Recent legislative updates have emerged in France, focusing on the intricate balance between national regulation and European Union directives —especially relevant to the evolving sector of commercial influence. The French law no. 2024-356, passed on 22 April 2024 (“DADDUE Law”), has granted the government a nine-month window to modify previous statutes to align with European standards.

The DADDUE Law will harmonize French national law (notably Law no. 2023-451 on the Regulation of commercial influence of 09 June 2023, see our previous post on this topic) with various European texts, including the e-commerce directive and directives like the DSA and SMA.

Among the articles set for revision are:

  • Article 1 regarding the definition of influence;
  • Article 2 on influencers’ agents;
  • Article 4 on prohibited sectors of promotion;
  • Article 5 on advertising disclosure requirements;
  • Article 8 on the framework of contracts between influencers and agents; and
  • Article 9 on insurance mandates for non-European influencers.

This underscores an initiative to refine the French national law on commercial influence in response to feedback from the European Commission.

The DADDUE Law will also repeal five articles within the prior law (articles 10, 11, 12, 15, and 18) that intersect with the Digital Services Act (DSA), on the obligations for hosting providers to implement alert systems for reporting illegal content and to comply promptly with legal and administrative injunctions to remove such content.

Furthermore, a government report will be presented within the next three months to address the necessary adjustments to Law no. 2023-566 on setting a digital majority age and battling online hatred, again drawing on remarks from the European Commission.

The path paved by the Law of 22 April 2024 requires a meticulous approach to legislative adaptation, ensuring that national regulations resonate with broader, collective European goals. This development is pivotal for professionals within the digital influence sphere and platforms hosting user-generated content, who must stay abreast of the changing legal landscape to sustain compliance and foster responsible online interactions.

First publicationK&L Gates Fashion Law Watch Blog – in collaboration with Kenza Berrada

Once again, global law firm K&L Gates LLP has been ranked among the world’s 100 leading data law firms by Global Data Review’s GDR 100. The annual list examines law firms’ privacy and data protection capabilities, use of IP and confidentiality laws to protect proprietary data, and the firm’s work on all other personal and non-personal data laws at a global level. 

Nearly two dozen K&L Gates lawyers were recognized in the 2024 GDR 100, including Paris partner Claude-Étienne Armingaud. Other partners leading the practice and identified in the profile include Melbourne partner Cameron Abbott, Seattle partners Shannan FrisbieWhitney McCollumDavid Bateman, and Carley Andrews, Washington, D.C., partner Bruce Heiman, Chicago partner Limo Cherian, London partner Sarah Turpin, and Research Triangle Park partners Gina Bertolini and Leah Richardson.

Clients provided positive feedback of their experience working with K&L Gates’ lawyers stating the team has “deep knowledge of privacy laws and regulations, but they also understand the business impact of their advice. This sets them apart from other firms in the market.”

K&L Gates’ Data Protection, Privacy, and Security practice boasts more than 60 lawyers and professionals with experience in various technologies and methodologies. From assessing risk to incident response, breach, and crisis counseling globally, the team is qualified to handle most data privacy and security compliance issues. The practice also assists with cross-border mergers and acquisitions and specialized services focused on emerging areas such as biometric data compliance and defense.

The full K&L Gates profile can be read at Global Data Review (subscription required).

K&L Gates’s expertise in data and tech work has recently seen it advise on matters as diverse as AI and machine learning projects’ impact on personal data retention and transparency and the implications of augmented reality make-up applications and smart fragrances. While the firm has some significant tech companies on board, the client base skews more heavily towards advising more traditional industries through digital transformation.
The data protection, privacy and security practice has multiple leaders, reflecting its wide geographic spread.
Claude-Étienne Armingaud in Paris, who is a dual-qualified French and New York lawyer, is a stand-out name: besides GDPR and privacy compliance, he also has extensive experience advising on tech transactions, for example relating to software, blockchain, connected cars and more. Other partners leading the practice are Cameron Abbott in Melbourne; Shannan Frisbie, Whitney McCollum, David Bateman and Carley Andrews in the firm’s Seattle headquarters; Bruce Heiman in Washington, DC; Limo Cherian in Chicago; Gina Bertolini and Leah Richardson in the Research Triangle Park office in North Carolina; and Sarah Turpin in London.

The K&L Gates practice’s senior ranks grew with the addition of San Francisco partner Michael Stortz, who was formerly at Akin Gump. Thomas Nietsch was promoted to the partnership in Berlin. The firm also hired counsel Veronica Muratori in Milan from Withersworldwide; Avril Love in Los Angeles from Tucker Ellis; and Ulrike Elteste in Frankfurt from Covington & Burling.

Client references


“K&L Gates has deep expertise and knowledge in this area and is always responsive. Advice is always timely and well-considered.”


“Collaboration with K&L Gates is always seamless. The team have deep knowledge of privacy laws and regulations, but they also understand the business impact of their advice. This sets them apart from other firms in the market.”

First publication: Lexology GDR100

A Practice Note highlighting issues to consider when counseling a prospective buyer of an AI company. This Note discusses the primary due diligence issues relating to AI and machine learning (ML) and strategies to mitigate or allocate risks in the context of an M&A transaction. This Note is also helpful for AI company targets that seek to anticipate potential issues. In this Note, the term AI company refers to a company involved in the research, development, or monetization of a product or service that is primarily powered by an ML algorithm or model that creates functionality or utility through the use of AI.

Read the full article on Practical Law, written in collaboration with by Annette Becker, Alex V. Imas, Jake Bernstein, Mark H. Wittow, Melanie Bruneau, Marion Baumann, Kenneth S. Knox, Julie F. Rizzo, Cameron Abbott, Thomas Nietsch, and Nicole H. Buckley.

Practice head(s): Claude-Etienne Armingaud

(more…)

K&L Gates LLP covers a myriad of IT and internet issues, from GDRP compliance to contract negotiation. The firm is notable for its expertise in IP and data protection matters, as well as, increasingly, AI, NFT and blockchain issues. The practice is led by Claude-Etienne Armingaud, who is dual-qualified in France and the US, and is consequently well placed to handle multi-jurisdictional transactions.

Practice head(s): Claude-Etienne Armingaud

(more…)

The Information Commissioner’s Office (ICO) has recently published guidance for employers on monitoring workers lawfully, transparently and fairly. The guidance aims to protect workers’ data protection rights and help employers to build trust with workers, customers and service users. With Artificial Intelligence (AI) on the rise, the temptation may be strong for employers to leverage those emerging technologies in that space. This alert summarizes some specific steps employers should prioritise in light of the ICO guidance.

(more…)

Entering Chambers Europe/France TMT: Data Protection ranking as an Up & Coming lawyer.

Client testimonials:

Claude-Étienne has a vision that goes beyond IT into other areas, so he gives multidisciplinary and strategic insights. He is also pleasant to work with and efficient.

He works really efficiently for us; he is really dedicated and clearly passionate about it too.

Source: Chambers Europe

The Information Commissioner’s Office (ICO) recently launched a consultation series on how data protection laws should apply to the development and use of generative AI models (“Gen AI”). In the coming months, the ICO will publish further views on how to interpret specific requirements of UK GDPR and Part 2 of the DPA 2018 in relation to Gen AI. This first part of the consultation focusses on whether it is lawful to train Gen AI on personal data scraped from the web. The consultation seeks feedback from stakeholders with an interest in Gen AI.

As outlined by the ICO, web scraping will involve the collection and processing of personal data, which may not have been placed online directly by the data subjects themselves. To comply with the UK GDPR, Gen AI developers would need to ensure there is a valid lawful basis for their processing under UK GDPR, as well as comply with the relevant information requirements pertaining to indirect personal data collection.

For the first part of the consultation series, the ICO published a policy position on the lawful basis for training Gen AI models on web-scraped data which can be found here. More specifically, this consultation focusses on the ‘legitimate interest’ lawful basis under art. 6(1)(f) UK GDPR and the ‘three-part’ test that a data controller must pass to meet the legitimate interest basis (a so-called Legitimate Interest Assessment). The ICO has considered various actions that Gen AI developers could take to meet this three-part legitimate interest test to guarantee that the collection of training data through web scraping, i.e. processing of data, is complaint with the principles of UK GDPR. The ICO would now like to hear from relevant stakeholders on their view of the proposed regulatory approach and the impact this would have on their organisation. A link to the survey can be found here.

The deadline to submit a response is 1 March 2024.

First publication: K&L Gates Cyber Law Watch blog with Sophie Verstraeten

Join our session as we explore the implications of the EU AI Act. In this webinar, we’ll:

Featured speakers

Yücel Hamzaoğlu​

Partner
HHK Legal

Melike Hamzaoğlu

Partner
HHK Legal

Claude-Étienne Armingaud​

Partner
KL Gates

Noshin Khan​

Ethics & Compliance, Associate Director
OneTrust​

Harry Chambers

Senior Privacy Analyst
OneTrust

Register here.