Privacy and Data Security

As the online marketplace continues to grow, companies throughout the world are facing increasingly strict – and often inconsistent – regulations regarding the acquisition, use, and protection of personal information.

Our global privacy, data protection, and data security attorneys advise clients on a broad range of privacy and data protection matters, including developing and implementing privacy policies and procedures, privacy-related litigation, regulatory investigations, global compliance, cross-border data transfers, website terms and conditions, social media and other new information technologies, cybersecurity and network intrusion issues, and contractual matters involving privacy and security. We also counsel clients on compliance with regulations such as the TCPA, COPPA, HIPAA, GLBA, and Privacy Shield in the United States and the 95/46/CE Directive and GDPR on privacy and data protection and domestic implementation legislation in European countries.  We advise companies in the technology, financial services, telecommunications, consumer products, e-commerce, media, professional services, and healthcare sectors, and help clients develop risk management and privacy and data use policies in compliance with state, national, and international regulatory legislation.  Our attorneys conduct privacy and data security due diligence on M&A transactions, including those with cross-border components, negotiate technology license agreements, and assist with cybersecurity audits, cyber-insurance evaluations, and employee security training.

Our group includes attorneys who have achieved designation as Certified Information Privacy Professionals, including in both the U.S. and the E.U., and as a Certified Information Privacy Technologist by the International Association of Privacy Professionals as well as those with advanced degrees in computer information science and engineering.  Our attorneys are tech-savvy and have an extensive understanding of privacy and data use legislation on a global scale.  They are experienced in guiding clients through data breaches and any resulting litigation and internal investigations, helping them mitigate loss and unfavorable public opinion.

Key Contacts

All Attorneys

Compliance in the Course of Day-to-Day Business

Regularly draft and review policies and company-wide programs to ensure security and privacy compliance and online privacy policies.

Advise international groups in the U.S. and E.U. in relation to the implementation of Binding Corporate Rules.

Regularly advise companies on compliance with U.S./E.U. international data transfers.

Regularly advise companies on policies and procedures for compliance with HIPAA, privacy and security, and breach notification requirements.

Read More

Data Breach Response and Management

Regularly manage data breach response and counseling for financial services software company.

Advise e-payment services provider in the E.U. in relation to data breach investigations and enquiries by credit/debit card payment networks.

Advised client on data breach issue relating to disclosure of personally identifiable information.

Represented life sciences service provider on remediation measures following a data breach.

Compliance in the Context of Litigations and Investigations

Regularly represent U.S., French, and international corporations in analyzing and resolving data privacy and security issues related to review and production of sensitive personal and corporate information in the context of cross-border internal and regulatory investigations.

Advised on compliance with data privacy laws in connection with the processing and transfer of Finnish company documents for use in U.S. litigation.

Muriel Goldberg-Darmon spoke with Global Investigations Review (GIR)  to shed light on some of the new modalities of the French blocking statute.

Paris Partners Johannes Jonas, Muriel Goldberg-Darmon, Loïc Henriot, and Guillaume Seligmann were recognized in the 2022 edition of The Best Lawyers in France. Johannes was recognized for Corporate Law; Muriel for Financial Institutions and Regulatory Practice; Loïc for Criminal Defense; and Guillaume for Information Technology Law and Privacy and Data Security Law.  Additionally, Héloïse Masson was recognized in The Best Lawyers in France: Ones to Watch. Héloïse was recognized for Privacy and Data Security Law.

About The Best Lawyers in France
The Best Lawyers in France were recognized by their peers in the legal industry for their professional excellence in their respective practice areas.

Tim Harris speaks with Law360 about the Financial Conduct Authority’s recent warning that financial services companies should maintain records of employee communication on messaging platforms, including WhatsApp, while employees work remotely.

Tim refers to a recent FCA case brought against an investment banker accused of destroying WhatsApp messages: "The case highlights the evidential importance that the FCA attaches to information contained on WhatsApp and other instant messaging applications. The FCA expects that if these applications contain information that they would be interested in that they must be preserved.” (Subscription required.)

Paris Partners Johannes Jonas, Muriel Goldberg-Darmon, Guillaume Seligmann, and Loïc Henriot were recognized in the 2021 edition of The Best Lawyers in France. Johannes was recognized for Corporate Law; Muriel for Financial Institutions and Regulatory Practice; Guillaume for Information Technology Law and Privacy and Data Security Law; and Loïc for Criminal Defense. Lawyers named to The Best Lawyers in France were recognized by their peers in the legal industry for their professional excellence in their respective practice areas.

Law360 Editorial Advisory Board members: Each year, Law360 selects a small group of practitioners from across the country for each of its practice areas and industries to aid in shaping the publication’s editorial content for the following year.
C&G welcomes the attorneys who joined the firm in 2017. "We’re very fortunate to have added these exceptional lawyers in New York and Paris," said Managing Partner, Lawrence T Gresser.  "We look forward to continuing to build our transactional and disputes practices in all of our offices in 2018."

Anna Milleret-Godet spoke to L’Express about the wide-reaching effects of the General Data Protection Regulation (GDPR) in the EU.

Cohen & Gresser is pleased to announce the expansion of the firm's technology practice, as partner Guillaume Seligmann and associate Marie Gagey have joined our Paris office. Mr. Seligmann will head the firm's French technology, privacy, and data protection practice. He was previously a partner at Paris firm Cotty Vivant Marchisio & Lauzeral and has been recognized by The Legal 500 France and Chambers Europe.
Facebook's recent acquisition of WhatsApp has resulted in scrutiny from European regulatory bodies in regards to issues of data security. Karen H Bromberg weighs in on the importance of including privacy attorneys as part of due dilligence in the M&A process.
In this bylined article for Finascope, Muriel Goldberg-Darmon, Guillaume Guérin, and Pierre Wolman discuss the main contributions of the guide published on 16 March 2022 by the Strategic Information and Economic Security Service (SISSE), the French Business Federation (MEDEF), and the French Association of Private Companies (AFEP). This guide offers companies a methodology for classifying their “sensitive” data following the reform of the French blocking statute.

In this bylined article for Forbes, Muriel Goldberg-Darmon discusses the new modalities of the French blocking statute. In particular, she mentions the new role of the Strategic Information and Economic Security Service (SISSE) and the reinforcement of the opposability of the French blocking statute abroad.

With the shift to remote working and the convenience of chat applications for conducting business, it is critical for firms to understand that information relevant to their business may be created on personal devices and applications. The UK FCA’s failed prosecution of an investment banker for destroying WhatsApp messages taken together with the FCA’s ‘Market Watch 66’ publication highlighting the need to control electronic communications is a reminder to firms to address staff use of personal chat applications to conduct business.

In this C&G Client Alert, Christian Everdell and Marvin Lowenthal discuss several of the most common safety measures businesses have been considering implementing to protect their employees during the ongoing COVID-19 pandemic, as well as how various privacy laws may be implicated by these measures.

In this C&G client alert, Guillaume Seligmann and Adeline Raut discuss the Court of Justice of the European Union’s recent decision to invalidate the Privacy Shield and detail the practical steps that can be taken by companies on both sides of the Atlantic to remain in compliance with the General Data Protection Regulation (“GDPR”) in force in Europe.

Karen H Bromberg and Marvin J Lowenthal examine the Stop Hacks and Improve Electronic Data Security (“SHIELD”) Act, which amends New York’s current data breach notification law and places increased obligations on businesses that handle private data. With the SHIELD Act, New York joins the growing list of states that have adopted legislation to strengthen consumer privacy protections.

Karen H Bromberg discusses the increasingly prominent role of privacy and network security measures in decisions about potential strategic investments and acquisitions.
Christian R Everdell spoke about cryptocurrencies, blockchain, ICO enforcement actions, and government-backed and private stablecoins as a guest lecturer at Harvard Law School's Computer Crime Law class.
Lawrence T Gresser led a discussion, titled “Looking Forward,” at the Cambridge Forum on English-American Litigation addressing the growth of litigation funding, expected trends in the business of law, and developments in privacy litigation in the U.S. and UK. Larry serves as the Co-Chair of the 2019 Steering Committee.

Partner Chris Everdell spoke about cryptocurrencies, blockchain, and ICO enforcement actions as a guest lecturer at the Computer Crime Law class at Harvard Law School.

C&G partners Karen H Bromberg, chair of the firm's Privacy and Data security group, and Kwaku Andoh, former Managing Director & Associate General Counsel at JP Morgan Chase whose practice currently focuses on M&A, participated in an interactive CLE webinar on data privacy in M&A transactions.
A privacy law presentation at the In-House Counsel Forum of Korea.  This seminar will describe sources of privacy law in the United States and the European Union.  It will also illustrate how these jurisdictions approach privacy law, how it is enforced, and why it is enforced differently.  Lastly, recent privacy litigation in Europe and the United States will be discussed.