France's data bar
France’s data protection industry is flourishing – not least because of the proactivity of CNIL, the country’s privacy watchdog.
With the world’s first multimillion-euro GDPR fine and multiple high-profile investigations ongoing, it’s no surprise that CNIL’s dynamism has put the GDPR at the top of the priority list for French companies.
That’s where France’s data bar comes in. Operating from Paris, the French scene is made up of the global firms you’d expect, as well as smaller boutiques. Bird & Bird, Gibson Dunn and Baker McKenzie all carry their strong global presence into the city, while local firms Frieh Associés, Latournerie Wolfrom Avocats and Feral-Schuhl/Sainte-Marie prevent the international players from dominating the market
Specialised boutique Féral-Schuhl/Sainte-Marie has over 30 years of experience in IT, IP and data protection. Former president of the Paris bar and founding partner of the firm Christiane Féral-Schuhl is joined by four partners, one counsel and four associates to provide expert information to clients such as media platforms and start-ups in deals and disputes.
The team also drafts and negotiates a wide range of technology-related agreements, such as software solution integration, outsourcing, software licences, maintenance, and distribution and technology transfer agreements, and has expertise in French and cross-border data privacy issues, including in relation to data privacy audits and international transfers. CNIL acknowledged Féral-Schuhl/Sainte-Marie in 2013 and again in 2016, giving it the “personal data processing audit” label to indicate CNIL’s confidence in the firm.
Latournerie Wolfrom AvocatsView more
Founded in 1995, Latournerie Wolfrom Avocats is a full-service national law firm with a dedicated digital and intellectual property practice that sits within its TMT department. The practice was set up by practice head Marie-Hélène Tonnellier, who has been at the firm since 1999 and holds extensive experience in advisory and litigious matters in the data privacy and cybersecurity fields. Of counsel Charlotte Barraco-David has particular expertise in personal data, CNIL investigations and compliance.
Notable recent matters have included advising public financial institution Caisse des Dépôts et Consignations and transport multinational Bolloré with GDPR compliance policies. It is also acting for the city of Saint-Étienne on a smart-city project to modernise and improve a poor district of the city and offer its population a variety of internet-based services.
Baker McKenzieView more
The Paris office of global firm Baker McKenzie has a strong data privacy reputation. Led by IT and data privacy co-heads Rémy Bricard and Laurent Szuskin, the firm’s data team is a subgroup of a broader IT and communications practice. Bricard and Szuskin work with data privacy lead partner Yann Padova and a team of eight associates to assist clients in a range of matters, from dealing with investigations by data protection authorities and helping clients, to implement data protection strategies and GDPR compliance programmes.
Last year, the team launched two new tools to help its clients navigate data privacy laws. In February 2018, it launched a compliance service pitched at mid-sized companies alongside consultancy firm Thémis Conseil. Following its 2018 hackathon, the firm also launched “Databreach 72” – a mobile app that provides support to clients facing data breaches.
Frieh AssociésView more
Leading French boutique Frieh Associés was founded in March 2018 by Michel Frieh, Marina Doithier and Raphaël Dana. The firm’s stand-alone IP, IT and data department is headed up by Dana, who assists clients including aircraft manufacturers, investment funds and software developers with GDPR compliance, due diligence and commercial matters, with the help of two associates. Dana’s team advises on commercial and corporate issues with a particular focus on IP and IT, including e-commerce and major IT projects, as well as data protection and cybersecurity. His department collaborates with the firm’s M&A, private equity, employment and competition law departments.
Recent matters have included assisting clients – ranging from a value-added reseller in cybersecurity services and technologies to a US-based website publisher – in developing GDPR compliance programmes. The team also provided a due diligence report for an investment fund in its acquisition of a French company that specialises in natural remedies.
Bird & BirdView more
Ariane Mole leads Bird & Bird’s specialised data protection practice, one of the largest on the French market. She is also co-head of the firm’s international privacy and data protection practice group, coordinating a global team of over 100 specialised privacy lawyers. Mole advises on compliance actions and national and global GDPR issues, as well as the data privacy aspects of cloud computing services.
The Paris office’s seven specialised data partners are experts in key areas of data law; their specialities include technology and communication, data protection, data management, internet law and e-commerce. Assisting clients with CNIL investigations is a key aspect of the practice.
Recent work has included a study on the legal framework applicable to the collection, reuse and valuation of data originating from internet-connected vehicles on behalf of France’s transport and economics ministries. The team also helped French mutual insurance company MACSF with data protection compliance, and media group Alliance Gravity as it developed an online platform for selling internet ad space.
Gibson Dunn & CrutcherView more
Headed up by Ahmed Baladi, Gibson Dunn’s Paris data team delivers expertise to clients across a broad range of industries in high-stakes matters such as complex technology transactions, GDPR compliance and government investigations. Baladi and his team also have extensive experience in assisting clients in digital innovation, for instance as they incorporate internet of things, AI, big data and cloud-based solutions.
Gibson Dunn’s recent data privacy work has included the development of GDPR compliance programmes for manufacturers, aiding with the implementation of binding corporate rules, and defending clients subject to CNIL probes. The transatlantic expertise of the firm also makes it a destination for companies with international operations that require advice during data transfers to the US.