The Publication of the Gauvain Report on the Protection of French Companies Against Extraterritorial Laws and Measures

July 8, 2019

The Gauvain Report to "Restore the sovereignty of France and Europe and protect our companies from laws and measures with extraterritorial scope" was submitted to the French Prime Minister on 26 June 2019.

As its name suggests, it aims to highlight the lack of legal tools available to French companies and preventing them from dealing with extraterritorial legal actions brought against them.

Over the past twenty years, these have multiplied and come essentially from American sources. They allow the United States to investigate, prosecute and condemn corporate business practices on various grounds.

As noted in the Report, French companies are particularly vulnerable as French law remains very incomplete. For example, France is one of the few countries that does not protect the confidentiality of companies' domestic legal opinions, making it an easy target for foreign authorities. In addition, the so-called "blocking" law of 1968[1] is insufficient to require compliance with international cooperation agreements or mutual assistance treaties by foreign authorities. Finally, the Cloud Act[2] allows US judicial authorities to obtain all non-personal data from legal entities by presenting a simple mandate to digital data storage providers.

That is why the Gauvain Report calls for rapid and effective action to counter this growing phenomenon. To this end, it presents three proposals for measures:

  • The creation of a company (i.e., in-house lawyer) status to protect the confidentiality of in-house legal opinions (also known as legal privilege). This would provide French companies with the same level of protection as their main competitors.
  • The modernization of the so-called “Blocking Law” of 1968[3] to make it more efficient, based on the three-part work:
  • Declaration: creation of a mandatory early warning mechanism.
  • Support: implementation of support for companies by a dedicated administration, the Strategic Information and Economic Security Service.
  • Sanction: increasing the sanction provided for in case of violation of the law.
  • The extension of the GDPR[4] to legal entity data, through the adoption of a law protecting French companies against the transmission of their non-personal digital data by hosting providers to foreign authorities.

These measures go along with six additional recommendations:

  • The development of a shared national doctrine on secrets to be protected for administrations and contributing to international cooperation (administrative or judicial).
  • Strengthening the use of the judicial convention in the public interest to make French criminal policy more readable and to improve the prosecution of economic and financial offences in France.
  • Referral to the International Court of Justice to determine the state of international law on extraterritoriality.
  • The launch of a French initiative at the OECD to establish common rules on laws and measures with extraterritorial effect in order to avoid judicial protectionism.
  • The elaboration of a French proposal to the EU to strengthen European tools for the protection of European companies in response to requests from foreign administrative and judicial authorities.
  • The launch of a mission to strengthen tools and resources dedicated to the fight against economic and financial crimes, including the bribery of foreign public officials in international business transactions.

1. Law No. 68-678 of 26 July 1968 on the communication of documents and information of an economic, commercial, industrial, financial or technical nature to foreign natural or legal persons

2. Clarifying Lawful Overseas Use of Data Act - CLOUD Act - of 23 mars 2018

3. Law No. 68-678 of 26 July 1968 on the communication of documents and information of an economic, commercial, industrial, financial or technical nature to foreign natural or legal persons

4. Regulation (EU) No. 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data

Related Practices