Defending your digital capital

On a global level, technological developments are making it easier for public and private companies to gather, use and transfer data.

In many countries, stronger regulations to protect personal data and individuals’ increased awareness of their related rights that businesses face additional risks.

These risks are both legal and commercial. Failure to comply with personal data protection obligations can result in companies facing penalties imposed by the authorities. At the same time, any mismanagement of data can have a major impact on a business’s financial results and on its reputation. Regardless of the business sector concerned, the economic value of collected and processed data continues to grow. The digital capital acquired can become a driver of commercial performance and take on strategic importance in terms of a business’s development.

Our team of personal data protection specialists can deal with all the implications of these issues by combining its know-how with the relevant expertise of our lawyers. They can advise you how to anticipate and prevent data-related risks, assist you with crisis management and defend you in the event of disputes or security breaches.

In particular, their know-how is based on more than 20 years’ experience acquired with major Tech industry players.

Strategic issues

Disputes relating to personal data require not only detailed knowledge of the applicable legislation but also a thorough understanding of the way businesses work and of the constraints under which they operate.

In a world in which personal data compliance issues are inextricably linked to the political, economic and social challenges facing businesses, effective defense of a client’s interests must take account of its specific features and of the environment in which the dispute arose.

At the same time, we are increasingly seeing personal data protection issues being raised in disputes that initially concerned other areas of law (particularly in labor law, criminal law, commercial law, etc.).

In order to assist our clients with such hybrid disputes where parties raise alleged personal data breaches to advance their interests in litigation of a much wider nature, it is important for us to act efficiently and in a cross-disciplinary way

Experts at your side

Our Data team can draw on the skills of more than 10 experienced lawyers. Their know-how has been built up in a wide variety of cases involving major financial, political, strategic and reputational issues.

Our lawyers defend the interests of public and private companies in all business sectors, with a particular emphasis on areas where sensitive or particularly intrusive personal data are handled, such as the health, fintech, banking and insurance sectors and connected vehicles, connected tools, video surveillance and facial recognition.

Our know-how in personal data disputes

Experience of disputes relating to privacy, data security and data breaches

Disputes relating to compliance with the legislation

  • Internal investigations; online, documentary or on-site inspections conducted by the CNIL.
  • Proceedings before the CNIL’s litigation division: analysis of proceedings, drafting of submissions and arguments, defense speech.
  • Civil, commercial and employment tribunal proceedings: hybrid disputes involving alleged personal data breaches used to serve the interests of a wider dispute (breaches of data subjects’ rights, unauthorized access to personal data, issues relating to excessive data retention period, etc.).
  • Criminal proceedings concerning the liability of companies or directors for failure to observe the rules governing compliance or the unauthorized use of personal data.
  • Investigations by the competition authority in the event of mergers creating clusters of data

Data security and data breaches

  • Disputes relating to security breaches resulting in a loss of HR or client data.
  • Disputes relating to data breaches in the context of company acquisitions or sales or cross-border data transfers.
  • Disputes relating to fraudulent intrusion, unauthorized access or attacks on an automated data processing system.
  • Disputes relating to fraud, infringement of the privacy of correspondence, defamation, identity theft or any act using company data that could adversely affect its reputation.
  • Negotiation with the data protection authorities or judicial police, depending on the case concerned.

We provide added value through our ability to understand the different aspects of a dispute and to deal simultaneously and in a cross-disciplinary way with the various problems arising, whether in terms of personal data protection, labor law, consumer protection, corporate, insurance, competition law, criminal or public law.

Our thorough knowledge of civil, commercial and criminal procedure allows us to respond appropriately and efficiently.

Our team of personal data specialists combines its know-how with the firm’s other departments to help you manage these risks and defend your interests


Labor law


Criminal law




Public law


Competition and consumer law

August Debouzy has an established presence in the market, largely due to the presence of practice head Florence Chafiol, who has led the team since 2004 and impresses with her long track record of data protection audit matters and litigation. Crisis management, particularly in crises caused by cybersecurity breaches or data leaks, are another area of strength. The caseload attests to the group's longstanding experience in cross-border work, which account for the majority of instructions, partly because of the team's international client list which includes a strong raft of French companies operating globally alongside major players from outside of France.

Our recent (post-GDPR) work includes

Agrifood sector

Support provided in the context of an on-site CNIL investigation into the potentially intrusive collection of staff members’ data.

Delivery company

Assistance with the drafting of responses to several official requests for information from the data protection authorities (the Belgian data protection authority and the CNIL) following complaints from service providers and customers.

Public sector

Assistance during a documentary inspection by the CNIL concerning the unlawful collection of sensitive data about employees.

IT company

Defense in a dispute before the Tribunal de Grande Instance concerning alleged failure to observe the claimant’s right of access to his personal data seized by the defendant in the context of a summary application for evidence that had been withdrawn.

Energy sector

Assistance with employment tribunal disputes involving alleged breaches of employees’ rights of access and objection concerning their personal data and the excessive period of retention of such data.

US sports equipment company

Advice on all aspects of data protection and on a notice from the labour inspector alleging breaches of the data protection rules applicable to HR matters.

Communications agency

Advice on the unauthorized distribution of lists containing stakeholders’ personal data created by the agency for one of its clients. Management of the criminal complaints, the investigation by the public prosecutor, the right of access requests and the CNIL inspection.

Tech company

Assistance with the operating system in response to a formal notice published by the CNIL, the matter being subsequently closed following various discussions.


Personal Data Protection

Eden Gall

Eden Gall

Employment Law

Marie-Hélène Bensadoun

Marie-Hélène Bensadoun

Eric Manca

Eric Manca

White Collar Crime

Astrid Mignon Colombet

Astrid Mignon Colombet

Basile Ader

Basile Ader

Commercial, Distribution and Consumer Law

Alexandra Berg-Moussa

Alexandra Berg-Moussa

Benjamin van Gaver

Benjamin van Gaver

Public Law

Emmanuelle Mignon

Emmanuelle Mignon