Search results (1694 cards)

Advanced search

Full reference: Frison-Roche, M.-A., Regulation, Compliance & Cinema: learning about Internet Regulation with the series "Criminals"​, Newsletter MAFR - Law, Compliance, Regulation, 21st of September 2020

Read by freely subscribing other news of the Newsletter MAFR - Law, Compliance, Regulation

Summary of the news: 

Season 2 Episode 3 of the British version of the series "Criminals" features the character of Danielle. Danielle is a mother which has decided to hunt down pedophiles on social networks in order to trap them and show to the world their acts. Danielle insists on the efficiency of her action with regard to the police and justice that she finds unproductive. In the episode, Danielle is accused of defamation by the police. While policemen try to explain to Danielle the importance of using a regular procedure and to respect the Rule of Law aiming to prove its accusations, she makes efficiency her only principle. According to her, her methods get results (on the contrary of those used by the police which respect procedures) and those she accuses to be pedophiles do not deserve defense rights. 

We can learn three lessons from Danielle's story: 

1. If Compliance Law is just a process of application of mechanical rules, then Rule of Law is not salient face to the principle of efficiency. But, if Compliance Law is defined by its "monumental goals" and that the respect of Rule of Law is erected in "monumental goal", then efficiency and Rule of Law become compatible and congruent. 
2. The digital space must be disciplined by crucial digital firms supervised by public authorities, like in France or Germany for hate speeches and disinformation. 
3. Compliance Law, and Law in general, must be pedagogue towards individuals as Danielle which do not understand why their behaviors are reproachable. 

Full reference : Frison-Roche, M.-A., The practical utility to have a firm definition of "Compliance", Newsletter MAFR - Law, Compliance, Regulation, 10th of August 2020.

Read by subscribing the other news in the Newsletter MAFR - Law, Compliance, Regulation

Summary of the news

Some says that defining Compliance is a theoretical and non useful exercice that should be left aside to tackle the study of concrete technical cases. However, to be able to use Compliance tools, it is first necessary to have a clear, firm and simple idea of what is Compliance. Moreover, the future of this new branch of law intensely depends on the definition we choose to use. 

Compliance Law gives to some crucial private firms new responsibilities such as the one to fight against global dangers or the one of saving the planet. In this, Compliance Law can be perceived as a kind of new deal between the private sector and public authorities, with the only difference that this time the consent of the private sector is not required.

Some would say that the concretization of such projects is the duty of the State and that private firms, if they must respect the rules, do not have to find a way to concretize a "monumental goal". However, the world face new and systemic dangers in the face of which the State alone is powerless, technically or geographically, and against which crucial companies can act.

It is not about, as some advocate to put human being aside of Compliance Law by letting machines decide. It is about placing the human being and its protection at the heart of Compliance Law. In this, Compliance Law can become a new humanism. 

To go further, read Marie-Anne Frison-Roche's working paper, The Dreamed Compliance Law 

Full reference: Frison-Roche, M.-A., "Interregulation"​ between Payments System and Personal Data Protection: how to organize this "interplay"​?, Newsletter MAFR - Law, Compliance, Regulation, 27th of August 2020

Read by freely subscribing the other news of the Newsletter MAFR - Law, Compliance, Regulation

Summary of the news

Regulation Law, in order to recognize and draw the consequences from the specificities of some objects, has been build, at the start, around the notion of "technical sector" although their delimitation is partially related to a political choice. But, in facts, there are multiple points of contacts between sectors, actors moving from one to another as objects. The regulatory solution is so to climb over some technical borders through the methodology of interregulation which is by the way the only one to enable the regulation of some phenomena going beyond the notion of sector and related to Compliance Law. 

This news takes the exemple of companies furnishing new payment services. In order to they can provide these services, these firms needs to access to banking accounts of concerned people and so to very sensitive personal data. Regulation of such a configuration needs a cooperation between the banking regulator and the personal data regulator. Legislation being not sufficient to organize in Ex Ante this interregulation, the European Data Protection Board has published some guidelines on 17th of July 2020 about the way it conceives the articulation between the PSD2 (European directive about payment services) and GDPR and has announced that it intended to expand the circle of its interlocutors to do this interregulation. Such an initiative from EDPB can be justified by the uncertainty  about how interpreting both texts and articulating them.   

Full reference: Frison-Roche, M.-A., When Compliance Law is violated, does the "right to be (re)compensated"​ exist, and must it be encouraged or not? - The Marriott case, Newsletter MAFR - Law, Compliance, Regulation, 20th of August 2020

Read by freely subscribing the other news of the Newsletter MAFR - Law, Compliance, Regulation

Summary of the news

In August 2020, Marriott International, online hotel room booking platform, has be sued before an English court by a consulting firm through a "class action" technic. The firm ask to Marriott International compensates the clients whose personal data jas been hacked while Marriott International which was in charge of this data, did not implement all it could to protect these data. According to the plaintiff firm, making the online platform responsible in Ex Ante of the clients' data security and constraint it to compensate injured clients in case of failure is a more important incentive for the firm to do its best to protect this data than a simple fine.    

Many similar actions are ongoing, especially during English Courts where the practice of "class action" is more developed. The question is therefore to know whether it is interesting to encourage the development of this kind of process in France. Concretly, a substantial subjective right (here the right to have its data protected) exists only if it is accompanied by a procedural right to size the judge in order to he or she activates it. The right to ask for a compensation in case of violation of these Compliance obligations but also is therefore not only a strong incentive for firms but also a condition of effectivity of these same obligations, knowing that the effectivity is the major care of Compliance Law.