In June 2019, President Donald Trump suggested the European Union’s (EU) suits against certain American companies, such as Facebook and Google, were inappropriate legal actions.<fn>Trump Suggests EU out of line with suits against US tech firms, Bus. Ins. (June 26, 2019), []</fn> Specifically, President Trump suggested the EU legal sanctions were hateful acts, which “make it almost impossible to do two-way business [with the European Union].”<fn>Id.</fn> It is clear that when these statements were made, President Trump thought of the hefty fines levied against some U.S. technology companies for antitrust violations, principally against Google<fn>The EU fined Google €1.49 billion for illegal misuse of its dominant position in the market and for shielding itself from competitive pressure through anti-competitive contractual restrictions in violation of Article 102 of the Treaty on the Functioning of the European Union and Article 54 of the Agreement on the European Economic Area. See Consolidated Version of the Treaty on the Functioning of the European Union art. 102, May 9, 2008, 2008 O.J. (C 115) 51 [hereinafter TFEU]; see Agreement on the European Economic Area, 1994 O.J. (L 1) 54 ; European Commission Press Release IP/19/1770, Antitrust: Commission Fines Google €1.49 Billion For Abusive Practices In Online Advertising (Mar. 20, 2019).</fn> and Apple.<fn>Commission Decision 2017/1283 of Aug. 30, 2016 State Aid Implemented by Ireland to Apple, O.J. (L 187) 109 ¶ 452 (The EU Commission found that Ireland unlawfully granted state aid to Apple in violation of Article 108(3) of TFEU); see TFEU art. 108(3) (providing that member states may not implement new State aid measures without the Commission’s approval); European Commission Press Release IP/16/2923, State Aid: Ireland Gave Illegal Tax Benefits To Apple Worth Up To €13 Billion (Aug. 30, 2016); European Commission Press Release IP/17/3702, State Aid: Commission Refers Ireland to Court for Failure to Recover Tax Benefits From Apple Worth Up to €13 billion (Oct. 3, 2017).</fn>

In parallel, extraterritorial<fn>The operation of laws outside the boundary of a state or country. Extraterritoriality, Black’s Law Dictionary (11th ed. 2019).</fn> privacy laws in Europe and in the United States are increasingly being enforced. In Europe, the General Data Protection Regulation (GDPR) “governs how personal data must be collected, processed, and erased.”<fn>Everything you need to know about the “Right to be forgotten,” GDPR.EU, (last visited Nov. 22, 2019) [].</fn> Within the GDPR, the “Right To Be Forgotten” allows individuals with the right to request organizations to delete their personal data.<fn>Regulation 2016/679, of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Council Directive 95/46/EC, art. 17(65)-(66) 2016 O.J. (L 119) [hereinafter GDPR].</fn> Meanwhile, in the United States, the Clarifying Lawful Overseas Use of Data Act (CLOUD Act) permits federal law to compel U.S.-based technology companies to surrender data or information stored on servers beyond its borders. The CLOUD Act compels technology companies to surrender the data requested within or outside of the United States.<fn>CLOUD Act, H.R. Res. 4943, 115th Cong. § 2713 (2018) [hereinafter CLOUD Act].</fn>Furthermore, the U.S. government has taken substantial steps in furtherance of legal extraterritoriality. The latest “extraterritorial strategy” employed by the United States includes the United States-Mexico-Canada Agreement (USMCA) and the Communication Decency Act (CDA). First, the USMCA includes immunity provisions on digital trade applicable to the United States, Mexico, and Canada by proscribing fraudulent and deceptive commercial activities that cause harm or potential harm to consumers engaged in online commercial activities.<fn> U.S.-Mex.-Can. Agreement art. 19.7, Nov. 30, 2018.</fn> Second, Section 230 of the Communication Decency Act (CDA) provides broad-based immunity to online service providers for third-party content.<fn>47 U.S.C. § 230 (2012)</fn> Through these laws, nations are readily attempting to implement technology-based laws in order to protect individuals, both domestically and abroad, leading to a new stage of legal extraterritoriality. It may even be said that the war of legal extraterritoriality has taken a second step.

Against this backdrop in extraterritoriality, French Prime Minister Edouard Philippe ordered a parliamentary report, the “Restore the Sovereignty of France and Europe and Protect out Companies from Laws and Measures with Extraterritorial Scope” report (Report), calling into question the extraterritorial application of American laws to French companies and their effects.<fn>Assemblée Nationale [National Assembly], Rétablir la souveraineté de la France et de l’Europe et protéger nos entreprises des lois et mesures à portée extraterritoriale [Restore the Sovereignty of France and Europe and Protect our Companies from Laws and Measures with Extraterritorial Scope], June 29, 2019, p.3 (Fr.) [hereinafter Report]; Joseph Smallhoover, The Publication Of The Gauvain Report On The Protection of French Companies Against Extraterritorial Laws and Measures, Lexology (July 8, 2019), [].</fn> The title and introduction of the Report reveal its findings and conclusions, which state in part:

The United States of America has drawn the entire world into an era of judicial protectionism. The rule of law has always served as an instrument of regulation, but it has now become a weapon of destruction in the economic warfare waged by the United States against the rest of the world including its traditional European allies….
Since the end of the 1990s, we have witnessed a proliferation of laws extending extraterritorial reach, mainly American laws, enabling the authorities of the most powerful country, to investigate, prosecute, and convict, based on different laws (corruption, money laundering, international sanctions, etc.), business practices of business entities or individuals from all over the world.<fn>Report, supra note 11, at 3 (original in French).</fn>

In light of this Report, this article summarizes and critiques some of its salient findings and recommendations. In part I discusses the Report’s unknowing connection to the opinion and judgment in Case C-507/17, Google LLC v. CNIL, 2019 E.C.R. 15 and a discussion on extraterritorial reach. Part II generally discusses the Report’s proposals to extent legal privilege to in-house counsels working for companies in France and the proposed amendment to the 1968 Blocking Statute, which prohibits a French party from requesting, seeking, or disclosing commercial information to establish evidence in foreign litigation. Part III discusses the flaws in extraterritorial reach in light of conflicts between Mutual Legal Assistance Treaties and the 1968 Blocking Statute. Part IV finds the possible conflicts from the extraterritorial laws from the United States and its processes. Part V discusses the new E-Evidence Regulation between Member States in the EU, a regulation similar to the United States’ own CLOUD Act. Part VI finds the recent developments in France regarding the access of data and hate speech on the internet. Finally, Part VII discusses the specific proposals in the Report, existing flaws, possible outcomes, and recommended avenues to accomplish the extraterritorial law goals in France.

I. Unknowing Connection Between the Gauvain Report and Google v. CNIL

It is interesting, and perhaps not entirely coincidental, that the Report was released after the Advocate General’s Opinion in the case opposing Google to the French National Commission for Information Technology and Civil Liberties (CNIL).<fn>Case C-507/17, Google LLC v. CNIL, 2019 E.C.R. 15 [hereinafter Google Opinion].</fn> Pursuant to the “Right to Be Forgotten” under the GDPR, the CNIL ordered Google to remove links from the results of its search engine’s domain extensions, worldwide, when responding to an individual’s request to have her personal data no longer be displayed by search engines with that individual’s name.<fn>Id. at ¶ 18.</fn> Google refused to comply with the CNIL’s notice, and it limited the removal of results to domain names only in the EU,<fn>Id. at ¶ 19</fn> in addition to proposing a “geo-blocking” technique.<fn>Id. at ¶ 20.</fn> According to Google, the “geo-blocking” technique would prevent an Internet user with an IP address in an EU Member State from accessing the links outside the EU (i.e., those not removed).<fn>Id.</fn> The CNIL found Google’s actions and proposals to be inadequate and made after the deadline imposed, and it therefore fined Google €100,000.<fn>Google Opinion, supra note 13, at ¶¶ 20, 21.</fn> Google appealed the decision before France’s Council of State, which referred the questions relating to the territorial scope of The Right to Be Forgotten to the Court of Justice of the European Communities (CJEU).<fn>Press Release No. 2/19, Case C-507/17, Google v. CNIL (Jan. 10, 2019).</fn>

In January 2019, the Advocate General of the CJEU concluded that search engine operators (such as Google) are not required to carry out the removal of links on all domain names of their search engines.<fn>Google Opinion, supra note 13, at ¶ 63.</fn> Rather, search engine operators should be required to remove the links from results from a search within the EU.<fn>Id. at ¶ 78.</fn> The Advocate General stressed that search engine operators are to take appropriate steps in order to assure the removal of the links requested by an individual within the EU.<fn>Id. at ¶ 79(2).</fn>

In other words, the Advocate General recommended that the reach of a European Member State’s adjudicatory powers (i.e., blocking, take down, or delinking decisions) should be limited to the territory covered by the European Union, which could be achieved through the use of IP address geolocalization. The decision explained that this limitation could be achieved by using IP address geolocalization.<fn>In September 2019, the EUCJ delivered its judgment to the Advocate General’s opinion from January. Case C-507/17, Google LLC v. CNIL, 2019 E.C.R. 772 [hereinafter Google Judgment]. The EUCJ’s judgment concluded that there is no obligation under EU law for a search engine operator to carry out a de-referencing request at the global level, but only within the territory of the EU itself.  Id. at ¶ 64. The EUCJ’s judgment explained that each individual Member State may decide whether or not to carry out a de-referencing request extraterritoriality by balancing the individual’s privacy and fundamental rights against the freedom of information. Id. at ¶ 67. For a summary of the EUCJ’s judgment, see Press Release, supra note 19.</fn>

This limitation of extraterritorial reach may or may not make sense under international law. Yet, even without a reference to the Advocate General’s opinion from January 2019, the Report is consistent with its recommendations.<fn>While the Report did not reference the Advocate General’s opinion from January 2019, the EUCJ did apply the EUCJ’s conclusions from the Google Judgment in September 2019 in the Eva Glawischinig-Piesczek v. Facebook Ireland Limited EUCJ’s judgment in October 2019. Case C-18/18, Eva Glawischinig-Piesczek v. Facebook Ireland Limited, 2019 E.C.R. 821. A member of the Austrian Parliament requested Facebook Ireland to remove a defamatory and offensive comment by a user. Id. at ¶ 13. The EUCJ held that EU law does not preclude a host provider from (1) being ordered to remove content that is identical or equivalent to content previously declared to be illegal or (2) being ordered to remove information covered by an injunction at a worldwide level, based on relevant international law and the laws of the member State that bring about the action. Id. at ¶ 55. For a summary of the Advocate General’s opinion, see Press Release No. 128/19, Case C-18/18, Eva Glawischinig-Piesczek v. Facebook Ireland Limited (Oct. 3, 2019).</fn>

II. The Gauvain Report’s Proposals: Legal Privilege for In-House Counsels and Amendment of the 1968 Blocking Statute

According to the Report, deployment of legal extraterritoriality in the interest of domestic business and political influence is not new.<fn>Report, supra note 11, at 25.</fn> Rather, legal extraterritoriality dates back at least to the early Cuban crisis and the sanctions imposed under the Helms-Burton Act<fn>Cuban Liberty and Democratic Solidarity (Libertad) Act of 1996 (Helms-Burton Act), 22 U.S.C. §§ 6021–6091 (2019); Report, supra note 11, at 25.</fn> and the Iran and Libya Sanctions Act (D’Amato-Kennedy Act).<fn>Iran and Libya Sanctions Act of 1996 (D’Amato-Kennedy Act), Pub. L. No. 104-172, 110 Stat. 1541 (1996); Report, supra note 11, at 25.</fn> However, the current administration seems to use extraterritorial regulation more intensively and strategically than its predecessors.

After the adoption of the Helms-Burton and the D’Amato-Kennedy Acts in the United States, the EU also legislated. In 1996, the EU adopted a Council Regulation addressing the protection against extraterritorial laws adopted by a third country.<fn>Council Regulation 2271/96, 1996 O.J. (L 309) (EC).</fn> With the EU’s regulation in mind, the Report makes two specific proposals aimed at the protection of French companies.<fn>Report, supra note 11, at 45; see also Michael Thaidigsmann, France Moves to Protect Confidentiality of Legal Advice by in-House Counsel, In House Legal (June 28, 2019), [].</fn> The Report proposes a heightened legal privilege for in-house counsels.<fn>Cf. Report, supra note 11, at 5, 45, 55-62.</fn> Moreover, the Report proposes the modernization of the 1968 law, often referred to as the Blocking Statute, by strengthening it through penalty increases and by prohibiting the disclosure of certain categories of information to foreign states or foreign law enforcement.<fn>Cf. id. at 45, 67-71.</fn>

III. The Flaws Between the Mutual Legal Assistance Treaty and the French Blocking Statute

The Report supports its recommendations with several arguments. First, the Report recommends updating and strengthening the 1968 Blocking Statute by addressing issues between the United States and France regarding the Mutual Legal Assistance Treaty (MLAT).<fn>Treaty with France on Mutual Legal Assistance in Criminal Matters, U.S.-Fra., Dec. 10, 1998, S. Treaty Doc. No. 106-17 (2000) [hereinafter MLAT]; Report, supra note 11, at 67. Mutual Legal Assistance occurs when one country, for instance France, requests evidence held in another country, for instance the United States, for criminal prosecution, pursuant to a Mutual Legal Assistance Treaty (MLAT). Peter Swire, et. Al., A Mutual Legal Assistance Case Study: The United States and France, 34 Wis. Inst’l L. J. 323, 324 (2016).</fn> The Blocking Statute prohibits a French party from requesting, seeking, or disclosing commercial information to establish evidence in foreign litigation.<fn>Loi 68-678 du 26 juillet 1968 relative a la communication de documents et renseignements d’ordre economique, commercial, industriel, financier ou technique a des peronnes physiques ou morales etrangeres [Law of 68-678 of July 26, 1968, on the Communication of Documents and Information of an Economic, Commercial, Industrial, Financial or Technical Nature to Foreign Natural or Legal Persons], Journal Officiel de la République Française [J.O.] [Official Gazette of France], July 26, 1968, 1 [hereinafter Blocking Statute].</fn> However, this is not a complete block. A French party may request or disclose commercial information related to foreign litigation through an existing treaty, such as the Hague Convention<fn>Convention on the Taking of Evidence Abroad in Civil or Commercial Matters, Mar. 18, 1970, 23 U.S.T. 2555 [hereinafter Hague Convention].</fn> or the United States-France MLAT.<fn>See Blocking Statute, supra note 33 (subjecting the request or disclosure of commercial information to treaties).</fn> However, the Blocking Statute is almost never enforced in discovery proceedings.<fn>Report, supra note 11, at 51−52.</fn> Consequently, foreign countries, including the United States, do not see the Blocking Statute as a valid reason for France to not comply with evidence requests without recourse to the more burdensome MLA channels.<fn>Report, supra note 11, at 52</fn>

The Report provides data of French and American evidence requests through the MLAT.<fn>Report, supra note 11, at 34 (table 5).</fn> Between 2014 and 2018, the United States has made considerably less requests for evidence in criminal matters to parties located in France.<fn>Id.</fn> These differences in requests between the United States and France, in conjunction with the American advantage to utilize its own procedures for obtaining evidence, lead to the conclusion that most evidence requests occur outside the MLAT, and come directly from the U.S. government to companies in France, thus completely circumventing the French government.<fn>Id.</fn> Therefore, the Report concludes that the current Blocking Statute is a roadblock to French companies because they are faced with the choice of whether they should comply with the evidence request process of the foreign country—opening the door to prosecution in France—, or with the Blocking Statute, thus failing to properly comply and carry the legal issue in the foreign country’s jurisdiction.<fn>Cf. id. at 67. </fn>

Furthermore, the Report refers to the number of U.S. boycott or embargo laws and executive orders with extraterritorial effect. After the Helms-Burton Act, the D’Amato-Kennedy Act, and the attacks from September 11, 2001, a new era started during which the United States developed sanction programs with extraterritorial effects.<fn>Id. at 20.</fn> As of December 1, 2018, the Office of Foreign Assets Control (OFAC) from the U.S. Department of Treasury has actively imposed thirty unilateral sanctions with extraterritorial effects under a broad interpretation of “nexus,” specifically by the Foreign Corrupt Practices Act (FCPA).<fn>Id. at 14, 20-21 (table 2); see Foreign Corrupt Practices Act of 1977, 15 U.S.C. §§ 78dd-3(a), 78dd-2(h)(5) (2018) (prohibiting anti-bribery and accounting violations on behalf of foreign companies and allowing the prosecution of illegal bribery and accounting practices against foreign companies when using any means of interstate commerce).</fn> The Report severely criticizes this broad interpretation of nexus by illustrating that the U.S. government improperly finds a nexus whenever American currency is used in informal negotiation transactions for bribery or illegal accounting practices by a foreign company.<fn>Report, supra note 11, at 15-18 (explaining that sanctions arise from informal negotiation transactions between the U.S. government and a foreign company under either the Non-Prosecution Agreement, the Deferred Prosecution Agreement, or a guilty plea).</fn>The complexity of these U.S. laws and orders with extraterritorial reach is a challenge for non-American companies. These laws and orders presumably add legal and compliance costs for non-American companies because they already expend costs on resources ensuring the compliance with their own domestic and EU regulations. Hence, non-American companies have to carry compliance costs twice, while this is not true for their American competitors, something that should be addressed and decided by the Security Council.

The Report found that not only are European companies the prime targets of American authorities, but that they also represented the majority of those receiving fines levied by the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) between 2008 and 2018.<fn>Report, supra note 11, at 4, 19 (table 1).</fn> The Report also noticed the total absence of sanctions against Chinese and Russian companies, which brings into question the underlying motivation of the American authorities when targeting economic operators.<fn>Id. at 19-20 (arguing that European companies bear the burden of sanctions by the DOJ and SEC between 2008 and 2017 by 60.17% of all sanctions compared to other American and non-European companies).</fn> The Report claims that European companies are the main targets of prosecution in the United States because, between 2008 and 2017, out of the twenty-six companies convicted under the FCPA, fourteen were European companies.<fn>Id. at 19.</fn> Therefore, it remains unclear whether these sanctions signal a commercial war against Europe.

The lawsuits appear to be mainly economically motivated and the targets chosen on purpose. The Report claims that major American companies are, for the most part, spared from prosecution and only large European and Asian companies, those in direct competition with American companies, are targeted.<fn>Cf. id. at 3.</fn> For instance, fines were collected from French, European, South American, and Asian companies, regardless of whether these companies had complied with the laws of their country, because their business practices, their customers, or some of the payments received did not comply with U.S. laws regarding (such as the FCPA). Therefore, the Report presumably argues that the nexus requirement for prosecution in the United States against foreign companies (especially European companies) is often molded and stretched in a way that benefits American companies.

IV. Conflicts of Interest: Appointed Officials and Negotiated Settlements

The Report also notices some conflicts of interest that may arise.<fn>Id. at 15.</fn> First, the Report criticizes the fact that SEC commissioners often return to private practice after serving their appointed term.<fn>Id. For more information about the Securities Exchange Commission and the appointment process, see Current SEC Commissioners, U.S. Sec. and Exch. Comm’n, [].</fn> Indeed, they are lawyers appointed to serve as commissioners and the Report noted that the interactions between public or political service and private practice could lead to an improper use of prosecutorial tools for private economic of commercial advantage. Second, the report criticizes the entire procedure surrounding negotiated settlements. It begins by claiming that negotiated settlements escape judicial review in practice.<fn>Report, supra note 11, at 15.</fn> In support of this claim, the Report mentions the Supreme Court case of Morrison v. National Australia Bank, Ltd, 561 U.S. 247 (2010).<fn>Morrison v. Nat’l Austl. Bank, Ltd., 561 U.S. 247 (2010); Report, supra note 11, at 15.</fn> and its holding that legislation only applies extraterritorially if there is a clear congressional intent.<fn>Morrison, 561 U.S. at 255-56.</fn> However, the Report fails to acknowledge two separate issues. First, the Report refers to sanctions under the FCPA, which does contain explicit language allowing extraterritorial jurisdiction against companies located in foreign jurisdictions.<fn>15 U.S.C. § 78dd-1 (2018); see H. Lowell Brown, Extraterritorial Jurisdiction Under the 1998 Amendments to the Foreign Corrupt Practices Act: Does the Government’s Reach Now Exceed its Grasp, 26 N.C. Int’l L. & Com. Reg. at 298 (2001) (“In enacting the FCPA, Congress plainly intended to reach foreign conduct.”)</fn> Second, that settlement is the usual outcome of legal disputes in the United States.<fn>See Janet Cooper Alexander, Do the Merits Matter? A Study of Settlements in Securities Class Actions, 43 Stan. L. Rev. 497, 498 (1991) (stating that five percent or fewer of litigated cases are tried to judgment); Judith Resnik, Managerial Judges, 96 Harv. L. Rev. 374, 405 n. 126 (1982) (“Eighty-five percent of all federal civil suits end by settlement.”).</fn> Yet, the Report describes settlements as more or less imposed under enormous pressure and threats of financial and criminal sanctions, including prison and loss of business license.<fn>Report, supra note 11, at 17-18 (referring to the Non-Prosecution Agreement, the Deferred Prosecution Agreement, and guilty pleas).</fn>

V. The European Union’s Response to the CLOUD Act: E-Evidence Regulation

The Report next discusses bilateral agreements in the interest of protecting French companies. The Report describes the CLOUD Act’s<fn>CLOUD Act, supra note 8.</fn> failure to recruit other countries to enter into a bilateral agreement under the Act.<fn>Report, supra note 11, at 32.</fn> So far, only the United Kingdom has signed the bilateral agreement,<fn>Agreement on Access to Electronic Data for the Purpose of Countering Serious Crime, U.S.-U.K., Oct. 3, 2019, Doc. No. 6/2019. For more information on the CLOUD Act agreement between the U.S. and the U.K, see U.S. and U.K. Sign Landmark Cross-Border Data Access Agreement to Combat Criminals and Terrorists Online, DOJ: Office of Pub. Aff. (Oct. 3, 2019), [] (at the time the Report was released, the U.K. was only in the negotiation stage of the CLOUD Act agreement). For more information on the announcement for the CLOUD Act agreement between the U.S. and Australia, see Press Release, Joint Statement Announcing United States and Australian Negotiation of a CLOUD Act Agreement by U.S. Attorney William Barr and Minister for Home Affairs peter Dutton, DOJ: Office of Pub. Aff. (Oct. 7, 2019), [].</fn> and no other country besides Australia, seems to have taken a step in that direction.<fn>Report, supra note 11, at 32.</fn> The Report then explains that EU Member States proposed a regulation similar to the CLOUD Act related to the access of digital evidence in criminal matters.<fn>Commission Proposal for a Regulation of the European Parliament and of the Council on European Production and Preservation Orders for Electronic Evidence in Criminal Matters, COM (2018) 225 final (Apr. 4, 2018); Report, supra note 11, at 32.</fn> This proposed regulation has an extraterritorial reach, and it’s presumed that, in practice, French authorities will be able to recover data stored by operators providing services in the European Union.<fn>Id. at 4.</fn> Therefore, the Report concludes that the new EU regulation proposal on e-evidence is a response to the CLOUD Act’s ability force U.S. based internet service providers, platforms, and search engines to share evidence for “serious crimes,” even when the evidence is stored abroad.<fn>Report, supra note 11, at 35.</fn>

Arguably, the powers of the CLOUD Act amount to extraterritorial enforcement and they are not covered by the traditional legislative and adjudicatory territoriality prerogatives of sovereign states. Moreover, enforcement, i.e., the collection of documents abroad, is simply based on the fact that companies in the United States have access to the evidence. Accordingly, in reality, the CLOUD Act negates the MLAT procedure.

VI. Developments in France: Access of Data and Hate Speech

There have been recent developments in procedures to access data between the French government and technology companies: the French government and Facebook agreed to allow French prosecutors to obtain IP addresses from authors of hate speech.<fn>Mathieu Rosemain, Exclusive: In a World First, Facebook to Give Data on Hate Speech Suspects to French Courts, Reuters (June 25, 2019), [].</fn> This agreement seems to have been necessary because the IP addresses were only accessible to Facebook in the United States, and therefore subject to the formalistic and lengthy MLAT process, even more so because France and the EU have yet to enact the E-evidence regulation. Moreover, it seems as if this agreement requires a court order, it does not apply to other platforms or search engines, it is not legally binding, and it only applies in France.<fn>It is not clear what are the precise obligations regarding the proof of identity. It may be argued that the concept of “inextricably linked” entities as developed by the CJEU in its famous ruling on the “Right to be Forgotten” already allows members state to enjoin under daily penalties local subsidiaries or branches to submit such evidence. See Case C-131/12, Google Spain v. Agencia Española de Protección de Datos, 2014 E.C.R. 317 (holding that Google Spain was deemed to be inextricably linked to Google Inc. to the extent that processing took place on EU territory).</fn>

Accordingly, the latest developments in Europe, both with the GDPR<fn>GDPR, supra note 7.</fn> and the French Hate Speech Bill,<fn>See generally Proposition de Loi 9 juillet 2019 visant à lutter contre les contenus haineux sur Internet [Law Proposal to Fight Against Hate Speech on the Internet], July 9, 2019 (currently pending before the Senate) [hereinafter Internet Hate Speech Law].</fn> oblige these companies to designate representatives in France. Yet, it appears that more developments are necessary because these do not define obligations in terms of evidence collection.<fn>See GDPR, supra note 7, at art. 27; see Internet Hate Speech Law, supra note 67, at art. 3; see also Report, supra note 11, at 55. </fn>

VII. Evaluation of the Gauvain Report’s Proposals

Based on the findings described in the Report, several specific proposals are found therein.

A. The GDPR and Data Related to Legal Entities

The first proposal is related to the GDPR. Currently, the GDPR only identifies “natural persons,”<fn>GDPR, supra note 7, at art. 4 (defining a “natural person” as “one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”).</fn> and the Report suggests the GDPR should include data related to legal entities.<fn>Report, supra note 11, at 55; contra Joined Cases C-92/09 & 93/09, Volker und Markus Schecke GbR v. Land Hessen, 2010 E.C.R. I-11144 ¶ 53 (“[l]egal persons can claim protection of Article 7 and 8 of the [GDPR] in relation to such identification only in so far as the official title of the legal person identifies one or more natural persons.”).</fn> However, this seems highly unlikely. Arguably, the question of whether a member state could unilaterally extend the definition of “data subjects” to cover legal entities, is a moot legal question. It would not be possible to share such data automatically between the European Union and the United States, unless the EU-U.S. Privacy Shield Agreement were renegotiated.<fn>See Commission Decision 2016/1250, 2016 O.J. (L 207) 6-13; see European Commission Press Release IP 16/2461, European Commission Launches EU-U.S. Privacy Shield: Stronger Protection for Transatlantic Data Flows (July 11, 2016).</fn>

As it stands, the transfer of data related to legal entities is not covered and the adequacy decision (which is the cornerstone of the current Shield Agreement).<fn>GDPR, supra note 7, at art. 45(1) (an adequacy decision permits cross-border data transfer outside the EU without additional authorization from a national supervisory authority).</fn> The Shield Agreement would need to be comprehensively restructured to address the data of French legal entities that could not otherwise be shared with judicial or administrative authorities in the United States beyond their established assistance procedures. Moreover, it is worthwhile noting that the Shield Agreement is currently being challenged before the CJEU for an alleged violation of articles 7 and 8 of the Charter of Fundamental Rights of the EU.<fn>Case T-738/16, La Quadrature du Net and Others v. Comm’n, 2018 E.C.R. 520 (claim seeking to invalidate the Privacy Shield Decision as failing to contain sufficient protections against U.S. intelligence agency access to personal data transferred from the EU); GDPR, supra note 7, at art. 7 (“Everyone has the right to respect for his or her private and family life, home and communications.”)</fn>

B. The 1968 Blocking Statute

The next proposal is related to the Blocking Statute. The Blocking Statute framework should be updated, enforced strictly, and it should provide much higher penalties.<fn>Report, supra note 11, at 67-68.</fn> Although the Report does not explicitly mention the discovery order from Finjan v. Zscaler, No. 17-cv-06946-JST (N.D. Cal. Feb. 14, 2019)<fn>Finjan, Inc. v. Zscaler, Inc., No. 17-cv-06946-JST (N.D. Cal. Feb. 14, 2019) (order granting a joint discovery letter by concluding that the GDPR does not preclude the Court from ordering the defendant to produce the requested e-mails in an unredacted form).</fn> it intends to block discovery requests that may prevail before U.S. courts due to the relatively low penalties under French or EU law for violations.

C. Legal Privilege Should Be Extended to In-House Counsel

The next proposal concerns the extension of legal privilege to in-house counsel.<fn>Report, supra note 11, at 61.</fn> According to Case C-550/07, Akzo Nobel Chemicals Ltd. and Akcros Chemicals Ltd. v. European Commission, 2010 E.C.R. I-8382, legal privilege does not extend to in-house counsels in France.<fn>Case C-550/07, Akzo Nobel Chemicals Ltd. and Akcros Chemicals Ltd. v. Comm’n, 2010 E.C.R. I-8382-83 (holding that an in-house lawyer cannot enjoy the same legal privilege as a private lawyer because of the economic dependence and close ties with the employer and the lack of professional independent).</fn> Failure to extend such privilege to in-house counsel may cause some companies to relocate their legal department to other Member States. Nevertheless, extending legal privilege to in-house counsel could come with some exception limiting its scope, for instance, in cases involving money laundering.

D. National Doctrine

The Report also proposes the development of a “national doctrine.”<fn>Report, supra note 11, at 75.</fn> This national doctrine proposal seeks to specify procedures to develop the “essential economic interests of France,” and it should include the procedures for the control of the transmission of documents and exhibits in the matter of mutual judicial and administrative assistance.<fn>Id.</fn>

E. Better Readability of the French Deferred Prosecution Agreement (Convention Judiciaire d’Intérêt Public)

The Report also recommends to improve the readability of the French equivalent of the American Deferred Prosecution Agreement, Convention Judiciaire d’Intérêt Public.<fn>Id. at 55; see also id. at 53 n.79 (the Convention provides an alternative disposition in prosecuted cases involving corruption, fiscal fraud, money laundering. The convention provides that the legal entity agrees to pay a fine and to comply with terms, and in exchange the prosecution closes the case).</fn> Assuming French corporations will engage in good faith and active cooperation, this would lead to a better understanding of the mechanism, its sanctions, and leniency, and it will encourage a proactive approach to the new procedure.

F. Extraterritorial Initiatives Under the International Court of Justice and the Organization for Economic Cooperation

The following proposal concerns regarding the uncertainty surrounding extraterritorial laws. The Report encourages to strengthen multilateralism and international law on the ambit of extraterritoriality with two French initiatives before the International Court of Justice and the OECD:<fn>Id. at 78-80.</fn> seek the opinion of the International Court of Justice<fn>Statute of the International Court of Justice art. 65, Apr. 18, 1946, 33 U.N.T.S. 993.</fn> to establish the state of international law on extraterritoriality,<fn>Report, supra note 11, at 78-79.</fn> and launch a reflection on laws with extraterritorial with the OECD.<fn>Id. at 79-80</fn>

G. Strengthening Tools from the European Union

The next proposal focuses on the overall tools in the EU. The Report proposes to reinforce tools from the European Union to protect European companies faced with requests from authorities or jurisdictions outside the EU,<fn>Id. at 80-83.</fn> such as developing and submitting a French proposal to amend the EU Blocking Statute and therefore extending the protection guaranteed under the French Blocking Statute of 1968 to all Member States of the EU. Under this proposal, a parliamentary report would help analyze how to strengthen the tools and resources to fight against economic and financial crimes, including bribery of foreign public officials.<fn>Id. 83-85.</fn>


The Report will most probably be used for the purpose of strengthening an EU-based response to “abusive American extraterritoriality.”<fn>Id. at 55.</fn> Extraterritorial application of laws is a growing political and legal challenge as a consequence of globalization, connectivity, and new geopolitical paradigms. Still, the Report does not tell the full story.<fn>For a different approach, see generally Charles Doyle, Cong. Research Serv., RS22702 An Abridged Sketch of Extradition to and from the United States (2016) (explaining that extraterritorial application for criminal laws of the United States increased as a consequence of terrorism and drug trafficking) and Charles Doyle, Cong. Research Serv.,7-5700, Extraterritorial Application of American Criminal Law (2016) (explaining that, while the United States has extraterritorial over many crimes, there are many obstacles to their enforcement and most new treaties seek to enhance cooperation between the United States and foreign countries).</fn> For instance, the use of law in international relations and extraterritorial enforcement for military purposes are not covered and its interpretations and conclusions may not all be irrefutable. Yet, it bears testimony to the unfortunate widening of the “Atlantic Gap.” Interestingly no “retaliatory solutions” are proposed; rather, it focuses on protection by way of “shielding or blocking.”

However, the proposals within the Report could make matters worse for European (and American) businesses since increased exposure to conflicting legal obligations seems counterproductive. Extraterritoriality itself is not the problem, but rather its unilateral application is what causes concerns for governments across the globe.


Dan Shefet

Dan Shefet is a French lawyer, born in Denmark, and the author of the individual specialist report to UNESCO on ‘Online Radicalization’, Expert with the Council of Europe on the Internet Ombudsman and President of AAID. Dan holds a philosophy degree and a law degree from the University of Copenhagen in addition to law studies in France. He specializes in European law as well as Human Rights, in general, and in the IT environment, in particular. Dan is a frequent speaker at international conferences on IT law, data privacy and content regulation. In 2014, he founded the Association for Accountability and Internet Democracy (AAID). The main objective of this association is to introduce a general principle of accountability on the internet in order to secure the protection of human integrity. He is the founder of Cabinet Shefet; the firm focuses on international law including European law.


Submit a Comment

Your email address will not be published. Required fields are marked *