Publications

Our articles, analysis & briefings

Intersection of Intellectual Property Law and Artificial Intelligence

Today, intellectual property (IP) can be argued to be a company's most valuable asset, including trademarks and brand-related assets. A recent study by IP consultancy Ocean Tomo found that the share of intangible asset market value in companies increased between 1995 and 2020 and now constitutes 90 percent of the market value. Read More ...

Artificial intelligence and automated decision making: The new frontier of privacy challenges and opportunities

The notion of artificial intelligence (AI) immediately provokes futuristic visions of machines replacing humans in routine and not-so-routine tasks. While the technology is not new, having evolved in fits and starts since the 1950s, the environment today is unique for several key reasons, which has essentially led to a Wild West of AI opportunities and challenges. Read More ...

Overview of recent data protection fines in the European Union - September 2022

The number of EU data protection-related fines continued to increase in 2022, with GDPR fines hitting record levels to date for 2022. Most media attention has gone to the impressive fines imposed on the technology giants Google, Meta (Facebook) and Amazon.  And just recently, the Irish Data Protection Commission (DPC) levied a staggering € 405 million fine on Meta for failures in processing minors’ data.  Read More ...

Overview of recent data protection fines in the European Union - June 2021

Despite the economic turmoil created by the global pandemic, the year 2020 and early 2021 were marked by the continuing trend of EU Data Protection Authorities (DPAs) to enforce the General Data Protection Regulation (“GDPR,” Regulation 2016/679 of 27 April 2016). This has led to an increase in the number of fines issued as well as an increase in their amount.  Read More ...

Developments in Distribution Law - 2020/2021

At the end of 2020 and the start of 2021, there were several noteworthy changes across Europe in distribution law, more specifically regarding the rules on conclusion of contracts, formal contractual requirements and unfair business practices, to name a few.  Read More ...

How new technologies are transforming privacy by design and by default

This article begins with a refresher of the legal framework of privacy by design and by default with special attention to the sanctioning regime applied to organisations that have misunderstood or otherwise ignored privacy considerations during development efforts. It then explains how PETs fit into privacy by design and by default and presents tools that allow organisations to account for requirements like data subject consent, personal data tracking (for data subjects) and control (for data controllers), data minimization, and anonymity. The article concludes with an accountability reminder that PETs are only as good as the organisational measures in place to support them.(Read more...)

A review of director liability in France

Director liability is a hot topic. Legal action against company management is increasingly the norm, bringing to light often flagrant abuses of company power and resources. As this storm continues to rage company directors are on the front line. Their powers are grouped into two realms: internal – to effectively manage a company on a day-to-day basis – and external – to represent the company before partners and other stakeholders. These powers are shaped and limited by general provisions of company law, company bylaws as well as the general notion of acting in the company’s best interest. What are the risks of overstepping these limits? (Read more...)

Whistleblowing and data protection under French Law

In a country where companies were able to deduct from turnover pots-de-vin paid for “new business” (also politely called “facilitating payments”) until 2000 when France adopted the OECD’s Anti-Bribery Convention, it comes with some scepticism how effective the wave of new French laws and regulations will be in the fight against corruption. But times are indeed changing, and European governments realise that weeding out corrupt practices is increasingly required if companies are to effectively compete on the global stage. (Read more...)

Rethinking the notion of main establishment under the GDPR: the Google case

Much has been written about the recent decision by the French Commission Nationale de l’Informatique et des Libertés (CNIL) earlier this year, fining Google 50 million euros for various GDPR violations (currently under appeal).

Apart of the classic regulator grievances –– lack of transparency and difficulty navigating disjointed privacy policies and deciphering notices to obtain freely given and unambiguous consent – there was some surprise regarding as yet unchartered territory under the GDPR: designating a lead Supervisory Authority – the “one-stop-shop.” Companies in theory should be able to designate a lead Supervisory Authority in the jurisdiction where its main establishment is located. (Read more...)

Overview of data protection fines as of May 2019 - one year after the GDPR took effect

There was a lot of noise leading up the GPDR taking effect in May 2018, mostly that non GDPR-compliant companies faced potential fines totalling up to 20 million euros or 4 % of their global turnover. While the risk of significant fines may now indeed be a reality for the more brazen tech companies, fines to date have been relatively modest (apart from the Google fine) and concentrated on the more mundane issues such as shortcomings in consent, data security, transparency, CCTV use, failure to notify a data breach...

The below summary provides an overview of data protection fines across the EU, along with insight on where risk areas are for companies one year after. (Read more...)

GDPR: Revolution or evolution? Recap since May

By Daphné Moutardier, Counsel and Joseph Srouji Partner


The General Data Protection Regulation (GDPR) officially came into force on 25 May 2018 and has more or less lived up to expectations, effectively marking the dawn of a new awareness in data protection. A revolution? Not quite, but close enough.
In the case of France, the GDPR was adopted into French law in August with the modification of the Loi informatique et libertés (French Data Protection Act). Other EU countries are following the same approach, tweaking national legislation to fall in line with GDPR standards. (Read more...)

Blockchain technology to improve AML compliancy

Des risques de sanctions notables pèsent sur les banques en cas de connaissance imparfaite de leurs clients (KYC), au regard des mesures anti blanchiment pour les sociétés, de la protection des données personnelles pour les particuliers avec le règlement européen GDPR en mai 2018. Ces données étant très coûteuses à réunir (lire l’encadré), le cabinet Fairman, spécialisé dans le conseil aux banques, a développé Granada, une place de marché de données clients qui s’appuie sur les technologies issues de la Blockchain. (Read more...)

Brave New World of Fines, Myths, and Reality: A French Regulator Perspective

By Joseph Srouji & Marie Veillon.

In January 2016, the law firm Baker & McKenzie brought together its European data protection experts for a roundtable in London on how to best prepare for the General Data Protection Regulation (GDPR), which had just been adopted by political consensus weeks before. A few clients were present, including the author who represented GE Capital — our company was still in fire drill mode from the Safe Harbor earthquake and had not yet given much consideration to the impending challenge that the GDPR presents. (Read more...)

Class Consciousness: Class Action Arbitration under U.S. and EU Privacy Laws by W. Sapronov and J. Srouji

In recent years, regulators in both the U.S. and the European Union (EU) have been increasingly aggressive in privacy enforcement within their respective jurisdictions. The enforcement trend follows expanded privacy protections adopted by U.S. regulators (such as the Federal Communications Commission’s recently announced “net neutrality” privacy rules, as well as the extra-territorial reach of EU data protection authorities following the invalidation of a trans-Atlantic accord that had governed cross-border privacy protections). This governmental enforcement trend creates a template for class action litigants seeking damages for those same privacy violations under private causes of action. (Read more...)

Srouji Avocats - In the news

By Joseph Srouji & Marie Veillon.

In January 2016, the law firm Baker & McKenzie brought together its European data protection experts for a roundtable in London on how to best prepare for the General Data Protection Regulation (GDPR), which had just been adopted by political consensus weeks before. A few clients were present, including the author who represented GE Capital — our company was still in fire drill mode from the Safe Harbor earthquake and had not yet given much consideration to the impending challenge that the GDPR presents. (Read more...)

Class action and data privacy in the USA and Europe: Effective deterrent or ill-founded approach to compliance?

By Joseph Srouji & Margaux Dolhem.

The class action lawsuit. A word that strikes fear in boardrooms and among executive circles in the US, and one that provokes strong reaction in Europe, mostly negative as a metaphor for a litigation culture run awry. But despite the bad press, the class action has its backers and Europeans policy makers have increasingly come to accept its merits, its potential at least, as a way to extend the arm of government sanctioning authority and more generally to edge companies towards compliance. (Read more...)

Thought leadership and legal rigour