Privacy and Data Security

As the online marketplace continues to grow, companies throughout the world are facing increasingly strict – and often inconsistent – regulations regarding the acquisition, use, and protection of personal information.

Our global privacy, data protection, and data security attorneys advise clients on a broad range of privacy and data protection matters, including developing and implementing privacy policies and procedures, privacy-related litigation, regulatory investigations, global compliance, cross-border data transfers, website terms and conditions, social media and other new information technologies, cybersecurity and network intrusion issues, and contractual matters involving privacy and security. We also counsel clients on compliance with regulations such as the TCPA, COPPA, HIPAA, GLBA, and Privacy Shield in the United States and the 95/46/CE Directive and GDPR on privacy and data protection and domestic implementation legislation in European countries. We advise companies in the technology, financial services, telecommunications, consumer products, e-commerce, media, professional services, and health care sectors, and help clients develop risk management and privacy and data use policies in compliance with state, national, and international regulatory legislation. Our attorneys conduct privacy and data security due diligence on M&A transactions, including those with cross-border components, negotiate technology license agreements, and assist with cybersecurity audits, cyber-insurance evaluations, and employee security training.

Our group includes attorneys who have achieved designation as Certified Information Privacy Professionals, including in both the U.S. and the E.U., and as a Certified Information Privacy Technologist by the International Association of Privacy Professionals as well as those with advanced degrees in computer information science and engineering. Our attorneys are tech-savvy and have an extensive understanding of privacy and data use legislation on a global scale. They are experienced in guiding clients through data breaches and any resulting litigation and internal investigations, helping them mitigate loss and unfavorable public opinion.

Key Contacts

All Attorneys

Compliance in the Course of Day-to-Day Business

Regularly draft and review policies and company-wide programs to ensure security and privacy compliance and online privacy policies.

Advise international groups in the U.S. and E.U. in relation to the implementation of Binding Corporate Rules.

Regularly advise companies on compliance with U.S./E.U. international data transfers.

Regularly advise companies on policies and procedures for compliance with HIPAA, privacy and security, and breach notification requirements.

Data Breach Response and Management

Regularly manage data breach response and counseling for financial services software company.

Advise e-payment services provider in the E.U. in relation to data breach investigations and enquiries by credit/debit card payment networks.

Advised client on data breach issue relating to disclosure of personally identifiable information.

Represented life sciences service provider on remediation measures following a data breach.

Compliance in the Context of Litigations and Investigations

Regularly represent U.S., French, and international corporations in analyzing and resolving data privacy and security issues related to review and production of sensitive personal and corporate information in the context of cross-border internal and regulatory investigations.

Advised on compliance with data privacy laws in connection with the processing and transfer of Finnish company documents for use in U.S. litigation.

Cohen & Gresser’s Paris Office Recognized for Complex, Cross-Border Work in Leaders League 2022 Guide

October 17, 2022 | News

Cohen & Gresser’s Paris office has earned six practice rankings and 13 individual rankings in the 2022 Leaders League guide. Leaders League highlights the firm’s “experienced lawyers” and ability to handle complex, cross-border matters.

Leaders League is an independent research and rating agency that provides comprehensive rankings and in-depth analysis of law firms and lawyers. The rankings are based on extensive research by an experienced team of analysts.

Ranked Practice Areas:

• Marketing, communication & digital – Advertising law & marketing

• Media & entertainment – Fashion Law

Ranked Individuals:

• Franck Le Mentec: Wealth management – Wealth tax: regulation and litigation; Tax law – LBO tax

• Guillaume Guérin: Compliance – Compliance program

• Johannes Jonas: Private Equity – Development capital transactions

• Loïc Henriot: Dispute resolution – Litigation with regulators and for listed operations; Compliance – Compliance program; Compliance – International investigation and internal investigation; Dispute resolution – Banking & Finance Litigation; Dispute resolution – Commercial litigation; Labor & Employment – Criminal labor law; Dispute resolution – White collar crime

• Muriel Goldberg-Darmon: Dispute resolution – Litigation with regulators and for listed operations; Compliance – Compliance program; Compliance – International investigation and internal investigation; Private Equity – Development capital transactions; Asset management – Asset management

Established in 2014, Cohen & Gresser’s Paris office provides comprehensive legal services for our clients, including advising on corporate, employment, tax, financial services, white collar defense, and litigation-related matters. Our Paris attorneys work closely with the lawyers in our other offices on cross-border transactions, investigations, and litigation, in order to provide superior service to French and international clients.

France Sharpens Its Rules on Companies Sharing Information Abroad

March 28, 2022 | News

Muriel Goldberg-Darmon spoke with Global Investigations Review (GIR) to shed light on some of the new modalities of the French blocking statute.

Five C&G Attorneys Recognized for Professional Excellence in The Best Lawyers in France 2022

June 24, 2021 | News

Paris Partners Johannes Jonas, Muriel Goldberg-Darmon, Loïc Henriot, and Guillaume Seligmann were recognized in the 2022 edition of The Best Lawyers in France. Johannes was recognized for Corporate Law; Muriel for Financial Institutions and Regulatory Practice; Loïc for Criminal Defense; and Guillaume for Information Technology Law and Privacy and Data Security Law. Additionally, Héloïse Masson was recognized in The Best Lawyers in France: Ones to Watch. Héloïse was recognized for Privacy and Data Security Law.

About The Best Lawyers in France
The Best Lawyers in France were recognized by their peers in the legal industry for their professional excellence in their respective practice areas.

Four C&G Attorneys Named to 2021 Best Lawyers in France List

June 25, 2020 | News

Paris Partners Johannes Jonas, Muriel Goldberg-Darmon, Guillaume Seligmann, and Loïc Henriot were recognized in the 2021 edition of The Best Lawyers in France. Johannes was recognized for Corporate Law; Muriel for Financial Institutions and Regulatory Practice; Guillaume for Information Technology Law and Privacy and Data Security Law; and Loïc for Criminal Defense. Lawyers named to The Best Lawyers in France were recognized by their peers in the legal industry for their professional excellence in their respective practice areas.

Johannes Jonas and Guillaume Seligmann Named to 2020 Best Lawyers in France List

July 1, 2019 | News

Johannes Jonas and Guillaume Seligmann were recognized in The Best Lawyers in France’s 2020 listing – Johannes for Corporate Law and Guillaume for Privacy and Data Security Law. Lawyers named to The Best Lawyers in France were recognized by their peers in the legal industry for their professional excellence in their respective practice areas.

Three C&G Attorneys Named to Law360's 2018 Editorial Advisory Boards

March 30, 2018 | News

Law360 Editorial Advisory Board members:

Each year, Law360 selects a small group of practitioners from across the country for each of its practice areas and industries to aid in shaping the publication’s editorial content for the following year.

Meet Our 2017 Attorney Hires

December 5, 2017 | News

C&G welcomes the attorneys who joined the firm in 2017. "We’re very fortunate to have added these exceptional lawyers in New York and Paris," said Managing Partner, Lawrence T Gresser. "We look forward to continuing to build our transactional and disputes practices in all of our offices in 2018."

Karen H Bromberg Speaks to Law360 on the Data Security Concerns Surrounding Facebook's Recent Acquisition of WhatsApp

February 21, 2014 | News

Facebook's recent acquisition of WhatsApp has resulted in scrutiny from European regulatory bodies in regards to issues of data security. Karen H Bromberg weighs in on the importance of including privacy attorneys as part of due dilligence in the M&A process.

A Future Classification of "Sensitive" Data Within Companies?

May 10, 2022 | Publication

In this bylined article for Finascope, Muriel Goldberg-Darmon, Guillaume Guérin, and Pierre Wolman discuss the main contributions of the guide published on 16 March 2022 by the Strategic Information and Economic Security Service (SISSE), the French Business Federation (MEDEF), and the French Association of Private Companies (AFEP). This guide offers companies a methodology for classifying their “sensitive” data following the reform of the French blocking statute.

Reform of the French Blocking Statute: Stronger Protection for French Companies Against Foreign Authorities?

April 25, 2022 | Publication

In this bylined article for Forbes, Muriel Goldberg-Darmon discusses the new modalities of the French blocking statute. In particular, she mentions the new role of the Strategic Information and Economic Security Service (SISSE) and the reinforcement of the opposability of the French blocking statute abroad.

Firm chat application policy: The consequences of the UK FCA’s 2020 prosecution of Konstantin Vishnyak

January 19, 2021 | Publication

With the shift to remote working and the convenience of chat applications for conducting business, it is critical for firms to understand that information relevant to their business may be created on personal devices and applications. The UK FCA’s failed prosecution of an investment banker for destroying WhatsApp messages taken together with the FCA’s ‘Market Watch 66’ publication highlighting the need to control electronic communications is a reminder to firms to address staff use of personal chat applications to conduct business.

Protecting Employees From COVID-19 Without Violating Their Privacy Rights

August 3, 2020 | Publication

In this C&G Client Alert, Christian Everdell and Marvin Lowenthal discuss several of the most common safety measures businesses have been considering implementing to protect their employees during the ongoing COVID-19 pandemic, as well as how various privacy laws may be implicated by these measures.

Are You Ready? Companies Doing Business with New York Residents Face Tighter Data Security Requirements and Increased Scrutiny of Breaches

July 29, 2019 | Publication

Karen H Bromberg and Marvin J Lowenthal examine the Stop Hacks and Improve Electronic Data Security (“SHIELD”) Act, which amends New York’s current data breach notification law and places increased obligations on businesses that handle private data. With the SHIELD Act, New York joins the growing list of states that have adopted legislation to strengthen consumer privacy protections.

Top 10 Key Privacy Issues in M&A Due Diligence

March 8, 2017 | Publication

Karen H Bromberg discusses the increasingly prominent role of privacy and network security measures in decisions about potential strategic investments and acquisitions.

Litigation: Minimizing the Risk of Data Breach Class Actions from Target's Example

February 20, 2014 | Publication

The Target data breach made headlines across the country and resulted in over 50 purported class action suits against the retailer. This is a warning shot over the bow for other companies. Privacy class actions are on the rise.

Don't Let Your AI Control You: Manage AI Trust, Risk and Security, Global GRC, Data Privacy & Cyber Security ConfEx

May 21, 2024 | Event and Presentation

Marvin Lowenthal was a speaker at the collaborative round table discussion titled "Don't Let Your AI Control You: Manage AI Trust, Risk and Security" at the Global GRC, Data Privacy & Cyber Security ConfEx. The panel discussed:

Building Trust: Ensuring transparency, fairness, and accountability in AI systems to establish trust.
Risk Assessment: Identifying potential risks associated with AI, such as privacy breaches, bias, and security vulnerabilities.
Security Measures: Implementing robust security measures, including authentication, encryption, and access controls, to protect AI systems.
Ethical Considerations: Addressing ethical concerns related to AI's impact on society, values, and human rights.
Continuous Monitoring: Regularly evaluating and monitoring AI systems to detect and mitigate emerging risks.

Christian R Everdell Teaches Computer Crime Class at Harvard Law School

November 14, 2019 | Event and Presentation

Christian R Everdell spoke about cryptocurrencies, blockchain, ICO enforcement actions, and government-backed and private stablecoins as a guest lecturer at Harvard Law School's Computer Crime Law class.

Lawrence T Gresser Leads Discussion on Litigation Funding at the Cambridge Forum on English-American Litigation

June 4, 2019 | Event and Presentation

Lawrence T Gresser led a discussion, titled “Looking Forward,” at the Cambridge Forum on English-American Litigation addressing the growth of litigation funding, expected trends in the business of law, and developments in privacy litigation in the U.S. and UK. Larry serves as the Co-Chair of the 2019 Steering Committee.

Christian Everdell Teaches Computer Crime Law Class at Harvard Law School

November 15, 2018 | Event and Presentation

Partner Christian Everdell spoke about cryptocurrencies, blockchain, and ICO enforcement actions as a guest lecturer at the Computer Crime Law class at Harvard Law School.

Managing Deal Risk in a Post-Verizon/Yahoo World: Data Privacy Issues in M&A Transactions, CLE Webinar

August 16, 2017 | Event and Presentation

C&G partners Karen H Bromberg, chair of the firm's Privacy and Data security group, and Kwaku Andoh, former Managing Director & Associate General Counsel at JP Morgan Chase whose practice currently focuses on M&A, participated in an interactive CLE webinar on data privacy in M&A transactions.

EU-US Privacy Shield Self-Certification: What Every Company Needs to Know

January 19, 2017 | Event and Presentation

Should the EU’s Right to be Forgotten Ruling be Extended to the US?, Webinar

August 12, 2015 | Event and Presentation

EU privacy regulators want the right to be forgotten – the delisting of information on the Internet – to go global. This webinar, consisting of a panel of privacy attorneys, will consist of a discussion surrounding the issues stemming from the EU’s Right to be Forgotten ruling, whether this ruling could extend to US search engines, and what legislation needs to be explored in order to properly address the international implications of this ruling.

Additional panelists include:

Please click here to register for the webinar and earn CLE credit.

Should the EU’s Right to be Forgotten Ruling be Extended to the US?, Twitter Panel

April 23, 2015 | Event and Presentation

EU privacy regulators want the right to be forgotten – the delisting of information on the Internet – to go global. New York Intellectual Property Law Association (@NYIPLA) Internet & Privacy Committee Co-Chairs Kevin Moss and Karen Bromberg in conjunction with Bloomberg BNA and a panel of privacy professionals will be leading a Twitter discussion surrounding the issues stemming from the EU’s Right to be Forgotten ruling and whether this ruling could extend to US search engines.

Follow the discussion via Twitter, using the hashtags #NYIPLA and/or #R2BF

Privacy Law in the United States and Europe

January 24, 2011 | Event and Presentation

A privacy law presentation at the In-House Counsel Forum of Korea. This seminar will describe sources of privacy law in the United States and the European Union. It will also illustrate how these jurisdictions approach privacy law, how it is enforced, and why it is enforced differently. Lastly, recent privacy litigation in Europe and the United States will be discussed.

Privacy and Data Security

Key Contacts

All Attorneys

Compliance in the Course of Day-to-Day Business

Data Breach Response and Management

Compliance in the Context of Litigations and Investigations

Key Contacts

Related Practices