles devoted to the general theme of Compliance and aiming to build a "Compliance Law", intended like them to be published in the Regulations & Compliance collection, this cycle addresses a particular aspect of this branch of Law in progress. to develop, which was applied even before it was conceived. The Compliance mechanisms having preceded the conceptualization of this way of doing things, the "Compliance Tools" having been the subject of the previous cycle of conferences, this new cycle addresses what characterizes Compliance : Les  buts monumentaux de la Compliance (Monumental Goals of Compliance) .

This cycle of scientific manifestation will take place in parallel with the cycle of conferences on the theme of  La juridictionnalisation de la Compliance (Juridictionalisation of Compliance)

.

The notion of "monumental goals" was proposed in 2016!footnote-139. It is central in the compliance mechanisms in that they can only claim to constrain and cost those in which they are inserted in that they tend to achieve goals whose substantial quality is to be "monumental" . This notion is not self-evident, having to be justified, detailed, put into perspective and concretely illustrated, a series of conferences organized by numerous universities is therefore devoted to it.  

These various conferences will be held in several places, according to the part taken by the various university structures which bring their support to the Journal of Regulation & Compliance (JoRC) for the realization of the cycle. This will result in two collective books, one in French: Les buts monumental de la Compliance, the other in English: Compliance Monumental Goals.

This cycle of colloquia Compliance Monumental Goals will take place between April 2021 and November 2021.

📅 Colloquium of May 17, 2021: Public norms and Compliance in time of crisis: monumental goals put to a test, co-organized by the Journal of Regulation & Compliance (JoRC) and the Montpellier University Law School, under the scientific direction of Marie-Anne Frison-Roche, Pascale Idoux, Antoine Oumedjkane and Adrien Tehrani: more information about this manifestation here

📅 Colloquium of September 16, 2021, Compliance Monumental Goals: Radioscopy of a Notion, co-organised by the Journal of Regulation & Compliance (JoRC) and Saclay University, under the scientific direction of Christophe André, Marie-Anne Frison-Roche, Marie Malaurie and Benoît Petit  : more information about this manifestation here

📅 Colloquium of October 14, 2021: Compliance and Proportionality, co-organised by the Journal of Regulation & Compliance (JoRC) and the IDETCOM of Toulouse University, under the scientific direction of Marie-Anne Frison-Roche and Lucien Rapp: more information about this manifestation here

📅 Colloquium of November 4, 2021: Effectivity of Compliance and international competitiveness, co-organized by the Journal of Regulation & Compliance (JoRC) and the Centre de recherches en Economie et Droit de l'Université Paris II, under the scientific direction of Laurent Benzoni, Bruno Deffains and Marie-Anne Frison-Roche: more information about this manifestation here 

The technical modes of registration are specific to each colloquium. 

The Journal of Regulation & Compliance (JoRC) benefits from the partnership of : 

🏫 L’École d’Affaires Publiques de Sciences Po,

🏫 Le Département d’Économie de Sciences Po,

🏫 L' École de Droit de l'Université Panthéon-Sorbonne (Paris I),

🏫 L’École doctorale de Droit privé de l'Université Panthéon-Assas (Paris 2),

🏫 La Faculté de droit et de sciences politiques de l'Université de Montpellier

🏫 Le Centre Perelman de l'Université Libre de Bruxelles,

🏫 Le GREDEG de l'Université de Nice,

🏫 La Fédération de recherche "L'Europe en mutation" de l'Université de Strasbourg

🏫 Le Centre Louis Josserand de la Faculté de Droit de Lyon III.

🏫 La Faculté de droit et de sciences politiques de l'Université de Toulouse-I-Capitole,

🏫 L'école de droit de l'Université de Clermont-Ferrand.

🏫 Le centre de recherche Droit-Dauphine de l'Université Paris-Dauphine

🏫 L'École des hautes études commerciales de Paris (HEC Paris)

The cycle is supported by :

• La Chambre de Commerce et d'Industrie de Paris.
• L'Ecole de Formation du Barreau de Paris.