France's data bar
France’s data protection industry is flourishing – not least because of the proactivity of CNIL, the country’s privacy watchdog.
With the world’s first multimillion-euro GDPR fine and multiple high-profile investigations ongoing, it’s no surprise that CNIL’s dynamism has put the GDPR at the top of the priority list for French companies.
That’s where France’s data bar comes in. Operating from Paris, the French scene is made up of the global firms you’d expect, as well as smaller boutiques. Bird & Bird, Gibson Dunn and Baker McKenzie all carry their strong global presence into the city, while local firms Frieh Associés, Latournerie Wolfrom Avocats and Feral-Schuhl/Sainte-Marie prevent the international players from dominating the market
Specialised boutique Féral-Schuhl/Sainte-Marie has over 30 years of experience in IT, IP and data protection. Former president of the Paris bar and founding partner of the firm Christiane Féral-Schuhl is joined by four partners, one counsel and four associates to provide expert information to clients such as media platforms and start-ups in deals and disputes.
The team also drafts and negotiates a wide range of technology-related agreements, such as software solution integration, outsourcing, software licences, maintenance, and distribution and technology transfer agreements, and has expertise in French and cross-border data privacy issues, including in relation to data privacy audits and international transfers. CNIL acknowledged Féral-Schuhl/Sainte-Marie in 2013 and again in 2016, giving it the “personal data processing audit” label to indicate CNIL’s confidence in the firm.
Latournerie Wolfrom AvocatsView more
Founded in 1995, Latournerie Wolfrom Avocats is a full-service national law firm with a dedicated digital and intellectual property practice that sits within its TMT department. The practice was set up by practice head Marie-Hélène Tonnellier, who has been at the firm since 1999 and holds extensive experience in advisory and litigious matters in the data privacy and cybersecurity fields. Of counsel Charlotte Barraco-David has particular expertise in personal data, CNIL investigations and compliance.
Notable recent matters have included advising public financial institution Caisse des Dépôts et Consignations and transport multinational Bolloré with GDPR compliance policies. It is also acting for the city of Saint-Étienne on a smart-city project to modernise and improve a poor district of the city and offer its population a variety of internet-based services.
Frieh AssociésView more
Leading French boutique Frieh Associés was founded in March 2018 by Michel Frieh, Marina Doithier and Raphaël Dana. The firm’s stand-alone IP, IT and data department is headed up by Dana, who assists clients including aircraft manufacturers, investment funds and software developers with GDPR compliance, due diligence and commercial matters, with the help of two associates. Dana’s team advises on commercial and corporate issues with a particular focus on IP and IT, including e-commerce and major IT projects, as well as data protection and cybersecurity. His department collaborates with the firm’s M&A, private equity, employment and competition law departments.
Recent matters have included assisting clients – ranging from a value-added reseller in cybersecurity services and technologies to a US-based website publisher – in developing GDPR compliance programmes. The team also provided a due diligence report for an investment fund in its acquisition of a French company that specialises in natural remedies.
Gibson Dunn & CrutcherView more
Headed up by Ahmed Baladi, Gibson Dunn’s Paris data team delivers expertise to clients across a broad range of industries in high-stakes matters such as complex technology transactions, GDPR compliance and government investigations. Baladi and his team also have extensive experience in assisting clients in digital innovation, for instance as they incorporate internet of things, AI, big data and cloud-based solutions.
Gibson Dunn’s recent data privacy work has included the development of GDPR compliance programmes for manufacturers, aiding with the implementation of binding corporate rules, and defending clients subject to CNIL probes. The transatlantic expertise of the firm also makes it a destination for companies with international operations that require advice during data transfers to the US.