Publications

Publications, articles et briefings

The changing compliance landscape for international companies in Europe: whistleblowing and data protection under French Law

In a country where companies were able to deduct from turnover pots-de-vin paid for “new business” (also politely called “facilitating payments”) until 2000 when France adopted the OECD’s Anti-Bribery Convention, it comes with some scepticism how effective the wave of new French laws and regulations will be in the fight against corruption. But times are indeed changing, and European governments realise that weeding out corrupt practices is increasingly required if companies are to effectively compete on the global stage. 

Rethinking the notion of main establishment under the GDPR: the Google case

Much has been written about the recent decision by the French Commission Nationale de l’Informatique et des Libertés (CNIL) earlier this year, fining Google 50 million euros for various GDPR violations (currently under appeal). 

Apart of the classic regulator grievances –– lack of transparency and difficulty navigating disjointed privacy policies and deciphering notices to obtain freely given and unambiguous consent – there was some surprise regarding as yet unchartered territory under the GDPR: designating a lead Supervisory Authority – the “one-stop-shop.” Companies in theory should be able to designate a lead Supervisory Authority in the jurisdiction where its main establishment is located. 

Overview of data protection fines as of May 2019 - one year after the GDPR took effect

There was a lot of noise leading up the GPDR taking effect in May 2018, mostly that non GDPR-compliant companies faced potential fines totalling up to 20 million euros or 4 % of their global turnover. While the risk of significant fines may now indeed be a reality for the more brazen tech companies, fines to date have been relatively modest (apart from the Google fine) and concentrated on the more mundane issues such as shortcomings in consent, data security, transparency, CCTV use, failure to notify a data breach... 

The below summary provides an overview of data protection fines across the EU, along with insight on where risk areas are for companies one year after.

GDPR: Revolution or evolution? Recap since May

By Daphné Moutardier, Counsel and Joseph Srouji, Partner
The General Data Protection Regulation (GDPR) officially came into force on 25 May 2018 and has more or less lived up to expectations, effectively marking the dawn of a new awareness in data protection. A revolution? Not quite, but close enough.
In the case of France, the GDPR was adopted into French law in August with the modification of the Loi informatique et libertés (French Data Protection Act). Other EU countries are following the same approach, tweaking national legislation to fall in line with GDPR standards.

Srouji Avocats - Blockchain technology to improve AML compliancy

Des risques de sanctions notables pèsent sur les banques en cas de connaissance imparfaite de leurs clients (KYC), au regard des mesures anti blanchiment pour les sociétés, de la protection des données personnelles pour les particuliers avec le règlement européen GDPR en mai 2018. Ces données étant très coûteuses à réunir (lire l’encadré), le cabinet Fairman, spécialisé dans le conseil aux banques, a développé Granada, une place de marché de données clients qui s’appuie sur les technologies issues de la Blockchain

Brave New World of Fines, Myths, and Reality: A French Regulator Perspective

By Joseph Srouji and Marie Veillon.
In January 2016, the law firm Baker & McKenzie brought together its European data protection experts for a roundtable in London on how to best prepare for the General Data Protection Regulation (GDPR), which had just been adopted by political consensus weeks before. A few clients were present, including the author who represented GE Capital — our company was still in fire drill mode from the Safe Harbor earthquake and had not yet given much consideration to the impending challenge that the GDPR presents.

Class Consciousness: Class Action Arbitration under U.S. and EU Privacy Laws

In recent years, regulators in both the U.S. and the European Union (EU) have been increasingly aggressive in privacy enforcement within their respective jurisdictions. The enforcement trend follows expanded privacy protections adopted by U.S. regulators (such as the Federal Communications Commission’s recently announced “net neutrality” privacy rules, as well as the extra-territorial reach of EU data protection authorities following the invalidation of a trans-Atlantic accord that had governed cross-border privacy protections). This governmental enforcement trend creates a template for class action litigants seeking damages for those same privacy violations under private causes of action.

Srouji Avocats - In the news

By Joseph Srouji and Marie Veillon.
In January 2016, the law firm Baker & McKenzie brought together its European data protection experts for a roundtable in London on how to best prepare for the General Data Protection Regulation (GDPR), which had just been adopted by political consensus weeks before. A few clients were present, including the author who represented GE Capital — our company was still in fire drill mode from the Safe Harbor earthquake and had not yet given much consideration to the impending challenge that the GDPR presents.

Class action and data privacy in the USA and Europe: Effective deterrent or ill-founded approach to compliance?

By Joseph Srouji and Margaux Dolhem.

The class action lawsuit. A word that strikes fear in boardrooms and among executive circles in the US, and one that provokes strong reaction in Europe, mostly negative as a metaphor for a litigation culture run awry. But despite the bad press, the class action has its backers and Europeans policy makers have increasingly come to accept its merits, its potential at least, as a way to extend the arm of government sanctioning authority and more generally to edge companies towards compliance.

Vous avez besoin d’un document ou d’un renseignement spécifique ? Contactez l’un de nos avocats