REPRESENTATIVE EXPERIENCE
Claude-Étienne Armingaud
Blockchain
Assisting this leading Singapore-based cryptocurrency exchange app with regard to its compliance with data protection framework in connection with data sharing within the group of companies as well as services provider for facilitating its services. This assignment notably raised specific questions pertaining to the interplay between encrypted data and personal data, and whether certain exceptions under GDPR could be invoked to facilitate the implementation of the exchange.
Assisting a leading metaverse platform developer in the deployment of its activities, notably with regard to its exposure to EU and UK GDPR during its beta launch phase. The metaverse being, at its core, a borderless virtual place, it may come into conflict with GDPR's extraterritorial reach. Based on our assessment, we were able to develop and document a rationale whereby GDPR would not be applicable to this stage of maturity.
Assisted a Pulitzer prize nominated photographer in negotiating a digital consignment contract, with an online gallery for the purpose of selling and auctioning digital artworks authenticated and individualized through non fungible token (NFT) on the Tezos blockchain. This assignment required a proper understanding of the tech underlying aspects and intrinsic limitations of the promising NFT technology and localization under French law and its specific artwork and author’s right protection.
Assisting the company behind a crypto-currency and decentralized finance asset-oriented smart contract programmation language in the defense of its trademark against another Fintech company trying to leverage on the fame of our client's prior trademark.
Commercial Technology & Sourcing
Assisted an Italian software house for the negotiation of a consulting services provision agreement relating to a third party software regulated under French law.
Assisted a European leader for the manufacturing of transportation parts the development of an online professional marketplace to facilitate the distribution of spare parts by all market players.
Assisting a French startup providing certified electronic mail with acknowledgement of receipt services since 2014, with the drafting and negotiating its commercial agreement for the provision services, as well as in connection with the passing of the Digital Republic Act by the French Parliament in the fall of 2016 and its subsequent expected application decree (published on May 12, 2018), adapting the legal documentation for AR24, both for the end-users and corporate partners in view of the entry into force of the GDPR.
K&L Gates is currently assisting a global restaurant booking and management software in the deployment of its activities in the European Union and in the United Kingdom, notably with regard to its exposure to EU and UK GDPR. The services involving the processing of consumer personal data, our assistance covered for the data transfer aspects for international payment, under GDPR, on the basis of the recent EU Commission's new model contract clauses. In addition, we also performed a pan-European review of the advertising requirements for online sales of alcohol.
Assisted a US-based international systems integrator and developer of PC security software, with offices in the United States and the European Union with the implementation of cryptographic services under French law and the notifications of cryptographic services to the French ANSSI.
Currently representing a US-based international systems integrator and developer of PC security and anti-malware software products and services, in its proceedings against a competitor in litigation pertaining to the classification of their software programs as Potentially Unwanted Programs in an attempt to disparage its services.
Assisting a mechanical sport broadcaster in the implementation of its Over-The-Top (“OTT”) subscription services aiming at broadcasting sporting events on an online platform, including assessing the requirements for sponsorship and advertisement for tobacco and alcohol products in key jurisdictions (notably France with regard to the Evin Act).
Assisting an organization responsible for improving animal health worldwide, in the contractual implementation of an Enterprise Resource Planning integration agreement, as well as animal pandemic surveillance and alert system (notably in the wake of the avian flu resurgence).
Assisting an international non-profit organization in the renegotiation of its relationship with an ERP solution integrator further to issues arising in the deployment of the project.
Data Protection, Privacy and Security
Assisting this global US-based non-profit organisation fighting poverty, disease, and inequity around the world on a broad range of data protection issues pertaining to EU/UK GDPR projects, notably in the aftermath of Brexit, including external facing documentation. In addition, K&L Gates also assisted with internal facing documentation in relation to drafting an employee privacy policy and carrying out employee background checks. K&L Gates’ support also highlighted issues stemming from uncertainty related to international data transfers whilst new Standard Contractual Clauses, the UK adequacy decision and the International Data Transfer Addendum were expected and the client needed to move forwards with its business.
Assisted on the data protection implications under the GDPR of a personal data transfer from the client's European entity to its US entity, in view of a potential discovery procedure under the US laws further to an M&A transaction, and implemented the required safeguards to allow such discovery process, notably through the information of current and past employees affected by the process and contractual mechanisms.
Assisting a large spectrum of non-EU clients with their GDPR compliance process, ranging from the complete due diligence of their data flows (“data mapping”) allowing for an exhaustive assessment of their compliance status to date (“gap assessment”), to day-to-day services for the implementation of revised model documentations, both internal (training, education) and contractual (with customers, service providers, end users).
Assisted a leading Lebanese bank in the deployment of its activities across the European Union with regard to the implementation of background checks, including on specific individuals from countries potentially falling under international sanctions. Due to the establishment of the client in the EU, such processing fell under the GDPR and, as such, are heavily regulated. Our assistance notably included the drafting and negotiation of the data sharing and data transfer agreement with a background check provider, as well as devising various compliance measures such as the information of the individuals and assessment of proportionality of the processing operation under GDPR.
Assisting several French and international clients further to personal data breaches, notably in the assessment of the exposure, the notification to the French Data Protection Authority and the communication with their commercial partners and customers.
Assisting an Italian luxury clothing company in the deployment of its global eCommerce capabilities, notably through the development of specific terms and conditions of sales, terms and conditions of use of websites, privacy and cookie policies for its three global markets, i.e. European Union, United Kingdom (further to Brexit) and United States. Our assistance required to take into consideration local idiosyncrasies, notably with regard to consumer protection, to streamline the documentation across all region. While the operational management of each region will be handled by a local company, legal and data compliance has been consolidated in Italy. As a consequence, we also educated the client on the local frameworks.
Regularly assisting a leading university in data protection issues in relation with the development of artificial-intelligence solution, notably with regard to retention of personal data, anonymization of personal data and territorial scope of the GDPR.
Assisting an international direct online marketing company in addressing an information request from the French Data Protection (CNIL) relating to the company’s use of a tracking pixel in email correspondence with its users.
Assisted a global luxury/cosmetics company wished to implement a smart fragrance dispenser in perfume corners within department stores and airports in several countries (China, Germany, France, UK and US (California/New York)). This technology, which uses artificial-intelligence powered image recognition technology to identify the fragrance used in the dispenser, faced many restrictions due to the possibility of capturing facial images of cornershop workers, as well as passerby under China's PIPL, US's CCPA, EU/UK GDPR. We coordinated the global data protection team of K&L Gates to analyze the various regional applicable frameworks and counsel this client not only on the requirements to implement the project, also come up with operational suggestions for the project to be deployed substantially similarly across all countries.
Assisted a leading luxury/cosmetics company in the negotiation of an online recruitment platform, including advisory services for the global workforce. This assignment raised questions relating to the various roles of the parties in the mutually-beneficial relationship, and the risks and mitigation thereof of a characterization of the relationship as "joint controllership" under GDPR. In accordance with GDPR, such relationship must be governed by a dedicated arrangement and the essence of such arrangement must be conveyed to the applicants as part of the information tenet of European data protection law. We worked alongside the contractual counterpart to devise the relevant documentation and respective responsibility of the parties, as well as devising the applicant journey and exposure to relevant information.
Assisted an Asian global fintech company that enables businesses to deploy end-to-end financial services, in drafting and negotiating its Master Commercial Agreement template, notably on the data transfer aspects for international payment, under GDPR, on the basis of the recent EU Commission's new model contract clauses (Data Controller to Data Processor module), as well as in the deployment of a data transfer impact assessment to document the processing operations subject to one of Art. 49 GDPR exemptions.
Assisted (i) a publicly-owned asset management holding company based in the United States and (ii) several Australian based insurance companies in the assessment of their respective exposures to GDPR and notably technical aspects relating to its territorial applicability.
Assisting an international whistleblowing hotline provider in the deployment of its activities in Europe, notably with regard to GDPR and data protection aspects relating to the management of its HR workforce in France, as well as the implementation of GDPR-compliant data processing agreements and process.
Assiting this US leading company producer of carbon fiber reinforcements and resin systems in its compliance with European data protection laws. Our assistance included reviewing and amending the company's whistleblowing policies and procedures with regards to GDPR requirements in light of the recent legislative evolutions in the field.
Assisted a leading distributor of lumber in the assessment of the conditions under which personal data pertaining to its employees and investors in the European Union (or otherwise subject to EU data protection laws) could be transferred to the United States for the purpose of discovery in the wake of a litigation. Our assistance included the assessment of applicability of any exemption under Art. 49 GDPR as well as the revision of their employee privacy policy to cover aspects which were not present in the previous version.
Assisting a French staff catering start-up on their global compliance with data protection framework. As part of the scale up of their operation, our assistance included (i) setting up their UK entity for deployment across the channel, (ii) revising internal documentation (e.g. record of processing activities, employee privacy policy) in accordance with EU and UK GDPR and (iii) update and negotiation of their distribution agreement with corporate customer and EULA with end-users.
Assisting an American clothing and home decor retailer that specialises in casual clothing, luggage, and home furnishing, in its expansion into the UK and EU markets. K&L Gates carried out a review and mark up a data protection agreement governing the transfer of personal data from within the UK and EU to the US and provided advice on the client’s Privacy and Security Policy and made suitable amendments to this to ensure compliance with UK and EU data protection legislation.
Assisted this leading provider of goods relating to pets online for mail order and purchase at retail outlets in reviewing the data protection provisions in a white label pet insurance supply agreement, which required special attention to the rights of continued use of customer data and the transfer of this customer data to a new supplier following termination. Such situations may lead to a change in data controllership or key elements of data protection information may be required to engage with the individuals for; (i) the continuation of the service provision; and (ii) avoiding any disruption of the marketing and customer relationship. To that extent, the K&L Gates team works closely with our client’s legal and marketing departments to ensure the most suitable approach.
Assisted a French consulting company specialized in financial investments in the implementation of a securitization program of student housing receivables, and notably GDPR compliance issues relating to the transfer of the personal data included in the transferred debts.
Assisting a French start-up which developed a solution to secure the protection of personal data when using services offered by third parties, notably for advertising purposes, in the support of the demonstration before the French Data Protection that such solution may considered as "anonymous" processing, under GDPR and its exchange with the French Data Protection Authority.
Supported a global provider of freight forwarding and logistics services through air, land and sea for corporate events, live shows and more, in respect of former employees’ data subject access request, by way of drafting the necessary letters to the former employee and assisting with the preparation and delivery of the items that needed to be disclosed. The team also prepared employee and website privacy policies and advised on related data protection queries.
Assisted a leading automotive electronics company in the conduct of an internal investigation for suspected fraud organized by some of its employees in France and Germany, as well as the conditions for the transfer of the underlying personal data to the United States. Further to the more stringent requirements on data transfer in the wake of the European Court of Justice decision in Schrems II, we conducted the preliminary sorting of the employees' emails and files in the European Union, and advised on the conditions of transfer of the relevant personal data.
Advising a US-based manufacturer of domestic appliances with updating its internal and consumer facing policies and practices to help ensure its global data protection compliance, notably with regard to the EU and UK GDPR. We regularly assist the client on an ongoing basis to adapt to the rapidly changing regulatory framework. Our assistance has so far included drafting various GDPR compliant documentation, such as Employee, Applicant and Customer Privacy Policies to ensure compliance with UK and EU law.
Assisting a leading international model and talent agency, in the implementation of its GDPR compliance documentation, including with regard to under-age models and waiver of image rights.
Assisting a leading for-profit association organized in local and regional chapters across the globe in its global data protection and privacy compliance program, including with regard to data sharing within the chapters and with their partners, notably for the purposes of event management and direct marketing.
eHealth
Assisted a biopharmaceutical laboratory in implementing localized contractual documentation for medical sponsorship agreements in France, in compliance with the revised framework of the French Public Health Code and Gift Law.
Assisting a leading provider of sacral neuromodulation therapy in reorganization of its distribution network in France, including termination of its existing distribution network and independent resellers and subsequently, the negotiation of its new distribution agreement. This assignment notably raised issues pertaining to abrupt termination of existing commercial relationships, as well as the characterization of the roles of independent resellers as commercial agents, and minimizing the exposure to statutory indemnification of such agents under French law.
Assisted in an investment in, and creation of a joint venture with a company which developed an AI-based smart-home solution for the detection of falls of individuals, notably for use in retirement home and hospital. This operation required specific analysis of the compliance of the target company with data protection and privacy laws, notably with regard to biometric data processing, as well as analysis of the ownership of the intellectual property right over the solution.
Assisting a leading U.S. company manufacturing desks, mobile carts and screen stands in its compliance with GDPR. Notably, we were tasked with rolling out the deployment in the European Union of medicalized carts, with SaaS functionalities, during the COVID-19 pandemic. Due to the pressing global demand for such material, and given the specific concerns relating to health data processing, we had to provide expedited advice to manage the regulatory requirements and the market imperatives, without requiring amendments to the services and IT infrastructures as they had been already finalized. In addition, we have been assisting this client with updating their legal processes for the international transfer of personal data transfer, to be in line with the latest developments of the European framework, including deployment data transfer agreements based on the EU Commission's Standard Contractual Clauses in their four different modules, developing Data Transfer Impact Assessments, and advising on their internal data retention policy. Finally, we assisted this client in updating its European distribution agreements, including with regard to data flows from end-users to the manufacturer for warranty and CRM purposes.
Assisted an Irish company in the context of bringing its personal data exchanges into compliance with French and German universities, in particular in the context of the anonymization of genetic data carried out in the context of previous studies and their consolidations in Ireland. This company had been acquiring sensitive personal data to further research cooperation with continental Europe universities, notably of genetic material. We assessed the types of uses they could implement for the purpose of the original research as well as subsequent commercial and non-commercial uses.
Advising a animal DNA testing company on organizing its global data protection compliance. Our assistance includes analysing the client’s intragroup transfers of personal data across its international subsidiaries and putting in place appropriate data sharing agreements, as well as updating their internal GDPR compliance documentation in accordance with GDPR’s accountability framework (e.g. transfer impact assessment, review of the technical and organizational measures in place) and considering data sharing and processing relationships with distributors to identify necessary legal provisions.
Assisted a leading French health and cosmetics laboratory with the implementation of a startup acceleration program at Station F, aiming at devising new oncology diagnostic procedure and technology, including drafting and negotiating the acceleration agreement with the selected startup (cross IP licensing and assignment, ownership of project-related data in a post-GDPR environment), as well as drafting and negotiating the terms of the partnership with the corporate sponsors that would be hosting the startups.
Assisted a leading global manufacturer of single-use solutions for operating room and wound care intended for healthcare professionals, to respond several Cease & Desist Letters sent by a competing company invoking acts of counterfeiting and unfair competition in Belgium, France, Norway and Poland.
Assisted a world leader in biological/enzymatic solutions negotiating a marketing and distribution agreement governed by French law with a French manufacturer of nutritional and therapeutic solutions company.
Assisted one of the leading French hearing aid manufacturer in the implementation of the new French regulatory framework relating to the conditions for which the French social security covers/reimburses hearing aids and related services to end-users.
Intellectual Property
Advising the VC fund of a leading French-based cosmetics company on its contemplated minority investment in a French biotech company specialized in R&D on natural algae-based products from the untapped microalgal diversity for cosmetic & nutraceutical industries. Our assistance included the review of the trademark portfolio of the target on the contemplated markets, as well as pre-signing remediation pertaining to proper assignments and supplemental registrations and renewal over the portfolio.
Assisted a Korean production company which created the world famous "I can see your voice" TV game show in initiating emergency proceedings against the alleged infringement of its television program format by a Turkish production company, and broadcast on the French channel TF1 of allegedly infringing program "Good Singer".
Assisted a leading manufacturer of air-soft replica gun in the termination of license agreements with its licensors and the aftermath of such termination for the distribution of its inventory.
Assisted this Maltese company operating an online game and gambling website in managing an opposition procedure against its EU trademark application. We were in charge of drafting and negotiating a trademark coexistence agreement negotiation to the satisfaction of our client to have the trademark duly registered.
Currently representing Hyundai in several proceedings against French and EU grey market dealers, offering Hyundai vehicles for sale, which were not destined to the EU market (unlawful parallel imports), in infringement of Hyundai’s trademark rights.
Assisted a French startup specialized in interior design catering to the Chinese market, including the creation of the corporate structure, the protection of the intangible assets of the client, including trademark protection in Europe and China as well as the implementation of the contractual relationships with suppliers and customers, through non-disclosure agreement, service provision and IP right assignments on a day-to-day basis.
Represented a manufacturer of industrial material in the aftermath of the termination of a distribution agreement in France and infringement litigation further to the continued unauthorized use of its trademark by former licensee.
Assisted a German company in pending litigation in relation with numerous patents acquired by our client, further to the assignor of such patents acting in bad faith and having assigned its patents twice to two subsequent assignees.
Successfully advising an Israeli-based manufacturer of robotic pool cleaning equipment within the framework of a domain name restitution procedure (UDRP) before the World Intellectual Property Organisation, further to the registration of a domain name using one of the client's trademarks. The domain also hosted a malicious website aiming at defrauding legitimate customers. We were able to successfully shut down this operation and obtain the transfer for the domain name to our client.
Assisting a group specializing in the manufacture of small and large series of pieces of jewelry for customers of the Place Vendôme as part of the redesign of its customer and supplier contracts. Our assistance includes the upstream securing of the client's intellectual property rights and downstream, its know-how in the context of computer-assisted production management.
Assisted a leading global manufacturer of single-use solutions for operating room and wound care intended for healthcare professionals, in the global review of their medical practitioner consultancy agreements with health care practitioners to receive expert opinion and consultancy services related to the client’s products and developed technologies. This assignment addressed a plurality of topics, including (i) the use of the practioners' personal data, notably for marketing purposes, (ii) the assignment of the intellectual property rights on the deliverables produced by the professionals and (iii) the assignment of their image rights when participating to public event in connection with the services.
Assisted an international in-store provider of music and interactive mobile marketing products with reviewing and negotiating a consulting agreement with a French consultant, including assignment of IP rights originating from the consultant and compliance with GDPR as per a data controller-data processor relationship arising from the contractual situation.
Represented the new venture behind the creative team of the Colette concept store, Nous Concept, in the defense of their trademarks against (i) a pottery and culinary art store owning a similar trademark and (ii) a German company owning a similar trademark in approaching services.
Assisting a group specializing in the manufacture of small and large series of pieces of jewelry established in the prestigious Place Vendôme in the deployment of their international operations - the establishment of commercial agent, trademark registrations and dress patents in 40 countries.
Regularly assisting a ski equipment manufacturer in the identification and destruction of counterfeit products following their customs seizure on European territory and in the context of the organization of competitions in its physical points of sale and online, in accordance with GDPR.
Represented a German gallery in the defense of an action before the French court initiated by a French photographer, alleging that one of the photographs exhibited by our client infringed his copyright.
Assisted leading children book publisher in the implementation of an street-art exhibition for children, including the licensing of the underlying IP rights on the characters’ likeness, as well as an assignment of the resulting derivative IP in order to secure the exploitation rights for the publisher, and use of the resulting IP for charity purposes.
Smart Cities and Mobility
Assisted several players of the connected automotive industry, including a car leasing company and several startups providing Bluetooth-enabled dongles on the OBD port, in approaching the French Data Protection Authority ("CNIL") in order to amend the draft compliance package prepared by the French Data Protection Authority.
Assisted a global leader in automotive tires in the implementation of innovative mobility services (e.g. "tire-as-a-service", short-cycle bike rentals for enterprises, etc.)
Assisted a leading French utilities providers in the implementation of its smartcity data hub for a connected city project in France.
Advising a connected consumer electronics manufacturer with updating its internal and consumer facing policies and practices to help ensure its global data protection compliance, notably with regard to the EU and UK GDPR, the CCPA and upcoming U.S. legislations. We regularly assist the client on an ongoing basis to adapt to the rapidly changing regulatory framework. We also provide regular assistance and advice relating to the client’s data processing and international data transfers, specifically in relation to dealers and distributors of the client and have drafted and negotiated relevant accompanying documentation and implementation of the relevant records of processing activities. In addition, we assisted the client in anticipating the various scenarios which impacted its activities further to Brexit, notably with data transfers to and from the EU and the UK, as well as with the assessment of the consequences of the European Court of Justice Schrems II decision and its impact of global data sharing arrangements.
Assisted the world largest startup accelerator in implementing its activities in the Middle East and the UAE area.
Assisted a leading highway infrastructure operator on large range of issues related to new mobility trends, including day to day assistance on transactional aspects of highly innovative projects pertaining to electric vehicles, connected car and driverless transportation, research and development, consortiums with public and private stakeholders of the transportation sectors, within various European initiatives (C-ROADS, SCOOP, CINC) as well as the drafting and negotiation of a partnership agreement with a car manufacturer in order to experiment in real traffic conditions autonomous driving, including the crossing of toll booth and management of roadworks and accidents.
Assisting a Pittsburgh-based startup developing autonomous driving technology in the testing and partnership with European automotive manufacturer, including the shared licensing of the underlying intellectual property (both background and foreground) as well as the sharing of the data involved in the testing in road conditions.
Transactional
Assisted an investment fund during an merger and acquisition equity type operation investment. Paris team performed an audit of the target based on its IP portfolio and its GDPR compliance.
Assisted a global leader in consulting services in the acquisition of international boutique consultancy firm located in France, Canada, Switzerland, Luxembourg and the United States. In parallel with the usual corporate due diligence aspects, K&L Gates performed an in-depth review of the GDPR maturity (as well as vis-a-vis other data protection framework applicable) of the target with regard to the employees and customers of the target, as well as review of the intellectual property rights on the IT solutions developed by the target and deployed to its clients.
Assisting leading Chinese multinational corporation Envision Digital which provides energy management software in its acquisition of QOS Energy, a French energy analytics company. We carried out a comprehensive due diligence review of the company’s compliance with the GDPR and advised and negotiated on appropriate warranties to be used in a Share Purchase Agreement relating to our due diligence review. We also performed a full review of the various open source licenses used in the solution in order to assess the exposure from an intellectual property/copyright ownership point of view. With data protection and security issues at the forefront of liabilities in an M&A transaction, the K&L Gates team always tailor its client’s advice to the risks presented by the target company in view of; (i) the maturity of the target company’s data protection compliance; and (ii) inherent risks to the target company’s business. In addition, the operations above require a collaborative approach with colleagues in the Labour, Employment and Workplace Safety practice group to assess any data subject access request risks.
Assisted a leading North Carolina company in a major cross-border transaction (over 50 subsidiaries and 60 countries worldwide) on global data protection compliance aspects.
Assisted a major leading group in the security field in the labour due diligence, master agreement and disclosure schedules for the acquisition of a large group of more than 10,000 employees (4,000 employees in France). This large deal triggers complex strategic and technical issues regarding the compliance with global applicable data protection frameworks, as well as the data sharing between Buyer and Seller during the operations.
Assisted a US-based private investment group in an M&A transaction and coordinated global GDPR due diligence operations for Buyer including advising on remediation steps and assisting in drafting and negotiation of the relevant representations and warranties, for acquired company's personnel located in Germany, the Netherlands and Czech Republic.
Video game
Assisting a French independent video game studio in securing the financing and publishing of its second video game, which was released to great success. We also assisted this video game studio in the registration of the trademarks associated to the game in the European Union, the United States and China, the porting of the game to various consoles, as well as take down measures for counterfeit games on App Stores. We are also assisting them on their GDPR compliance.