Bibliographie sélective OHADA

L'Europe a été à l'avant-garde de l'éthique de l'intelligence artificielle (IA), en élaborant des chartes et des principes non contraignants sur l'IA « digne de confiance ». Le terme « digne de confiance » est utilisé par l'Europe pour désigner les systèmes d'IA qui sont « éthiques », « légaux » et « techniquement robustes ». L'Europe a complété ces principes non contraignants par un texte de loi sur l'IA, connu sous le nom de règlement sur l'IA, ou AI Act. Le règlement sur l'IA est l'un des premiers cadres légaux au monde à réglementer les systèmes d'IA dans différents secteurs et cas d'utilisation, en mettant l'accent sur la sécurité et la protection des droits fondamentaux. Pour les questions opérationnelles, le règlement sur l'IA s'appuie principalement sur des normes techniques en cours d'élaboration. L'approche européenne combine donc trois niveaux d'instruments réglementaires : les chartes éthiques de l'IA, le règlement sur l'IA et les normes techniques.L'approche par la normalisation est traditionnelle dans le domaine de la sécurité des produits, mais dans le règlement sur l'IA, les normes sont également censées répondre aux préoccupations en matière de droits fondamentaux. Pour éviter de faire des choix normatifs difficiles, les organismes de normalisation jouent la carte de la sécurité en élaborant des normes qui restent à un niveau élevé. De plus, dans le cadre du règlement sur l'IA, la responsabilité de l'élaboration des normes techniques est déléguée à des organismes de normalisation privés, où les grandes entreprises multinationales sont surreprésentées et exercent une influence considérable. Ces normes sont également généralement payantes, bien que la situation puisse évoluer dans les années à venir après une récente jurisprudence de la Cour de justice de l'Union européenne. Les experts en normalisation sont donc sous pression pour fournir des normes à temps et de bonne qualité. Europe has been at the forefront of Artificial Intelligence (AI) ethics, developing non-binding charters and principles on "trustworthy'' AI. The term "trustworthiness'' is used by Europe to designate AI systems that are "ethical'', "legal'' and "technically robust''. Europe has supplemented these non-binding principles with a binding regulation on AI, known as the AI Act. The AI Act is one of the world's first comprehensive frameworks for regulating AI systems across different industries and use cases, focusing on safety and protection of fundamental rights. The AI Act relies, for operational questions, mostly on technical standards that are in the course of development. The European approach thus combines three layers of regulatory instruments: AI ethics charters, the AI Act and technical standards.The standardisation approach is traditional in product safety, but under the AI Act, standards are also expected to address fundamental rights concerns. To avoid making hard normative choices, standardisation organisations are playing it safe, developing standards which remain at a high-level. Moreover, under the AI Act, the responsibility for developing technical standards is delegated to private standardisation bodies, where large multinational companies are over-represented and hold significant influence. These standards are also often locked behind paywalls, although the situation may evolve in the coming years after a recent case law from the Court of Justice of the European Union. Standardisation experts therefore face pressures to deliver standards on time and of good quality.

This article seeks to examine the extent to which users of e-banking services are protected in Cameroon. Over the past decades financial transactions have gradually emerged from traditional methods to modern forms of banking. The Information and Communication Technology (ICT) has transformed the banking system into a digital arena. With e-banking, customers can access their bank accounts, transfer funds, pay bills, and check their accounts balances. Banks serve as the backbone of every modern economy and should be protected. The development of e-banking in the 1980s with the aid of ICT has rendered banks and their customers vulnerable to cybercrimes. As an effort to combat cybercrimes and ensure cyber security in Cameroon, the 2010 Cyber Law provides both substantive and procedural rules. It is rather unfortunate that, the measures put in place to ensure cyber security and protect bank customers against cybercrimes are to a greater extent ineffective. The main objective of this article is to determine the protection accorded to banks and their customers against cybercrimes. The method adopted in the course of this work is doctrinal wherein, both primary and secondary sources of data were collected. The findings reveal among others that, the measures put in place to combat cybercrimes within the banking sphere in Cameroon are not effective. There is lack of explicit definitions for cyber offences. Most of the offences provided by the 2010 Cyber Law are vague and ambiguous. We therefore recommend that, the 2010 Cyber Law should be amended to address the current issues of ICT. This amendment should include explicit definitions for the different forms of cybercrimes with severe sanctions. Banks are advised to put in place effective monitoring machineries to mitigate cybercrimes.

PURPOSE : Financial institutions such as Bureaux de Change are susceptible to money laundering, posing a significant risk to a nation’s financial stability and security if not properly regulated and supervised. Botswana is a member of the Financial Action Task Force (FATF), a global organisation that sets standards, promotes policies to prevent money laundering, terrorist financing and arms proliferation, all to safeguard the global financial system. Efforts have been made to incorporate FATF recommendations on money laundering into the fiscal laws of Botswana. However, some deficiencies still remain. Although there are no recorded cases of money laundering in Botswana, Bureaux de Change entities are susceptible to it as their business involves cash transactions and rapid money transactions. This paper aims to analyse the challenges faced by Bureaux de Change entities in combating money laundering in Botswana. This will be done by assessing the effectiveness of the current regulatory framework and role of the regulatory authorities in combating money laundering within Bureaux de Change entities. DESIGN/METHODOLOGY/APPROACH : This paper provides a comprehensive examination of the obstacles faced by Bureaux de Change entities in Botswana when it comes to combating money laundering. A qualitative research method and doctrinal research method are both used in this context. FINDINGS : It is hoped that policymakers and other relevant persons will adopt the recommendations provided in the paper to enhance the curbing of money laundering in Botswana. RESEARCH LIMITATIONS/IMPLICATIONS : This paper is only limited to the regulation of money laundering within the Bureaux de Change entities in Botswana and does not provide empirical research. PRACTICAL IMPLICATIONS : This paper is useful to policymakers, lawyers, law students and regulatory bodies especially in Botswana. SOCIAL IMPLICATIONS : This paper suggests changes to the Bank of Botswana (Bureaux de Change) Regulations of 2004 to improve their effectiveness, robustness and competitiveness in combating money laundering. ORIGINALITY/VALUE : This paper is original research on the challenges of combating money laundering within Bureaux de Change entities in Botswana.

Data gatekeepers (data controllers and processors) that use blockchain for data transfer effectively enjoy limited liability for violations of the GDPR. This is due to the fact that applying the GDPR’s data gatekeeper system of liability to a decentralized technology such as blockchain is difficult for three reasons. Firstly, identifying data gatekeepers on the blockchain can only be done by either assigning data gatekeeper roles to actors on the blockchain, or structuring the blockchain as private or permissioned one, so as to fit with GDPR requirements. Neither of these approaches provides a universally applicable and satisfactory method for privacy protection. Secondly, because of their knowledge and investment in infrastructure, large data gatekeepers such as IBM, Amazon and Microsoft have an informational advantage over data protection authorities (DPAs) and an additional protective layer against liability, as their blockchain infrastructure is used by other businesses and corporations that are primarily liable for data processing. Finally, administrative fines and reputational damages for non-compliance with the GDPR are insufficient deterrents for large data gatekeepers, whereas damages awarded to individual data subjects for data gatekeepers’ violations of GDPR are extremely low and too costly to obtain.

Although Zimbabwe has established several institutions to combat money laundering and related crimes, there is a perception that inadequate measures are taken to apprehend offenders responsible for financial crimes. Institutions such as the Financial Intelligence Unit (FIU), the Zimbabwe Anti-Corruption Commission (ZACC), the Zimbabwe Republic Police (ZRP), the National Prosecuting Authority (NPA) and the Reserve Bank of Zimbabwe (RBZ) have done little to prove that the government of Zimbabwe is resolute in combatting money laundering. On the contrary, it increasingly appears that these institutions are poorly equipped and lack the necessary capacity to enforce and uphold anti-money laundering (AML) measures in Zimbabwe. Further, there appears to be a selective application of the law, with one set of rules for individuals or institutions that are perceived as political adversaries of the incumbent establishment and a different set of rules for the political elite. Consequently, the selective application of the law projects Zimbabwe as a jurisdiction that is somehow tolerant to money laundering, corruption and related financial crimes, thereby lowering and tarnishing the standing of the country in the global economic community of nations. This paper provides a regulatory analysis of the AML role-players in Zimbabwe in order to assess their functions in combatting financial crimes. It also analyses whether these role-players are effective and substantively executing their responsibilities therein. The authors argue that while Zimbabwe is well able to effectively combat money laundering through the even application of the law to all persons regardless of their political or economic standing, it is imperative that its AML institutions operate without fear, favour or prejudice. This is crucial in combatting money laundering and instilling confidence in the general public's perception of AML institutions in Zimbabwe.

This dissertation investigates the impact of digital transformation on risk management within the banking sector, emphasizing the integration of artificial intelligence (AI) in enhancing operational risk management. It examines key research questions about how digitisation reshapes risk management practices, the extent to which South African banks align with international standards, and the role of AI in advancing these frameworks. The study finds that AI holds substantial potential to improve risk management, particularly in managing operational risks, while underscoring the indispensable role of human oversight. Ultimately, this shift toward a more AI-driven, adaptive approach marks a pivotal evolution in the financial sector, suggesting that the future of risk management can indeed rely on AI's transformative capabilities.

Compliance with the GDPR while using blockchain technology for data processing results in compliance issues, due to the fact that the blockchain and the GDPR employ different methods to ensure privacy-by-design and privacy-by-default. The blockchain is built on disintermediation and relative decentralization, whereas the GDPR aims for re-intermediation and relative centralization of the data protection process. This paper provides an overview of and suggestions on how to secure compliance with the GDPR while processing data using the blockchain. A focus is placed on the data protection impact assessment on the blockchain network, issues in identifying and determining the role(s) of sole and joint data controllers and data processors, obstacles to exercising the right to rectification and right to be forgotten when the data is recorded on the blockchain, GDPR data transfer requirements as applied to the blockchain, and the protection of privacy in the process of creating blockchain-based smart contracts.

This thesis addresses the problem of individuals’ lack of control over personal data in the digital world. It sheds light on market and regulatory failures that lie behind the status quo and proposes a framework to improve regulatory responses. The two regulatory regimes that are at the core of this thesis are EU data protection regulation, which protects individuals’ fundamental rights over data, and EU competition law, which safeguards the sound functioning of the market and consumers’ economic interests. Despite the existence of these two regulatory regimes, individuals do not have sufficient control over personal data collected by digital firms, whose control over large datasets is a factor contributing to market monopolisation. The thesis argues that one reason for the shortcomings of today’s regulatory framework is that the market failure is composed of a combination of factors, which are currently addressed by the different regimes relatively independently. This dichotomy hinders the development of an effective strategy to tackle the market failure in its entirety. The approach taken in this thesis is that by integrating the two regimes, it might be possible to close the gaps deriving from a narrow perception of their regulatory spaces. Hence, the thesis formulates a holistic approach, encompassing data protection regulation and competition law, designed to increase the effectiveness of the regulatory framework as a whole. Different dimensions of the regimes’ interrelation are analysed, to uncover new ways to harness their complementarity and minimise their inconsistencies and overlaps. The thesis looks at how the regimes can incorporate elements from each other to inform their policies and application of their rules, as well as developing a complementary enforcement strategy. The holistic framework ultimately allows both regimes to better tailor their regulatory responses to the functioning of the digital market and take account of the diverse elements that constitute the market failure they seek to correct.

Mobile money services have considerable potential in modern economies. They have the potential to increase financial inclusion for poor people and people excluded from formal financial services. This is because mobile money services can be accessed simply using a mobile cellular phone and the majority of people nowadays own mobile phones, including people living in the rural areas. Mobile money can therefore solve the problem of financial exclusion because even the people who live in the rural areas without access to formal financial services can now access financial services thorough mobile money services. Financial inclusion, on the other hand, is simply defined as a situation where every member of the society has access to and is able to use financial services offered by formal financial services institutions, such as banks and insurance companies. Financial inclusion has many benefits, the main benefit being the stimulation of the economy of a country. For mobile money services to operate smoothly and financial inclusion to be achieved, there must be enabling regulation. Regulation must not be so strict as to prevent mobile money service providers from operating. Regulation must allow for innovation and at the same time maintain financial integrity and stability by ensuring that financial crimes, such as money laundering, do not affect mobile money services. Although mobile money services can increase financial inclusion, regulators must be vigilant to ensure that they stop criminals from using mobile money services to commit money laundering offences. This research focuses mainly on mobile money services in the Kingdom of Lesotho. The aim is to find out how regulation can be improved to ensure that mobile money services can help to increase financial inclusion. The aim is also to find out how regulation can help to ensure that mobile money services operate smoothly, and that the crime of money laundering is prevented from affecting mobile money services. To achieve this aim, the research is divided into different chapters and in each chapter the aim is to find ways in which the main aim can be achieved. In the research, mobile money and financial inclusion will be defined and their importance in modern economies will be demonstrated in greater detail. Furthermore, the issues of money laundering will be discussed. The threat of the crime of money laundering will be highlighted. An analysis of the legal regulatory framework of mobile money services and money laundering in Lesotho will be undertaken to determine the extent to which these regulatory frameworks can help realise financial inclusion and promote mobile money services in Lesotho. The same discussion is made in respect of other African countries. The legal regulatory framework of Lesotho will be compared to the framework of other African countries to ascertain how mobile money services and money laundering and financial inclusion issues are regulated in those countries. The countries discussed in this research are South Africa, Malawi, Kenya, Nigeria, Uganda, Tanzania, and Ghana. Based on these discussions, some shortcomings in the legal regulatory framework of mobile money services and money laundering in Lesotho will be identified and the conclusion will be drawn that the two frameworks have to be revisited to ensure that mobile money services will operate smoothly in the Kingdom of Lesotho. Furthermore, recommendations will be made to address the legal shortcomings identified in the framework.

The aim of this research is to determine how the application of Big Data and Data Analytics techniques influences the external audit. The impact on the working methods and the audit quality is discussed. Furthermore, the technological maturity of the Belgian and Luxembourgish audit industry is analysed. Therefore, the following research questions are asked: How do Big Data and Data Analytics influence the audit working method? What is the impact of Big Data and Data Analytics on the audit quality? How is the audit risk identification and assessment phase influenced? Which audit risks can be identified? Which tools and techniques do the Belgian and Luxembourgish auditors use and where do they stand? In order to answer the research question, scientific articles were analysed in the context of the literature review. Subsequently, a case study was carried out. Interviews with experts in Belgium and Luxembourg were conducted. The results of the research show that there is high potential to use these technologies in audit. Nevertheless, it is also connected with initial investments and a certain agreement of the clients. There is high potential to enhance the auditor’s effectiveness and efficiency, but the complete impact cannot yet be analysed. The audit quality can be enhanced when qualitative analyses generates audit evidence based on high quality data. The Belgian and Luxembourgish audit industry has just started implementing the technologies.

We have arrived at crossroads in the debates about the future of the internet governance. It is high time to address the reasons why policy choices have not been sufficient to preserve the internet\'s promise to bring about development, democratic engagement, and social justice. The network neutrality is central to this debate since it intersects all internet layers and is related to most contemporary issues that will shape future of the internet. My assumption is that network neutrality\'s failures are not an unintended consequence of the regulatory system, but part of the problem. My core hypothesis is that network neutrality\'s limits mainly occur because of, first, its inability to secure all envisioned goals and, second, its decontextualized focus on innovation on the last mile of the internet distributional chain. The network neutrality debate has produced a wide variety of work embedded within economic and legal studies regarding what would be necessary to guarantee a free and innovative internet. Although this work has been often disguised under the mask of technique, it is widespread influenced by the evolutionary economics and denies the network neutrality's effects on ongoing struggles for social and economic justice. My proposition is that network neutrality debate has failed because it proved unable to address the problems related to concentrated power structures on the internet and increasing inequalities. To achieve this objective, this dissertation investigates the network neutrality debate over the last decades to identify processes and mechanisms by which its sterile arrangements came to take specific form in time and place, focusing on what such arrangements might inform about contemporary policy efforts. In Chapter 1, prevalent internet governance myths are deconstructed, presenting how specific architecture design and the corresponding network neutrality outcomes came to prevail in particular periods. Drawing upon and integration of distinct source materials, Chapters 2 and 3 identify the specific contingencies over the past decades by which a dynamic set of evolving actors, events, and institutions converged (or not) and gave rise to current network neutrality rules and dissent in the United States and Brazil. At the center of the analysis is the identification of structures and power struggles. Finally, Chapter 4 aims at presenting a new framework towards the network neutrality debate and its potential distributive effects in the global economy, taking technology not as deterministic but embedded and being embedded in all the building blocks of what we term the social.

With citizens’ movements mediated by many technologies that aid our navigation the potential for omnipresent surveillance may potentially institute fundamental changes to the human condition. Locational privacy is pivotal in developing inter-personal associations and relational ties with others and its function is therefore complex, rather than solely affording a degree of independence from the observations made by others. In this respect, a more nuanced understanding of the utility of location data is required; the current hierarchy that delineates personal data from special categories of personal data does not adequately appreciate the capacity for location data to act as a proxy for other sensitive personal data. Furthermore, the binary distinction that reflects the conceptualisation of the right to privacy as a negative right, with related concepts such as identity and personality formation viewed as positive constructs, is increasingly difficult a notion to preserve. The classification and terminology of technologies can illustrate how terms and legal metaphors are developed and applied so as to bridge gaps in applying existing context and precedent. Though the designation ‘location data’ once constituted a reasonable accommodation in nomenclature as an intelligible and easily comprehensible term, even while constituting a significant oversimplification of the data it represented, technological advances have rendered the term increasingly problematic. This study asks whether the existing legal framework at the regional level in Europe is apt to provide sufficiently cogent and coherent regulation given recent developments in technologies. The review analyses the risks associated with this predilection in data processing activities that allows for the identification of ever more intimate and nuanced details of a citizen’s life, behaviours and convictions through the analysis of their location data; in turn, it shall discern the necessity of considering the resulting impacts on citizens’ fundamental rights to privacy and personal data protection.

The Basel Committee on Banking Supervision has defined operational risk, legal risk and compliance risk. However, the definitions might not be adequate for countries with a hybrid legal system, such as South Africa. This study aims to provide a practical solution to the problems faced by countries with a hybrid legal system wishing to comply with the Basel Committee’s standards. It is argued that compliance, compliance risk and regulatory risk should all be viewed as constituent components of legal risk, and in turn necessarily also of operational risk in a hybrid legal system. Legal risk is a wide concept which includes all aspects of a legal system, while compliance risk is a narrower concept which only includes the codified aspects of a legal system. Legal risk therefore includes compliance risk. However, the opposite is not true as compliance risk does not include legal risk, and the two concepts are decidedly shown not to be synonymous in a mixed legal system.

The importance of privacy lies in the fact that it represents the very idea of human dignity or the preservation of the ‘inner sanctum’. Not surprisingly, however, operational concerns of employers and technological developments combine continuously to challenge the preservation of privacy in the workplace. Employees the world over are exposed to numerous privacy invasive measures, including drug testing, psychological testing, polygraph testing, genetic testing, psychological testing, electronic monitoring and background checks. Hence, the issue at the heart of this dissertation is to determine to what extent privacy is protected in the South African workplace given advancements in technology and the implications (if any) for the right to privacy as such. A secondary aim of the dissertation is to attempt to provide a realistic balance between the privacy concerns of employees and the operational needs of employers in this technological age. As such the main focus of dissertation falls within the sphere of employment law. In order to provide an answer to the research issue discussed above, the dissertation addresses five ancillary or interrelated issues. First, the broad historical development of the legal protection of privacy is traced and examined. Second, a workable definition of privacy is identified with reference to academic debate and comparative legislative and judicial developments. Third, those policies and practices, which would typically threaten privacy in the employment sphere are identified and briefly discussed. Fourth, a detailed evaluation of the tension between privacy and a number of selected policies and practices in selected countries is provided. More specifically, the dissertation considers how these policies and practices challenge privacy, the rationale for their existence and, if applicable, how these policies and practices – if necessary through appropriate regulation – may be accommodated while simultaneously accommodating both privacy and the legitimate concerns of employers. The selection of these practices and policies is guided by two considerations. At the first level the emphasis is on those challenges to privacy, which can be traced back to technological developments and which, as such, foster new and unique demands to the accommodation of privacy in the workplace. The secondary emphasis is on those policies, which are representative of the fundamental challenges created by new technologies to privacy. To effectively address the above issues the dissertation uses the traditional legal methodology associated with comparative legal research, which includes a literature review of applicable law and legal frame work and a review of relevant case law and a comparative study of selected foreign jurisdictions.