K&L Gates ranked “Highly Recommended – Band 1” with E. Drouard & Claude-Etienne Armingaud.

Source: Leaders League

K&L Gates ranked “Excellent” with E. Drouard & Claude-Etienne Armingaud.

Source: Leaders League

Italian law no.12/19 dated 11 January 2019 (the “Law”) came into force on 13 February 2019 and cemented the legal enforceability of electronic timestamping performed through blockchain technologies.

(more…)

Further to the adoption of the so-called Trademark Package at European level, comprised of Regulation no.2015/2424 (as codified by Regulation no.2017/1001 dated 14 June 2017) on EU Trademarks (the “Regulation”) and Directive no.2015/2436, harmonizing Member States’ trademark regime (the “Directive”), both dated 16 December 2015, France was due to update its internal regulatory framework.

The PACTE Act no. 2019-486, adopted on 22 May 2019, implemented the Trademark Package at long last. While the Regulation addressed EU aspects and is of direct enforcement within Member States, the Directive provided Member States with some leverage on the internal implementation.

These new aspects aim at simplifying the enforcement of intellectual property rights (“IPR”), for both trademarks and the patents, by creating administrative procedures, rather than having to introduce a judicial action before the courts.

(more…)

The luxury offering at K&L Gates LLP consists mainly of Claude-Etienne Armingaud and E. Drouard, who specialize in IT and data privacy matters. In recent highlights, a leading fashion brand appointed the group to assist with the implementation of radio frequency identification device tags in its products to track them through the supply, distribution and sale process. The team also advised on the remodeling of IT structures, data privacy issues and matters pertaining to e-commerce platforms.


K&L Gates LLP‘s healthcare and life sciences offering covers corporate, IT, intellectual property and regulatory mandates within the sector under the leadership of Jean-Patrice Labautière. He recently assisted Axonics with its €35m fundraising from Gilde Healthcare and represented a bidder in the sale of a business division by a leading global healthcare company. While Nicola Di Giovanni focuses on corporate and private equity mandates, Claude-Etienne Armingaud collaborated with Labautière to advise a heavyweight healthcare player on the implementation of a startup acceleration programme for the development of new technology.


At K&L Gates LLP, the IP, IT and privacy group encompasses the firm’s corporate and commercial offering in the technological space under the joint leadership of Claude-Etienne Armingaud and E. Drouard, whose ‘perfect mastery of the law, outstanding understanding of complex issues and personal courage‘ impresses clients. The group was recently instructed by three major transport companies to advise on the provision of WiFi services in their train and subway stations and airports. Drouard is currently advising BNP Paribas on the regulatory and transactional aspects of the development of a digital mobile wallet app, and Armingaud is assisting a utility provider with the implementation of a smart city hub. Also notable is the group’s work in the online marketing and advertising, connected device and new technology, and online distribution sectors.


On 23 January 2019, the EU Data Protection Board (“EDPB” – the gathering of all European Union (EU) data protection authorities) adopted opinion no. 3/2019 (the “Opinion”) on the interplay between the Clinical Trials Regulation no. 536/2014CTR”) and the General Data Protection Regulation (“GDPR”). Anticipating the application of CTR (currently expected to occur in 2020) following the implementation of the EU portal and the EU database of the European Medicines Agency, the Opinion provides clarification on (i) the different legal bases for the processing of personal data operations related to a specific clinical trial, from commencement of the clinical trial until the deletion of personal data collected during the clinical trial (“Primary Use”); and (ii) the further use of the same personal data set for any other scientific purposes (“Secondary Use”). Without establishing a legal basis, no one can process the personal data needed to run a clinical trial or to use the personal data for other research.

(more…)

On January 21, 2019, the French Data Protection Authority (Commission Nationale de l’Information et des Libertés, or “CNIL”) published its first sanction rendered under the General Data Protection Regulation (“GDPR”).

Barely eight months after GDPR entered into force, and the subsequent group actions that were introduced in France, the CNIL followed in their footsteps its other European counterparts. However, while Portugal in July drew first against a hospital with a EUR 400,000 fines, the Austrian and German follow-ups, respectively for EUR 4,800 and 20,000 underwhelmed in contrast with the EUR 20 million, or 4% of the global turnover of a company (which ever the greatest) maximum fines allowed under GDPR.

Today’s CNIL decision nevertheless set the possible path for upcoming application of GDPR, by striking a EUR 50 million fine against Google LLC.

This sanction followed the group complaints formed by Maximilian Schrems’s association “None Of Your Business” (“NOYB” – already behind the cancellation of the Safe Harbor in 2015 and currently litigating against the Standard Contractual Clauses in Ireland) and La Quadrature du Net (“LQDN”), which received a mandate from 10,000 individuals to refer the matter to the CNIL.

The CNIL grounded its decision on the lack of transparency and inadequate information of the individuals in order to deem the consent regarding the ads personalization invalid.

On the one hand, the CNIL highlighted that the information of the data subjects was diluted in a myriad of documents while applying to a plurality of services at once (e.g. Google search, You Tube, Google Home, Google Maps, Playstore…). This did not allow the user to gain a “just perception of the nature and the volume of data collected.”

On the other hand, the consent-gathering mechanism was deemed inadequate to obtain the “specific” and “unambiguousconsent required for such data processing operations. The CNIL notably criticized the blanket acceptance of “the processing of [users’] information as described above and further explained in the Privacy Policy”, which, according to the Regulator, does not allow the users to opt-it to the each particular processing operation at stake without additional steps for the users to reach the required information.

This decision, in addition to be the first rendered by the CNIL under GDPR, will also in all likelihood be the last under the current Secretary General, Isabelle Falque-Pierrotin, who will be replaced on February 1st, after heading the CNIL since 2011.

On 23 November 2018, the European Data Protection Board (“EDPB”) – the gathering of all European Union (EU) data protection authorities – adopted new draft guidelines on territorial scope of the General Data Protection Regulation (“GDPR” – external source). The EDPB was previously known as the Article 29 Working Party.

The long awaited guidelines (“Guidelines”, available here) provide a common interpretation on the scope of application of the GDPR. Its territorial scope, laid down in Article 3 GDPR, states that GDPR applies to:

The Guidelines provide clarification for both EU and non-EU based companies to assess whether all or parts of their activities would fall under the scope of the GDPR and to what extent they would be subject to the application of the GDPR.

Notably, the Guidelines clarified aspects which had been subject to controversy or misinterpretation in the six months since GDPR’s entry into force, such as:

  • A non-EU controller using an EU processor for activities outside of the EU not targeting EU residents does not have to comply with GDPR. An EU processor will be subject to the relevant GDPR provisions directly applicable to data processors;
  • The irrelevancy of the “targeting” criterion when considering applicability of the GDPR to monitoring activities; and
  • Citizenship, established residency or other type of legal status of the data subject is irrelevant to determine the application of the targeting criterion.

Moreover, the Guidelines also clarified the criteria of the appointment of an EU representative defined in Article 27 GDPR for non-EU controllers and processors.

The Guidelines will still be subject to a public consultation before being revised and ultimately adopted in a final version.

K&L Gates’ Data Protection team remains at your disposal to assist you in the completion of your contributions, which will need to be submitted before 18 January 2019.