Aug. 18, 2019
Aug. 14, 2019
probationary lesson of the decision of 4 July 2019 of the Sanctions Commission of the French Anti-Corruption Agency: the President of the Agency, a prosecuting body only bears the burden of allegation and the company must prove the execution of its Compliance obligation, presumed if it complies with the recommendations of the Agency
Compliance Law, like Regulatory Law, of which it is an extension, is an Ex Ante Law.
It translates into a set of obligations that companies must perform to ensure that harmful behavior does not occur, such as bribery, money laundering, pollution, etc.
This results in "structural" obligations, such as the establishment of a risk map, a third-party vigilance system, internal controls, the adoption of codes.
The practical question that arises is whether to punish a company, it is necessary but it is sufficient that the company has not adopted these structural measures, or if it is also necessary that within it or through the persons whom it must be accountable (through the corporate officers and the employees, but also the suppliers, the sub-contractors, the financed operators, etc.) there were behaviors that Compliance Law prohibits, for example corruption, money laundering, pollution, safety-related accident, etc.
The question is probative. Its practical stake is considerable.
Because to obtain the conviction the prosecuting authority will have to demonstrate not only a failure in the structural device but also a behavioral failure.
Si l'on considère que le Droit de la Compliance est à la fois sur l'Ex Ante et sur l'Ex Post, alors l'autorité de poursuite qui requiert une sanction doit démontrer qu'il y a un comportement reprochable (Ex Post) et qu'à cela correspond une défaillance structurelle (par exemple le compte bancaire anormal n'a pas été signalé) ; si l'on considère que le Droit de la Compliance est purement en Ex Ante, alors même s'il n'y a pas de comportement reprochable en Ex Post, la seule défaillance structurelle suffit pour que l'entreprise qui doit l'organiser en son sein soit sanctionné.
If we consider that Compliance Law is both on the Ex Ante and the Ex Post, then the prosecuting authority that requires a sanction must show that there is a reprehensible behavior (Ex Post ) and that this corresponds to a structural failure (for example the abnormal bank account has not been reported); if we consider that Compliance Law is purely Ex Ante, then even if there is no reprehensible behavior in Ex Post, the only structural failure is enough for the company to be sanctioned, even if it does its best efforts, even if no prohibited behavior will have accured in Ex Post.
The second system, which is much more repressive and places a considerable burden on companies, even if there is no proven illicit behavior, is that of French Law, probably because of a tendency towards Ex Ante organization. ..
Mais il faut garder mesure. Et cette mesure est probatoire.
But we must keep measure. And this measure is probative.
This is what the Commission des Sanctions of the Agence Française Anticorruption -AFA (French Anti-Corruption Agency's Sanctions Committee) has just said, in its decision of 4 July 2019, SAS S. et Madame C.,(written in French) contradicting the position of its director, who acted as the prosecuting authority. This is yet another general proof of the autonomy of the Sanctions Committee vis-à-vis to the Administrative Authority of which it is a part, and in relation to its director, who nevertheless governs it. But, jurisdictional model obliges, he has here the status of prosecuting authority, is subject to the regime of this one and not to the regime of head of the entity. Demonstration of the "functional autonomy" of the sanctioning bodies within the administrative regulatory and compliance authorities.
Indeed, this important decision expresses with precision and reason the distribution of the "burden of the allegation" and the "burden of proof" on the prosecuting body and on the company pursued, as well as the role of presumption that the recommendations issued by the French Anti-corruption Authority can play.
Read the analysis below.
Aug. 7, 2019
Aug. 5, 2019
Aug. 5, 2019
July 30, 2019
By its "Fashion ID" judgment of July 29, 2019, the Court of Justice of the European Union makes an obligation of co-compliance to the site which inserts an active emoticon Facebook: the intermingling of Compliance is reinforced by "the right to know "of the digital user
Europe is definitely the zone of the world in which the protection of persons is thought.
Elle le fait par des textes, dont le très fameux Réglement adopté en 2016 relative à la protection des personnes physiques à l'égard du traitement à caractère personnel et à la libre circulation de ces données, dit "RGPD", recopié par exemple en Californie par la loi du 12 juillet 2018, par des initiatives nationales, comme la prochaine loi française contre les discours de haine dans l'espace numérique, par de nombreuses études et rapports - le droit souple étant aussi importante que le Droit pénal en Droit de la Compliance, mais encore par des décisions de justice.
Europe does this by texts, including the very famous Regulation adopted in 2016 relating to the treatment of personal data for their free circulation and the protection of peope concerned by them ( known as General Data Protection Regulation - GDPR ), copied for example in California by the Act of 12 July 2018, by national initiatives, such as the next French law against hate speech in the digital space, by numerous studies and reports - Soft Law being as important as Criminal Law in Law of Compliance system -, but also by court decisions.
Indeed, judicial decisions were at the origin of the movement of the person protection, with the creation of a "right to be forgotten" by the 2014 Google Spain decision of the Court of Justice of the European Union.
The judgment of the CJEU on 29 July 2019, Fashion ID, is just as important. Like the previous one, it clearly settles an essential question: who must police consents in the digital space?
And the answer is: all the digital players who benefit from it.
As a result, there is an "intermesh" (on this notion which is the future of Compliance Law in the digital world, see Frison-Roche, M.-A., The contribution of Compliance Law in the Governance of Internet, 2019 ).
See below the analysis of the judgment.
June 28, 2019
It is often observed, even theorized, even advised and touted, that Compliance is a mechanism by which public authorities internalize political (eg environmental) concerns in big companies, which accept them, in Ex Ante, because they are rather in agreement with these "monumental goals" (eg saving the planet) and that this shared virtue is beneficial to their reputation. It is observed that this could be the most successful way in new configurations, such as digital.
But, and the Compliance Mechanism has often been brought closer to the contractual mechanism, this is only relevant if both parties are willing to do so. This is technically true, for example for the Deferred Prosecution, which requires explicit consent. This is true in a more general sense that the company wants to choose itself how to structure its organization to achieve the goals politically pursued by the State. Conversely, the compliance mechanisms work if the State is willing to admit the economic logic of the global private players and / or, if there are possible breaches, not to pursue its investigations and close the file it has opened, at a price more or less high.
But just say No.
As in contractual matters, the first freedom is negative and depends on the ability to say No.
The State can do it. But the company can do it too.
And Daimler just said No.
Publicly, including through an article in the Wall Street Journal of June 28, 2019.
The company sets out in a warning to the market that it is the object of a requirement on the part of the German Motor Authority (Kraftfahrt-Bundesamt) of an allegation of fraud, by the installation of a software, aimed at misleading instruments for measuring emissions of greenhouse gases on cars using diesel.
It is therefore an environmental compliance mechanism that would have been intentionally countered.
On this allegation, the Regulator both warns the company of what it considers to be a fact, ie compliance fraud, and attaches it to an immediate measure, namely the removal of the circulation of 42,000 vehicles sold or proposed by Daimler with such a device.
And the firm answers : "No".
Which is probably only beginning, since a No ends the dialogue of Ex Ante to project in the Ex Post sanction procedures, calls 6 observations:
June 25, 2019
The Irish Media Regulator has publicly participated in the public consultation on the furture legislations against the hate on the Internet: because it is Ireland which hosts the GAFA European headquarters, it proposes a national code , with European effects
Le 24 juin 2019, le Régulateur irlandais a publié un rapport visant à participer à la consultation publique lancée par le ministère de la Communication, portant à la fois sur la façon dont il convient de transposer la directive européenne sur les services audiovisuels et sur la perspective d'une loi nationale sur la "régulation des contenus dommageables sur les plateformes en ligne".
Pour le Régulateur, le rapprochement des deux actes législateurs offre une opportunité d'une régulation globale des "médias en ligne", offrant à l'internaute une "sécurité" que la simple transposition de la Directive ne permet pas. Ainsi la seconde loi complétera la première.
Pour le Régulateur, la loi nationale à adopter doit permettre au Régulateur de donner une pleine sécurité à l'internaute irlandais ("online safety"), en retirant les contenants violents ou dommageables (le terme harmful est difficile à traduire par un seul mot en français) et en l'avertissant à propos de ceux-ci.
Comme l'explicite le rapport (p.52) :
The BAI considers that the following four strategic objectives and responsibilities are relevant for an online safety regulator operating within the new media regulatory structure: • Rectifying serious harms occurring to Irish residents through their use of online services. • Ensuring that individuals and members of groups that are frequently subject to harmful online content can fully benefit from digital technology and social media. • Reducing online harms by introducing online safety rules for online platforms. • Promoting responsibility and awareness of online safety issues among the general population and industry. To fulfil these objectives and responsibilities, the BAI considers that the Online Safety Regulator could have the following three functions:
1. Operating a statutory mechanism to remove harmful online content that directly affects Irish residents (Rectification of Harm)
2. Developing and enforcing an online safety code for Irish-resident online platforms (Minimisation of the potential for Harm)
3. Promoting awareness of online safety issues among the public and industry (Preventing Harm). Ensuring that online services play a more effective role in tackling online safety issues can provide wide, “collective” benefits to large numbers of individuals simultaneously.
Visant expressément Youtube et Facebook, qui en Europe ont choisi de se localiser en Irland, le Régulateur demande une Régulation des plateformes de partage de vidéos qui doit, à travers un Code s'appliquant à eux, permettre de régir leur activité qui se déploie à travers toute l'Europe. Ce Code aurait vocation à rappeler en premier le principe de la libre expression. Tout en organiser la "sécurité en ligne" de l'internaute.
Le Régulateur irlandais des Médias sera en charge de cela. Et puisque les opérateurs sont localisés en Irlande, ses conceptions et ses actions auront donc un effet européen : comme le dit le Président de l'Autorité de Régulation lui-même : " This is a particularly important issue for this country, given that many of the majoar international platforms are based her. Ireland has a unique opportunity - and responsability - to lead the debate and chart the way forward in relation to online safety and regulation".
"to lead" ?
Il n'est pas certain que les autres régulateurs nationaux ni la Commission européenne partagent une telle conception irlando-centriste de la régulation euroréenne des médias.