Paris Litigation Gazette Issue 3

Contents 

• Competition Distribution 
  • Dawn raids: the First President of the Paris Court of Appeal orders the destruction and return of mailboxes delivered by a company, whose premises had been searched, after the closure of the dawn raids.
  • In dismissing the actions against the Commission’s decision authorising the acquisition of E.ON’s assets by RWE, the General Court recalls the need to establish strictly the admissibility of an action brought by a company against a Commission merger decision and provides information on how to assess an asset swap between companies
• IP/IT/Data
  • Anonymization or pseudonymization? - TUE, Decision of April 26, 2023
  • Data breach by a third party and compensation for non-material damage – Opinion of Advocate General Pitruzella on Case C-340/21, April 27, 2023
  • Health data and GDPR – CNIL, May 11, 2023
• Commercial Litigation
  
  • The Corporate Sustainability Due Diligence regime about to be aligned at the European level?
• Labor Law
  • Anonymised testimonies: the French Supreme Court admits them under certain conditions
  • Welcome bonus subject to a condition of presence: in the event of resignation, the employer may request partial reimbursement
• White Collar
  • Signing of two new Judicial Public Interest Agreements (CJIP) in connection with allegations of corruption
  • Fight against corruption: the European Commission wants to strengthen Member States' legislative arsenal
  • Continued work at European level on the adoption of a directive on the definition of criminal offences and penalties for violation of Union restrictive measures

Dawn raids: the First President of the Paris Court of Appeal orders the destruction and return of mailboxes delivered by a company, whose premises had been searched, after the closure of the dawn raids.

On April 5, 2023, the First President of the Paris Court of Appeal, in a case which gave rise to dawn raids, has ordered the restitution by destruction of 13 mails handed over to the agents of the French Competition Authority (the "FCA") by the visited company after the closure of the dawn raids.

On June 17, 2022, the "juge des libertés et de la détention" ("JLD") has issued an order, pursuant to Article L. 450-4 of the French Commercial Code authorizing the FCA to carry out dawn raids in the premises of LOGISTA, suspected of having abused of its dominant position in the sector of global cash register solutions and associated products and services for tobacco/print shops.

Two of LOGISTA's competitors complained to the FCA that they were being restricted or prevented from developing their own activities.

During the dawn raids, the visited company tried to oppose the seizure of certain mailboxes, and asked the FCA's agents to contact the JLD, who is in charge of ensuring that the searches go smoothly, to argue that the mailboxes in question did not fall within the scope of the order authorizing the operations. The JLD nevertheless confirmed the continuation of the searches, and the company was obliged to cooperate and allow the mailboxes to be copied.

The FCA’s agents ended the operations during the night (as is often the case), even though 13 of the 17 mailboxes they had requested had not yet been downloaded and therefore copied.

The visited company then undertook, at the request of the agents, to "voluntarily" hand over the copies of the e-mails in question within 7 days, i.e. after the closure of the OVS.

Although it did in fact hand over the electronic files requested, LOGISTA nonetheless contested the validity of the request for access that had been made to it (i) firstly, during the searches, by formulating written reservations (transmitted by the judicial police officer to the JLD, and then (ii) in the context of an appeal before the First President of the Paris Court of Appeal, on the grounds that by formulating such a request the FCA's agents had deprived it of the guarantees provided for in Article L. 450-4 of the French Commercial Code regarding the exercise of his rights of defence, as well as the right to privacy and correspondence.

When an investigation is carried out on the basis of Article L. 450-4 of the French Commercial Code, the submission of files by the visited company must benefit from the procedural guarantees provided for by this article

The conduct of dawn raids (i.e. “enquêtes lourdes”) by the FCA is governed by the guarantees set out in Article L. 450-4 of the French Commercial Code concerning the protection of the rights of defence, the right to privacy and correspondence between the company and its lawyers. In this respect:

• The agents must, in particular, ensure that the documents to be seized fall within the scope of the JLD's authorisation order;
• The visited company must also be able to apply for the so-called "provisional closed seal" procedure. This procedure allows the seals to be closed only temporarily, to allow the visited company to identify the documents/files covered by the legal privileged so that they can be removed from the items definitively seized.

By obtaining the files after the closure of the operations, it is clear that the FCA's agents were unable to verify "beforehand" whether the files communicated and therefore seized fell within the scope of the authorisation order. Nor was it possible to raise the question of the implementation of the provisional closed seal procedure.

The handing over of documents requested as part of a dawn raid cannot be considered as "voluntary" handing over

In its defence, the FCA argued that the handover of the disputed mailboxes was "voluntary" and therefore did not fall within the scope of Article L. 450-4 of the French Commercial Code.

However, the order of the First President of the Paris Court of Appeal noted that LOGISTA's undertaking to hand over the files to the FCA's agents a few days after the closure of the searches had taken place "in the course of a coercive measure". The company therefore had no choice but to respond favourably to the agents' requests, otherwise it would have been subject to obstruction proceedings under article L. 464-2, V, of the French Commercial Code.

The First President of the Court of Appeal also observed that the possibility of requesting the handing over of documents is only provided for in the case of a "simple" investigation initiated on the basis of Article L. 450-3 of the French Commercial Code (i.e., an investigation that does not give rise to searches and is therefore conducted without the authorisation of the JLD), which was not applicable in this case.

The First President of the Court of Appeal therefore concluded that the request for disclosure of documents made in the context of the searches should be regarded as constituting an abuse of process.

For all of these reasons, the First President of the Paris Court of Appeal declared that the handover by the visited company of the mailboxes that could not be copied during the dawn raids was unlawful and consequently declared the seizure of these files null and void.

Back to top

In dismissing the actions against the Commission’s decision authorising the acquisition of E.ON’s assets by RWE, the General Court recalls the need to establish strictly the admissibility of an action brought by a company against a Commission merger decision and provides information on how to assess an asset swap between companies

On 17 May 2023, the General Court dismissed the actions brought by eleven energy suppliers seeking the annulment of the European Commission decision (the « Commission ») authorising an asset swap between RWE and E.ON, the two largest companies active in the energy supply sector in Europe. In its rulings, the General Court confirms the restrictive assessment of the admissibility of an appeal against a decision authorising a merger and clarifies the assessment of transactions consisting of an asset swap between independent companies.

In March 2018, RWE and E.ON announced that they would swap assets through three separate transactions consisting of (i) RWE acquiring control of certain production assets of E.ON, (ii) E.ON acquiring control of  the energy distribution and retail businesses of RWE and certain production assets of Innogy SE, a subsidiary of RWE, and (iii) RWE acquiring 16,67% of the shares of E.ON.

While the two first transactions were subject to Commission scrutiny, the Commission declared itself incompetent to analyse the third because it did not constitute a concentration due to the absence of change of control. The third transaction was however examined by the German Competition Authority, the Bundeskartellamt.

On 26 February 2019, the Commission declared that the first transaction was compatible with the internal market. Eleven energy suppliers brought an action before the General Court seeking the annulment of the Commission’s decision, but none of them succeeded, either on the grounds of inadmissibility (in six cases) or for lack of arguments on the merits (in five cases).

The General Court’s judgements allow (I.) to reiterate the need to strictly establish the admissibility of an action brought by a company against a Commission merger decision and (II.) to refine the scope of analysis of transactions consisting in an asset swap between companies.

A strict establishment of the admissibility to challenge a merger decision

Under Article 263(4) of the Treaty on the Functioning of the European Union (« TFEU »), only an undertaking directly and individually concerned by a merger decision may lodge an appeal against it.

In this respect, the General Court points out that, in order to assess the direct concern of a third party company to a merger operation, account must be taken of its presence on the concerned markets and, in order to assess its individual concern, account must be taken of the change of its position on the market concerned as well as its « active » participation in the Commission’s administrative review of the merger.

As regard to the direct concern of the applicants, the General Court states that it is characterised where the proposed transaction changes, with immediate effect, the structure of the market on which they are active. In our case, all the applicants were energy suppliers affected by the effects of the merger, so the General Court recognises that they were therefore all directly concerned by the Commission’s decision.

As regard to the individual concern of the applicants, the General Court carries out a thorough in concreto assessment of the extent of their participation in the Commission’s “administrative procedure” in order to determine whether their participation was “detrimental to appreciate the effects of the concentration on the relevant market”^[1].

Detrimental participation means an active contribution to the market test (through, for instance, frequent contacts with the Commission, well-argued observations on the consequences of the merger on the markets concerned, supported, where appropriate, by impact studies drawn up by economists).

In our case, the General Court recognises the admissibility of five of the eleven applicants on the basis of their active contribution to the investigation carried out by the Commission.

Further clarification on the framework for analysing transactions involving asset swap between companies

The applicants challenged the Commission for having analysed the three transactions separately and not as a « single concentration », which had two consequences:

• Firstly,  taken separately, the transaction relating to the acquisition of a minority stake by RWE in E.ON, did not constitute a concentration, as there was no change of control ;
• Secondly, each of the two other transactions was analysed separately.

The General Court first points out that two cumulative conditions must be satisfied for several transactions to be regarded as a single concentration:

• the transactions concerned are interdependent, that is to say each cannot be carried out without the others, and
• the result of these transactions is to give one or more undertakings economic control of the business of one or more other undertakings.

In this respect, it notes that an asset swap whereby “independent companies acquire different targets”^[2] cannot be considered as a single concentration, since such a structure necessarily excludes the second condition mentioned above. Therefore, in our case, following these transactions, RWE controls some of assets that belonged to E.ON, and E.ON controls RWE’s former subsidiary, Innogy SE: they are therefore neither the same buyer nor the same target.

The General Court draws all the consequences for the assessment of the concerned transactions:

Firstly, the Commission could legitimately assess each transaction separately, and consider that it was not competent to examine the third transaction, which did not constitue to a concentration within the meaning of the merger Regulation.

Then, the Commission could legitimately carry out an overall assessment of the consequences that the two other transactions might have on each another.

In principle, the Commission applies the “priority rule” according to which it takes into account, « when assessing the effects of a merger, the effects of a merger notified before the one under scrutiny »^[3].

The General Court although specifies that in case of an asset swap, the mechanical application of that rule

could have “arbitrary” effects on the scope of the Commission's analysis, due to the interdependence of the concerned transactions. It points out that, to the extent that those concentration operations have a link allowing the Commission to gain an understanding of the probable effects on the market of each concentration, “it is for the Commission to take it into account in the overall assessment of all the relevant evidence that it carries out in respect of each of those operations.”^[4].

Back to top

Anonymization or pseudonymization? - TUE, Decision of April 26, 2023

In a decision dated April 26, 2023, the European General Court clarified the concepts of anonymized and pseudonymized data.  

As part of a bank resolution procedure, the Single Resolution Board (SRB) used an online electronic form enabling the bank's shareholders and creditors to determine whether they would have benefited from better treatment in the event of normal insolvency proceedings. The answers received were then shared with a consulting firm.

In the absence of any information concerning the transfer of these opinions to the firm, certain data subjects lodged a complaint with the European Data Protection Supervisor (EDPS). Considering that the data in question was pseudonymized data, the EDPS judged that the consulting firm acted as a recipient within the meaning of Article 4(9) of the GDPR. The data subjects therefore had to be informed of the transfer.

The SRB then referred the matter to the Court for annulment of the EDPS' decision.

On personal data

The European judges stress that the legislator intends to give a broad meaning to the notion of "personal data". Opinions may constitute personal data only where the information concerns the person in question (Judgment of November 20, 2017, Nowak, C-434/16, §34) – given the content and purpose of the information.

One cannot presume that any opinion constitutes personal data, without carrying out such an examination.

On pseudonymization and anonymization

In line with the Breyer judgment (Judgment of October 19, 2016, C-582/14), the Court recalls that the qualification of personal data, whether pseudonymized or anonymized, should be assessed from the data recipient's point of view.

The mere fact that the data controller – transmitter of the data – holds additional information enabling the data subjects to be re-identified is insufficient to conclude that the information transmitted constitutes personal data.

On the contrary, one should analyse whether the recipient has the legal and feasible means – given the time, cost and labour involved – to access the additional information enabling the recipient to re-identify the data subject. Otherwise, the data transmitted is not pseudonymized but anonymized, and does not fall within the scope of the GDPR. The data controller would therefore not be required to inform data subjects of the transfer of anonymized data to a third party.

This decision clarifies the distinction between pseudonymized and anonymized data in the context of data sharing. In practice, it should be determined what constitutes feasible efforts to re-identify data subjects. This assessment is essential in order not to make a mistake in the qualification of the data transmitted, which would entail the risk of disregarding GDPR provisions.

Back to top

Data breach by a third party and compensation for non-material damage – Opinion of Advocate General Pitruzella on Case C-340/21, April 27, 2023

Following a security attack on the computer system of a Bulgarian public agency, the personal data of millions of taxpayers leaked onto the Internet. Many of those affected sued the agency for damages, expressing concerns that the leaked data would be misused.

Following an appeal to the Supreme Court, questions have been referred to the European Court of Justice for a preliminary ruling on the interpretation of the General Data Protection Regulation (GDPR) relating to the conditions for compensation for non-material damage by a data controller following unlawful access by a third party to the data it collects.

In his conclusions, Advocate General Giovanni Pitruzzella offers some answers as to how a data controller is liable for personal data breaches. Note that:

• The mere existence of a data breach is not sufficient to conclude that the technical and organizational measures put in place by the data controller are inadequate to the risks. The data controller remains free to choose the most appropriate security measure. The appropriateness of the measure is assessed inter alia according to the state of technological and technical progress on the day the processing is implemented, as well as implementation costs.
• The appropriateness should further be assessed in concreto, according to content of the measures, the way they are applied and their practical effects.
• The burden of proving the appropriateness of the measure lies with the controller.
• Unauthorized access to personal data by a third party renders the data controller liable for alleged fault. The mere fact that the breach is committed by a third party is not in itself a cause for liability exemption. The controller will then have to demonstrate that the harmful event is in no way attributable to its conduct, in accordance with Article 82(3) GDPR. The level of proof required is high.
• For non-material damage to be compensable, it must constitute real and certain damage, and not a mere discomfort.

While the Advocate General's conclusions are in no way binding on the Court, they nevertheless have a decisive influence. These observations are motivated by the very nature of the protection instituted by the GDPR, which is intended to ensure a high level of protection of data subjects’ rights.

In any event, a system of liability for alleged fault implies that the data controller must be able to demonstrate that it has implemented technical and organizational measures adapted to the risks, hence the importance of documenting its process of compliance with the GDPR (processing register, DPIA, DPA, etc).

Back to top

Health data and GDPR – CNIL, May 11, 2023

The CNIL recently handed down a €380,000 penalty against a website dedicated to health. This penalty takes account of the following breaches:

• Failure to comply with the obligation to retain data for a period limited to the intended purpose (Article 5.1.e GDPR)

The company kept answers to questionnaires available on the website and completed by users, as well as the IP addresses of logged and unlogged users, for up to 27 months – even after the results had been communicated to users. The CNIL considered these retention periods to be excessive in view of the purpose of the processing.

The same applies to data on users who have been inactive for 3 years, as the anonymization procedure failed to meet the criterion of impossibility of individualization. In fact, users data was only pseudonymized.

• Failure to obtain consent from individuals to collect their health data (Article 9 GDPR)

The company processes health data via online questionnaires. In the absence of other applicable legal bases provided for in Article 9(2)(b) to (j) GDPR, the company should have collected the consent of its users.

• Failure to comply with the obligation to provide a contractual framework for processing carried out with another controller (Article 26 GDPR)

As part of the marketing of advertising space on the company's website, the company acts as a joint controller with third parties. However, the respective obligations of the joint controllers are not defined contractually – contrary to the provisions of Article 26.

• Failure to ensure data security (Article 32 GDPR)

The CNIL also takes into account two breaches relating to data security:

• The company did not adequately guarantee users' browsing security, using the unsecured "HTTP" communication protocol by default.
• Passwords were stored in an insufficiently secure format.
• Failure to comply with obligations relating to the use of cookies (Article 82 of the French Data Protection Act)

The CNIL found that a non-essential cookie had been deposited without the user's consent, and that two advertising cookies had been deposited after the user had clicked on the "REFUSE ALL" button.

Yet another decision that confirms the importance of adopting heightened vigilance and a compliance policy adapted to the sensitivity of the personal data processed.

Back to top

The Corporate Sustainability Due Diligence regime about to be aligned at the European level?

The French style corporate duty of care resulting from the March 27, 2017 Law could soon evolve and become an European obligation. On June 1, 2023, the European Parliament adopted its position on the proposed Directive on Corporate Sustainability Due Diligence (CSDD) published on February 23, 2022.

The proposed CSDD directive imposed on European companies the prevention and mitigation of "adverse effects" on the environment or human rights of their activities, those of their subsidiaries or their value chains, unless they are held liable in the event of damage. The Council of the European Union announced its general approach to the text on December 1, 2022, before the Legal Affairs Committee adopted the compromise text negotiated by MEPs on April 25, 2023. On June 1, 2023, the European Parliament adopted its position on the draft CSDD directive. The draft text has been widely debated, as evidenced by the numerous amendments adopted to the 70 recitals, 30 articles and annexes. The amendments deal in detail with issues as diverse as the content and form of the contractual clauses to be agreed with the business partners who make up the value chain, the corrective measures to be implemented, stakeholder consultation, the content of the plan to ensure that the company's business model and strategy are aligned with the objectives of the transition to a sustainable economy and the limitation of global warming to 1.5°C in line with the Paris Agreement.

Among the amendments proposed by the EU Parliament, the first is the extension of the scope of application to EU companies employing an average of more than 250 employees (compared with 500 in the initial proposal) and a worlwide net turnover exceeding EUR 40 millions (compared with EUR 150 millions in the initial proposal), or the ultimate parent company of a group that had 500 employees and a net worldwide  turnover of more than EUR 150 millions in the last financial year. As a result, the amended version extends the duty of care to large SMEs and medium-sized companies - being specified that SMEs not subject to the duty of care will still be able to comply voluntarily - as well as to companies and groups incorporated under foreign law. The directive could therefore go further than French law on duty of care, which applies to companies which, for two consecutive financial years, employ at least 5,000 employees themselves and in their direct or indirect subsidiaries headquartered in France, or at least 10,000 employees themselves and in their direct or indirect subsidiaries headquartered in France or abroad.

As for financial actors, the Parliament's version includes suppliers as well as clients in the scope of vigilance, the Parliament considering that the "value chain" of financial institutions "shall include the activities of the clients directly receiving such financial services provided by financial undertakings (…) and of other companies belonging to the same group whose activities are linked to the contract in question ». This subject is much debated whether it is legitimate to hold investment funds and banks liable for damage caused by the companies in which they invest.

While EU Parliamend maintened article 25 on the original proposal related to directors’s duty of care, it deleted Article 26 on the obligation for directors of EU companies to set up and overseeing due diligence actions and to take steps to adapt the corporate strategy. It should be remembered that an NGO brought an action against the board of directors of an Anglo-Dutch oil company, for failing to comply with their duty of care by failing to adopt and implement an energy transition strategy in line with the Paris Agreement.

The amended version also adds reinforced vigilance in conflict zones, given the increased risk of companies being associated with serious human rights violations. Companies must "address these heightened risks and to ensure that they do not facilitate, finance, exacerbate or otherwise negatively impact the conflict or contribute to violations of international human rights lax or international humanitarian law in conflict-affected or high-risk areas ». As a reminder, the Russian-Ukrainian conflict has been the occasion for NGOs to give formal notice to companies in the energy and nuclear sectors to cease their activities in Russia, on the basis of the French corporate duty of care law.      

The Parliament's approach was to make the European ESG regulations that are gradually taking shape easier to understand, as companies subject to the obligations laid down in the CSDD will have to draw up and implement a transition plan in line with the information requirements set out in the Corporate Sustainable Reporting Directive (CSRD).   

The amended version introduces the concept of "responsible disengagement". It provides, as a last resort, for companies subject to the law to break off commercial relations with the trading partner in the value chain responsible for the negative impact of their activities on human rights and the environment.

While the initial proposal provides for a system of sanctions by national supervisory authorities, Parliament has set a fine of up to 5% of the net worldwide turnover in the event of failure by a company subject to the law to comply with its obligations - which is not provided for in French law on duty of vigilance.

As regards corporate civil liability, the Parliament has created a presumption of liability - which does not exist in the French law on duty of care - by providing for the possibility for a claimant to supply "elements substantiating the likelihood of a company's liability".

Inter-institutional negotiations are set to continue, and could result in major changes to the French and EU landscape in terms of social and environmental issues.

Back to top

Anonymised testimonies: the French Supreme Court admits them under certain conditions

Cass. Soc., April 19, 2023, n°21-20.308

In this case submitted to the French Supreme Court (“Cour de cassation”), an employee in the aeronautics sector was given a 15-day disciplinary suspension for various acts of bullying and humiliation against colleagues, which he contested. To justify this sanction, the employer produced several statements and messages from employees, as well as an anonymised statement from an employee and the minutes of an interview with the same employee.

The Court of Appeal dismissed the anonymised statement and minutes as having no probative value, on the grounds that it was impossible for the accused person to defend himself against anonymous accusations.

In a decision dated 19 April 2023, the French Supreme Court overturned the appeal decision on the basis of article 6, §1 and 3 of the Convention for the Protection of Human Rights and Fundamental Freedoms, and the principle of freedom of evidence in employment matters, stating that :

"If the judge cannot base his decision solely or decisively on anonymous testimony, he may nevertheless take into consideration anonymised testimony, i.e. testimony rendered anonymous a posteriori in order to protect its authors but whose identity is nevertheless known by the employer, when it is corroborated by other elements that make it possible to analyse its credibility and relevance.”.

Indeed, in this case, the statement and minutes were not the only evidence produced by the employer to characterise the misconduct of the suspended employee.

The French Supreme Court thus accepts, as it has already done in the case of anonymous statements (where the identity of the author is not known), that a statement and/or minutes anonymised to protect the author from possible retaliation by the sanctioned employee are admissible evidence.

However, as with anonymous testimonies, the judge cannot base his decision solely or decisively on anonymised testimonies, and must, in assessing the reality and seriousness of the grounds for the grievance in support of the sanction, take into account any other evidence produced by the employer to corroborate the content of the testimonies in question and thus assess their credibility and relevance.

This decision will undoubtedly be of interest to employers, who will be able to submit voluntarily anonymised statements, collected for example as part of internal investigations, to protect their authors, thus enabling employees to speak out without fear of negative repercussions.

But one will still need to be able to produce additional evidence to corroborate the statements of employees whose testimony has been anonymised: for example, other employee statements (whose identities are not concealed), an internal investigation report, e-mails or any other evidence relevant to the alleged facts.

Lastly, if this decision was rendered in relation to an anonymised statement produced by an employer as part of a litigation procedure, what about an anonymised statement produced by an employee?

The same rule will undoubtedly apply to the employee, who will thus be able to produce anonymised statements, notably from other employees, in support of his claim. The admissibility of such statements is likely to encourage some employees to testify.

Back to top

Welcome bonus subject to a condition of presence: in the event of resignation, the employer may request partial reimbursement

Cass. Soc., May 11, 2023, n°21-25.136

In a decision dated 11 May 2023, the French Supreme Court (“Cour de cassation”) validated the principle that an employment contract may make the acquisition of the full amount of a welcome bonus conditional on the employee's presence in the company for a certain period after its payment, and provide for reimbursement on a pro rata basis of the time that the employee, due to his resignation, will not have spent in the company before the due date.

In this case, the employment contract of a new employee in the financial sector provided for the payment of a gross bonus of €150,000 within 30 days of taking up the role. However, the clause stipulated that in the event of resignation or dismissal for serious or wilful misconduct within 3 years of his hiring, the bonus would only be due in proportion to the number of months of presence, the balance being reimbursable to the company.

As the employee had resigned only one year and two months after taking up his role, the company requested reimbursement of the balance of the bonus. The employee refused, arguing that:

• The bonus constituted a right definitively acquired as a result of his arrival in the company;
• The company could not validly make the granting of the bonus conditional on the employee's presence at a date subsequent to the payment date.

The Court of Appeal ruled in favour of the employee, considering that the condition of presence stipulated in the contract had the effect of “setting a cost for resignation” and, in doing so, infringed the employee's freedom to work.

The French Supreme Court overruled the appeal decision, requiring the employee to reimburse the company for the amount of the bonus corresponding to the 19 months not spent with the company (i.e. nearly €80,000):

"A clause agreed between the parties, the purpose of which is to ensure the loyalty of an employee whose collaboration the employer wishes to secure over the long term, may, without unjustifiably and disproportionately infringing the freedom to work, make the acquisition of the full amount of a welcome bonus, which is independent of the remuneration of the employee's activity, conditional on the employee's presence in the company for a certain period after its payment, and provide for the reimbursement of the bonus in proportion to the time that the employee, because of his resignation, will not have spent in the company before the due date. ".

In an economic context where companies are finding it difficult to recruit, an employer may, in order to attract and retain talent, make the granting of a welcome bonus conditional on the employee remaining with the company for a certain length of time after its payment. If the employee fails to remain with the company for the entire period, the employer may demand partial reimbursement of the bonus.

The bonus in question is therefore acquired as the contract is performed, and only becomes fully acquired at the end of the period of presence stipulated in the contract. If the employee resigns during this period, he is deprived of that part of the bonus that has not yet been acquired.

According to the French Supreme Court, if these stipulations constitute an infringement of the freedom to work, such an infringement is not unjustified or disproportionate in view of the specific purpose of the bonus, which is to secure the employee's collaboration over the long term and not to remunerate his activity.

Employers must therefore be particularly careful when drafting such a clause, to ensure that it is fully effective should they need to claim reimbursement.

The French Supreme Court has ruled in the case where the employee resigns. It is reasonable to assume that the solution would have been identical if the employee had been dismissed for serious or wilful misconduct before the end of the bonus acquisition period, as also provided for in the clause in question, provided that the dismissal was justified. Failing that, it is not certain that the company would be justified in demanding partial reimbursement of the bonus.

Back to top

Signing of two new Judicial Public Interest Agreements (CJIP) in connection with allegations of corruption

On 17 May 2023, the President of the Paris Court of First Instance approved the 16^thand 17^thpublic interest judicial agreements (CJIP): the first concerns Guy Dauphin Environnement, while the second involves Bouygues Bâtiment Sud-Est and its subsidiary Linkcity Sud-Est.

As a reminder, the CJIP - which was introduced into French law by the so-called "Sapin 2" Act of 9 December 2016 - allows any legal entity implicated for offences against probity to opt, on the proposal of the public prosecutor, for an alternative measure to prosecution. If this option is chosen, the public prosecution is extinguished, provided, of course, that the legal entity fulfils the obligations to which it is committed in the agreement.

For the companies implicated, in addition to the speed of the procedure, which allows better control of the reputational impact inherent in any accusation, the CJIP allows economic activity to continue by avoiding the penalties of a ban on certain activities, closure of an establishment or exclusion from public contracts. In return, legal entities undertake one or more of the following obligations: payment of a public interest fine to the Treasury, implementation of a programme to bring their procedures into line and/or compensation for the damage caused to victims.

The CJIP concluded with Bouygues Bâtiment Sud-Est and its subsidiary Linkcity Sud-Est concerns active bribery of public officials and concealment of favouritism. Between 2016 and 2018, two public contracts for the construction of healthcare buildings were concluded between a public healthcare institution and Bouygues Bâtiment Sud-Est and Linkcity Sud-Est. A criminal investigation later revealed a number of breaches of the rules governing public procurement: award of the contract without consideration of all the regulatory criteria, failure to advertise and put the candidates out to tender, and failure to comply with the criteria for analysing other projects received for the sale of the land. Last but not least, the director of the public institution had benefited from various advantages.

The CJIP concluded with Guy Dauphin Environnement (GDE) relates to active influence peddling. In 2006, GDE, a company specialising in the recycling of metal waste, was refused authorisation to open a landfill by a decree, despite a favourable advisory opinion from the CODERST^[1]. The reason given was the health risk posed by such a project, and in particular the risk of polluting the water table on which the region's economic growth depends. Against all expectations, the administrative judge annulled the decree, which allowed the site to be opened following a new favourable opinion from the CODERST. When the case was referred to the Court of Appeal, the authorisation decision was overturned. A subsequent investigation revealed that GDE had sought the support of the President of the General Council of the department concerned in order to influence the decisions of the public authorities - and in particular the opinions of the CODERST - in return for which it had offered him various advantages.

The companies implicated in these two CJIPs have undertaken to implement a three-year compliance programme under the supervision of the French Anticorruption Agency (AFA) and to pay a public interest fine of €7,964,000 for Bouygues Bâtiment Sud-Est and Linkcity Sud-Est and €1,230,000 for Guy Dauphin Environnement.

While these amounts may seem significant, it should be remembered that the CJIP concluded with Airbus SE on 30 November 2022 provided for a public interest fine of €15,856,044 and that this agreement followed on from an initial CJIP validated on 31 January 2020, under which Airbus SE undertook to pay a public interest fine of €2.083 billion. In five years, the CJIPs have resulted in companies paying more than €3.7 billion in fines.

Back to top

Fight against corruption: the European Commission wants to strengthen Member States' legislative arsenal

With corruption estimated to cost the European Union's economy, at least €120 billion a year^[1] , the President of the European Commission, Ursula Von der Leyen, announced in her State of the Union address on 14 September 2022 that she wanted to take decisive action to fight corruption. Two main measures were announced: the modernisation of the European legislative framework to fight corruption and the inclusion of serious acts of corruption in the list of offences liable to give rise to restrictive measures (e.g. ban on entering EU territory, freezing of assets, etc.).

With the publication on 3 May 2023 of the proposal for a directive of the European Parliament and of the Council on the fight against corruption (2023/0135), the promise made on the first point already seems to have been kept in a relatively tense context due to the serious accusations made against certain MEPs in the Qatargate affair.

This proposal for a directive contains three main components: (i) the prevention of corruption, (ii) the definition of reprehensible acts and (iii) the prosecution and punishment of such acts.

Preventing corruption and instilling a culture of integrity

The fight against corruption begins with prevention, transparency and the establishment of a culture of integrity. The explanatory memorandum to the proposed directive places great emphasis on these points.

In practical terms, the proposed directive requires the introduction of transparency measures relating to conflicts of interest and the assets of public officials, as well as measures to regulate interactions between the public and private sectors. In this respect, French law should not be overly affected by the European text. With the laws on transparency in public life and the Sapin II law, France already has a number of measures in place in this area.

The proposed directive also obliges Member States to promote anti-corruption awareness-raising activities through education and research programmes.

Finally, the proposed directive requires Member States to set up specialised bodies to prevent corruption and to provide them with the necessary human and financial resources. On this point too, France has been ahead of European requirements since 2016 with the creation of the French Anti-Corruption Agency.

Definition of probity offences falling within the scope of the directive and associated liability regime

As a preamble, the proposal for a directive stresses the need to harmonise corruption offences and penalties in order to combat corruption comprehensively and effectively throughout the European Union.

Articles 7 to 14 define the various probity offences: corruption in the public and private sectors, embezzlement, influence peddling, abuse of office, obstruction of justice and enrichment linked to corruption offences. For the first time, the provisions relating to breaches of probity in the public and private sectors are grouped together.

The proposed directive also details the liability regime associated with these offences.

In this respect, it is interesting to note that mitigating circumstances include good cooperation with the judicial authorities, the deployment of a compliance programme and self-disclosure of criminal acts (see Article 18).

Another point of interest for companies is the liability of legal persons, and in particular Article 16(2) of the proposal. This provides that legal persons may be held liable where the lack of supervision or control made it possible for the offence to be committed for the benefit of the legal person.

Prosecution and penalties for breaches of professional ethics

The proposed directive aims to harmonise the penalties applicable within the EU by requiring Member States to provide for "effective, proportionate and dissuasive" criminal penalties.

For natural persons, the proposed directive establishes a maximum penalty of at least four to six years, depending on the seriousness of the offence, and sets out a number of additional penalties.

The maximum fine for legal entities will have to be set at a minimum of 5% of the company's worldwide turnover, in addition to complementary penalties (e.g. exclusion from tendering procedures, temporary or permanent ban on carrying on a commercial activity, judicial dissolution of the legal entity, etc.).

With regard to the limitation period, the proposal for a directive sets the minimum duration of limitation periods at five, eight or ten years, depending on the seriousness of the offence and provided that the procedure in force in the Member State provides for acts interrupting the limitation period. This provision, if adopted as it stands in the final version of the text, will oblige the French legislator to adapt the current limitation periods insofar as probity offences follow the classic rules of the French criminal limitation period, i.e. 6 years for misdemeanours.

To ensure the effectiveness of investigations and prosecutions in this particularly serious area of crime, which often has a cross-border dimension, the Commission calls for the establishment of independent bodies specialising in the fight against corruption. It also calls on the Member States to lift the privileges and immunities granted to national officials for corruption offences and to mobilise investigative tools such as those used for organised crime.

To sum up, the body of French anti-corruption legislation already appears to be well advanced in terms of the requirements set out by the European Commission in its proposal for a directive. Transposing the future European text into French law should therefore not entail any major upheavals for companies established in France.

However, the European legislative process is still in its early stages - the draft directive is due to be examined by the European Parliament and then by the Council - so we will need to keep a close eye on any changes that are made.

Back to top

Continued work at European level on the adoption of a directive on the definition of criminal offences and penalties for violation of Union restrictive measures

While the European Union is currently implementing its 10^thpackage of economic and financial sanctions against Russia, on June 9, 2023 the EU Council settled on its negotiating position (general approach) on the European Commission's December 2, 2022 proposal for a directive on the definition of criminal offences and penalties for violation of Union restrictive measures.

This proposal for a directive follows on from the decision adopted unanimously on November 28, 2022 by the Council of the EU to add the violation of restrictive measures to the list of EU crimes in the Treaty on the Functioning of the EU.

In particular, the proposed directive defines the behaviors that Member States will have to classify as criminal offenses, including (i) aiding the circumvention of a ban on entering EU territory, (ii) trading in goods subject to a ban, and (iii) engaging in transactions with states, individuals or entities subject to EU restrictive measures.

It also requires Member States to provide for a limitation period for such infringements, and to take measures to freeze and confiscate the proceeds of sanctions violations.

Member States will also be required to ensure cooperation and coordination between their various law enforcement and judicial authorities at both national and European level.

Once adopted, "this new directive will facilitate the investigation, prosecution and punishment of violations of restrictive measures throughout the EU", according to the Swedish Minister for Justice.

As European law currently stands, the enforcement of EU sanctions is a member state responsibility. So far, national systems that deal with the violation of EU sanctions differ significantly. Besides, member states are not required to criminalise violations and may thus apply administrative sanctions instead.

Under French law, for example, these repressive measures are set out in article 459 of the Customs Code: in addition to the confiscation of goods and assets which are the direct or indirect product of the offence, violation of European restrictive measures are punishable by five years' imprisonment and a fine equal to at least the amount and at most twice the sum involved in the offence or attempted offence. This fine is multiplied by five when the offence has been committed on behalf of a legal entity by its organs or representatives.

Among our European neighbors, prosecutions in this area are not just theoretical, and the penalties imposed are often substantial.

For example:

• in February 2020, a German criminal court handed down a seven-year prison sentence for exporting dual-use goods to the Russian army in violation of EU Regulation 833/2014 ;
• in March 2021, a German criminal court sentenced two individuals to prison for delivering machinery to Russia in violation of the dual-use provisions of EU Regulation 833/2014 ;
• on December 14, 2021, a Danish court fined a legal entity 34 million Danish kroner (e.g., 4.5 million euros) and sentenced its director with a four-month suspended prison sentence for violating the sanctions regime against Syria;
• On May 22, 2023, four former executives of the spyware company FinFisher had been indicted in Germany for violating export controls on dual-use goods;
• On May 29, 2023, Lithuanian authorities presented Lithuanian prosecutors with a report containing evidence suggesting the involvement of nine Lithuanian companies in the violation of European Union sanctions on Russian timber.

In France, on the other hand, prosecutions in this area were, until recently, extremely rare (with the exception of the famous case of a cement manufacturer indicted for violating an embargo by failing to comply with sanctions against Syria). To the best of our knowledge, French courts have not yet render any decision for non-compliance with a sanctions regime.

The future European text – whose draft must now be examined by the European Parliament – will certainly provide the impetus for a new dynamic in this math verer in the months to come...

Back to top

---

[1] See, for example, General Court, T-321/20, 17 May 2023, p.4.

[2] General Court, T-312/20, 17 May 2023, §86.

[3] General Court, T-312/20, 17 May 2023, §104.

[4] General Court, T-312/20, 17 May 2023, §116.

[5] Departmental council for the environment and health and technological risks

[6] Proposal for a Directive of the European Parliament and of the Council on combating corruption n°2023/0135, p.1