I was drawn into privacy as I found that it is uniquely positioned between law and technology: Paul Lanois (of Fieldfisher) on why he decided to specialise in this area

“I am an attorney – admitted to the bar in California, New York, the District of Columbia (DC) as well as the Supreme Court of the United States.”

Paul Lanois, Director at Fieldfisher, focuses on advising companies on data privacy and cybersecurity matters drawing on his international experience, having lived and worked in the UK, France, Luxembourg, Switzerland, Hong Kong, and the US. Paul helps companies – ranging from startups to large Fortune 500 multinationals across a range of industries – to develop data protection and privacy strategies for new products and services. He advises them on complying with evolving global privacy and data protection laws, such as the General Data Protection Regulation (GDPR), the ePrivacy Directive, as well as the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA), and similar data privacy laws passed in Virginia, Colorado, Connecticut, and Utah.

In particular, Paul advises clients about their cutting-edge B2B and B2C offerings, such as connected products and services (Internet of Things or IoT) including virtual reality, mobile apps (including augmented reality apps), artificial intelligence (AI), and machine learning (ML) as well as cloud-based integrations. He also advises on cybersecurity matters, including data breaches and incident response, risk assessments, policy development, and compliance with industry standards, such as the Payment Card Industry Data Security Standard (PCI DSS). Paul also coordinates large projects spanning privacy law requirements in a large number of countries to provide clients with consolidated advice that is practical and actionable. 

Paul is fluent in both English and French. He also speaks German at an intermediate level.

Fieldfisher is a European law firm that has market-leading practices in four key sectors: energy and natural resources, technology, financial services, and life sciences. The firm’s network spans over 1,500 people across 25 international offices.

The Silicon Review reached out to Mr. Lanois, and here’s what he had to say. 

Interview Highlights

Q. How would you describe what you do? 

I am an attorney – admitted to the bar in California, New York, the District of Columbia (DC) as well as the Supreme Court of the United States. My practice focuses on information governance, digitalization, cybersecurity, and data privacy – simply put, my work covers anything that involves the use (or transfer) of data, either within an organization or between organizations. 

Q. Why did you choose your specialism?

I have always been interested in technology, and enjoy playing with new gadgets and computer hardware, so I was looking for a specialism that would relate to such interest while also benefiting from my legal background. I was drawn into privacy as I found that it is uniquely positioned between law and technology. When I first started, privacy was not as popular as it is today, and many of my peers used to run away from any work which was connected to privacy, security, or technology since these topics were perceived as being too technical. However, the law and technology just made sense to me so I was glad to be able to take on those projects and have kept on doing so. Today, I still enjoy reviewing evolving applications of technologies – such as AI, ML, facial recognition, and IoT devices, just to name a few – and how they present novel and exciting challenges from a legal perspective.

Q. What’s keeping you busy at the moment?

A lot of clients are revisiting their privacy compliance programs due to new developments in the privacy space (for example, due to new laws or regulations being enacted in this space, such as the upcoming US state privacy laws which have recently entered into effect, or are due to enter into effect, in 2023). There has been a renewed focus from organizations on their security framework (e.g. security measures, security policies, cyberattack response plans, etc.), so that is also an area keeping me busy at the moment. Finally, there is a lot of work on privacy compliance programs (e.g. data mapping, privacy policies, review of data processing agreements, etc.).

I have had the privilege to advise and provide input on the development of exciting new technologies, such as autonomous driving, upcoming virtual reality headsets, or augmented reality devices. For example, I worked on an exciting project recently – an anti-cheat tool to prevent cheaters in a multiplayer game. It was particularly interesting to see the privacy and security issues that come into play to protect an online game and ensure that other gamers are not disadvantaged or have a worse experience that would make them no longer want to play that game. 

Q. What mentors or other influential figures have helped you get where you are today?

My career has been greatly influenced by the partner I worked with at Simpson Thacher & Bartlett (my first job), as this is where I first had the chance to work on technology-related matters! In particular, I was grateful to have had the opportunity to work on some exciting cloud-related projects back then when the cloud was still in its infancy, which later led to my paper "Caught in the Clouds: The Web 2.0, Cloud Computing, and Privacy?" which I published in the Northwestern Journal of Technology and Intellectual Property in fall 2010.

Q. If you could change one data-related law, how and why would you change it? 

If I could alter one thing about the current legislation, it would be to enact federal privacy legislation, which would replace the current patchwork of privacy rules with a single comprehensive statute that applies to the whole nation. With new privacy laws having come into force (California's CPRA and Virginia's CDPA), and upcoming laws (e.g. Colorado, Connecticut and Utah), it is becoming increasingly difficult for companies to comply with the applicable requirements in each of the 50 states. Having federal legislation will greatly reduce the overall cost of compliance for organizations operating in more than one state, and would therefore benefit organizations of all sizes, in particular, small to mid-sized organizations.

Q. How have recent work trends affected your work? 

I would say that covid-19 has emphasized the incredible resilience of the tech industry and has given us a glimpse of the future of the workplace. For example, remote working and meetings via videoconference (with tools such as Zoom) are now widely accepted. We have also begun to see immensely practical benefits of AI-driven solutions, for example removing background noise from the microphone, applying virtual backgrounds without a green screen, real-time audio transcription of meetings, etc. Connectivity technologies such as 5G and enhanced versions of Wi-Fi (specifically Wi-Fi 6E) are also available now to enable high-speed connections. 

Q. What’s the next big thing – what data opportunities are companies now looking at?

I think we are looking at a growth in data volume and complexity driven by an increase in data collection across virtually all industries, multiple data types, multiple channels, multiple data inputs (e.g. embedded, IoT), and an even broader adoption of AI and machine learning.

“If I could alter one thing about the current legislation, it would be to enact federal privacy legislation, which would replace the current patchwork of privacy rules with a single comprehensive statute that applies to the whole nation.”