During his January 2022 hearing before France’s National Assembly, the newly appointed chairman of the French competition authority (AdlC), Benoit Coeuré, stated that the digital sector would be one of the principal subject matters of his chairmanship (see press release here in English). 

His intention is to focus on “the emergence of new essential infrastructures such as cloud-computing” and that, in consequence, “it would be important and justified for the AdlC to rapidly undertake in-depth work on the consequences of cloud-computing in all sectors in conjunction with the relevant sectoral authorities.”

Pursuant to Article L. 462-4 of the French Commercial Code, the AdlC has therefore decided to conduct a wide analysis of the matter in order to assess the competitive situation of the cloud-computing ecosystem.


This opinion comes at a time when the cloud-computing market is booming at both the European and French level, with an average annual growth expected to exceed 25% over the next few years, with strong value-creation challenges for the economy, and allowing for a 2030 market prediction 10 times larger than in 2020.

Over the last few years, cloud computing has become a complex ecosystem of technologies, products, and services, giving rise to a wealthy economy where several cloud-computing service providers compete for an ever-increasing share of the service market. This peaking sector allows for more efficient ways of working, which has ended up being especially valuable during the COVID-19 pandemic.

This “cloud boom” also serves as the backbone of a widespread digitalization of the economy, which is supported by the French government with its new national plan to support the French cloud industry.


The AdlC’s purpose to conduct a broad analysis of the cloud-computing sector is pushed by both a European and international dynamic.

In this regard, the AdlC intends to provide for a definition of the relevant markets in the sector. 

This commitment can be traced back to the European Commission’s (EU Commission) early analysis of the “IT outsourcing services” market encompassing the “public cloud computing services” as one of its sub-segments.1  Concurrently and from a transatlantic perspective, the U.S. Federal Trade Commission is also pushing forward with an antitrust scrutiny in the cloud-computing business. 

The AdlC intends to study the competitive dynamics of the sector and the presence of operators in the various segments of the value chain (including their contractual relations) in a context where multiple alliances and partnerships are concluded for the provision of cloud services. 

Should the AdlC identify potential improvements, proposals may be issued for the competitive functioning of the sector.
Taking into account the variety and complexity of the cloud-computing technologies involved, the AdlC announced that, for the first time, the investigation unit will comprise lawyers, economists, and data scientists notably from the newly created Digital Economy Department.


A broad public consultation will be taking place in the next few months to gather comments and suggestions from the stakeholders. Comments are to be sent to the AdlC through the following email address: avis.cloud@autoritedelaconcurrence.fr

The final opinion is expected to be issued by the beginning of 2023.

The firm’s global competition and data protection team (including the competition team and data protection team in each of our European offices) remains available to assist you in achieving the compliance of your data and antitrust matters at global levels.

First publication: K&L Gates Hub with Camille Scarparo

Claude-Etienne Armingaud from K&L Gates ranked among the Best Lawyers France 2021 for Privacy and Data Security Law

Algo Avocats - Sandra Tubert
Altana - Pierre Lubet
Artemont - Farid Bouguettaya
August Debouzy - Florence Chaffiol
Baker McKenzie - Magalie Dansac Le Clerc
Bid & Bird - Merav Griguer, Ariane Mole
Bouchara & Avocat - Navessa Bouchara
Vercken & Gaullier - Florence Gaullier
Cohen & Gresser - Guillaume Seligmann
Cornet Vincent Ségurel - François Herpe
De Gaulle Fleurance & Associés - Georges Courtois, Jean-Marie Job
Delcade - Olivier Hayat
Delsol Avocat - Jeanne Bossi Malafosse
Derrienic Associés - Alexandre Fiévée, Fran_ois-Pierre Lani, Pierre-Yves Margnous
DLA Piper - Denis Lebeau-Marianna, Carol Umhoefer
Eversheds Sutherlands - Vincent Denoyelle
EY - Yaël Cohen-Hadria
Fréal Schiul Sainte Marie Willemant - Christinae Feral-Schulh, Bruno Grégoire Sainte Marie, Justine Sinibaldi
Franklin - Valérie Aumage
Gibson Dunn & Crutcher - Ahmed Baladi, Vera Lukic
Herald Avocats - Anne Cousin
Hogan Lovells - Etienne Drouard
K&L Gates - Claude-Etienne Armingaud
Latham & Watkins - Jean-Luc Juhan, Myria Saaarinen
Latournerie Wolfrom - Marie-Hélène Tonnelier
Lxing - Chloé Torres
Luzi Avocats - Olivia Luzi
McDermott Will & Emery - Romain Perray
Mulliez Avocats - Florence Mulliez
Next Avocat - Etienne Papin
Osborne Clarke - Claire Bouchenard, Béatrice Delmas-Linel
Racine - Hélène Cournarie
Reinhart Marville Torre - Laurent Marville
Squire Patton Boggs - Catherine Muyl
Taj - Hérvé Gabadou
White & Case - Clara Hasindork, Bertrand LIard

Source: Best Lawyers

K&L Gates ranked “Highly Recommended” with Claude-Etienne Armingaud.

Source: Leaders League


On January 21, 2019, the French Data Protection Authority (Commission Nationale de l’Information et des Libertés, or “CNIL”) published its first sanction rendered under the General Data Protection Regulation (“GDPR”).

Barely eight months after GDPR entered into force, and the subsequent group actions that were introduced in France, the CNIL followed in their footsteps its other European counterparts. However, while Portugal in July drew first against a hospital with a EUR 400,000 fines, the Austrian and German follow-ups, respectively for EUR 4,800 and 20,000 underwhelmed in contrast with the EUR 20 million, or 4% of the global turnover of a company (which ever the greatest) maximum fines allowed under GDPR.

Today’s CNIL decision nevertheless set the possible path for upcoming application of GDPR, by striking a EUR 50 million fine against Google LLC.

This sanction followed the group complaints formed by Maximilian Schrems’s association “None Of Your Business” (“NOYB” – already behind the cancellation of the Safe Harbor in 2015 and currently litigating against the Standard Contractual Clauses in Ireland) and La Quadrature du Net (“LQDN”), which received a mandate from 10,000 individuals to refer the matter to the CNIL.

The CNIL grounded its decision on the lack of transparency and inadequate information of the individuals in order to deem the consent regarding the ads personalization invalid.

On the one hand, the CNIL highlighted that the information of the data subjects was diluted in a myriad of documents while applying to a plurality of services at once (e.g. Google search, You Tube, Google Home, Google Maps, Playstore…). This did not allow the user to gain a “just perception of the nature and the volume of data collected.”

On the other hand, the consent-gathering mechanism was deemed inadequate to obtain the “specific” and “unambiguous” consent required for such data processing operations. The CNIL notably criticized the blanket acceptance of “the processing of [users’] information as described above and further explained in the Privacy Policy”, which, according to the Regulator, does not allow the users to opt-it to the each particular processing operation at stake without additional steps for the users to reach the required information.

This decision, in addition to be the first rendered by the CNIL under GDPR, will also in all likelihood be the last under the current Secretary General, Isabelle Falque-Pierrotin, who will be replaced on February 1st, after heading the CNIL since 2011.

K&L Gates ranked “Highly Recommended – Band 1” with E. Drouard & Claude-Etienne Armingaud.

Source: Leaders League

K&L Gates LLP advises on sophisticated global and domestic IT projects and is another name to note in very innovative digital projects for major French clients. The seven-lawyer team is also a reference for data privacy matters and is handling an important dispute with the French data regulator regarding the use of cookies.

Several high-profile luxury goods manufacturers also use the practice. Practice head E. Drouard is highly recommended and recently promoted partner Claude-Etienne Armingaudwastes no time and is straight to the point’.

Source: Legal 500

Despite the lack of announcement by UK Government to give notification to the EU under Article 50 of the Lisbon Treaty of its decision to withdraw from the Union, France is already making its move to move into the steps of the former Fintech capital of Europe. On January 25-26, 2017, more than 1,500 people attended the second edition of the Paris FinTech Forum, encompassing more than 28 countries and 130 companies, from global players to startups.

The irony of the event location, set in the historical venue of the former Paris Stock Exchange building, was not lost to the Bank of France Governor Francois Villeroy de Galhau who wondered “Who would have imagined just a few years ago that a central banker would be speaking at a forum on innovation?” before recognizing that “For banks and insurers, the digital revolution is upsetting the traditional model for client relations” and “there are difficult choices ahead.

In addition to Fintech – both in their classic understanding of technological innovation applied to the finance industry to more disruptive models, the Forum also gave the opportunity to demonstrate the blossoming RegTech scene. RegTech encompasses all added-value solutions which make it easier for banking services to ensure compliance with applicable regulation, be it for the KYC or AML purposes. Blockchain based solutions also departed from their original Bitcoin association to showcase a broad range of innovative services, from identity control to supply-chain management.

While investments, both in terms of number of operations and invested amounts, have been slightly decreasing in 2016, the Paris Fintech Forum was a proud statement that the market was maturing into products ready to hit the market on a large-scale basis.

The Paris Fintech Forum showcased the strong interest of the French current Government in blockchain technology (see NewsBTC article here), in the wake of the uncertainty surrounding the consequences of the Brexit announcement (see Business Mirror article here). However, France itself will be facing a general election next April and uncertainty may also prevail until then on the continent.

First publication: K&L Gates Fintech Law Watch

After almost a decade of vigorous debate among interested parties, the Court of Justice of the European Union (CJEU) has finally issued a decision that moves toward unifying the European perspective on internet filtering. While the CJEU decision itself is specific to the gambling industry, the core principles of the decision may be extended to other fields.

Several recent decisions by the CJEU put into a strict perspective the validity of the position held by certain European member states with regard to gambling, namely state-sponsored monopolies [see for instance CJEU case C-42/07]. At the same time, the opening of the online gambling field to authorized operators in European countries, such as France, went hand-in-hand with the creation of administrative agencies. Those agencies, such as France’s Autorité de Régulation des Jeux en Ligne (ARJEL) possess, among other things, the prerogatives and powers to demand the take-down of crossborder gambling and gaming websites deemed illegal under national law and accessible by individuals connecting from the same country.

On the other hand, on the copyright and peer-to-peer front, collective rights management agencies have been
heavily involved in regulating the contents made available on the Internet. Indeed, for the past decade since the
appearance of Napster, right-holders have been trying relentlessly to limit the impact of online copyright infringement, by pursuing action against individual downloaders in the first place, and then against the website publishers making illegal content accessible.

On both fronts, though, the temptation for grasping control over Internet content can be seen lingering around. In the SABAM vs. Scarlet decision (CJEU case C-70/10), published on November 24, 2011, the CJEU applied a five-prong
approach on Internet control ordered by third parties on Internet Service Providers (ISPs) that may be extended to the gaming and gambling industry.

In SABAM, the Belgian collective rights management entity had requested ISPs to cut access to several websites that allowed the illegal download of copyrighted material.

Although the national laws of EU member states specify the requirements for obtaining an injunction against the operator of an online service deemed illegal, such as national law must be compliant with the mandatory limitations
set forth by European law, notably in the e-Commerce Directive 2000/31/EC. The e-Commerce Directive provides in Article 15.1 that “Member states shall not impose a general obligation on providers, when providing the services covered by Articles 12, 13, and 14, to monitor the information which they transmit or store, nor a general obligation actively to seek facts or circumstances indicating illegal activity.” This has been understood by many commentators as the founding European net neutrality principle.

As a consequence of this European net neutrality principle, national authorities may not adopt measures which would require an ISP to carry out general monitoring of the information that it transmits on its network.

In the SABAM decision, the Belgian courts requested that the CJEU clarify whether European law would permit an injunction that would require an ISP to implement a filtering system for all electronic communication transiting through its services where such filtering would:

  • Apply impartially to all of the ISP clients;
  • In a preventive manner, as opposed to a reactive manner where infringing content, once identified and notified by the right-holders, would be dealt with;
  • In a permanent manner, as opposed to a temporary measure; and
  • At the sole costs of the ISP.

Following its advocate-general, who had concluded in the preceding legal opinion that this scheme was obviously disproportionate with regard to the rights to be protected, the court held that the implemented measures have to be “fair and proportionate and must not be excessively costly.

Additionally, the court foresaw the practical consequences of such general filtering and blocking—the ISPs need to appreciate the legality of the online services, which would thus “require active observation of all electronic communications conducted on the network of the ISP concerned and, consequently, would encompass all information to be transmitted and all customers using that network.” In other words, instead of relying on an evidenced take-down request from the right-holders, such right-holders were requesting that the ISPs themselves perform all the necessary checks on all the material they make available to ensure no infringing content would be available. At the same time, such a measure would have been in complete contradiction with the founding principle of Article 15 of the e-commerce directive and the net neutrality principle.

Moreover, the court drew attention to the fact that to permit the ISP to be the judge of what internet content was to be deemed illegal would likely adversely affect freedom of expression by blocking, albeit in a collateral manner, legal
services and information. According to the court, the ISP bears a technical role in the individual’s access to the Internet.
Therefore, its involvement should be limited to such a technical role, except in cases where the obviousness of the illegality of the targeted content prevails.

Finally, to the great satisfaction of many privacy advocates, the court seized the opportunity to state incidentally that the IP addresses used for ISP subscribers’ identification purposes were personal data. Indeed, in spite of the strict regulation of personal data processing in Europe, many national laws of agencies, in order to implement fast proceedings against illegal online file-sharing, were quick to dismiss the need for compliance with data protection
law. This latest observation also calls for moderation in the processing of online data and information, be it by rightholders, collective rights management organizations, or administrative agencies all over Europe.

First publication: K&L Gates – Global Government Solution 2012 with E. Drouard