Technology, Outsourcing and Privacy | Fieldfisher
Skip to main content

Technology and Data

Fieldfisher's Technology and Data Group is one of the largest and most experienced in Europe. This breadth and depth of expertise means clients regularly instruct us on complex, international mandates with complete confidence.

AI Regulatory Guidebook - December 2023

In this guidebook, we provide an overview of the current positions of the national data protection authorities in the EU member states, Norway, Switzerland the United Kingdom with respect to how personal data may be processed in the context of AI systems.

Read more

Privacy, Data  & Cybersecurity

Our clients face significant challenges as they navigate advances in technology, growing digitisation and a complex and costly regulatory landscape. However, the fuel of the world’s technological revolution is not just technology itself: it is data.  To maintain trust, individuals, our businesses and government institutions must ensure that their data uses are fair, lawful, proportionate and accountable – or face the consequences.

Our team advises on all aspects of data protection (GDPR, ePrivacy Directive) and cybersecurity (NIS2 Directive, Cyber Resilience Act). Our team aligns itself across four broad privacy pillars:

  • Operational Compliance:  We advise our clients on policies, procedures and practices to ensure their operational processes are compliant with data protection requirements. We can also advise on the wide range of practical and strategic implications presented by operational compliance issues.
  • Commercial and Product:  We work with some of the largest and most sophisticated companies in the world on commercial and product-related data protection work. This means we can guide clients to achieve their commercial and product-oriented goals in a way that provides effective protection for individuals’ data.
  • Cyber and crisis-management:  Recent legislation has introduced new requirements for reporting cybersecurity incidents to both regulators and to affected individuals.  At the same time, it has removed barriers for individuals making requests to access significant volumes of data.  We can help our clients prepare for these risks and mitigate for them as and when they arise.
  •  Enforcement and dispute resolution: We assist our clients in the context of data protection inspections and enforcement actions led by the national Data Protection Authorities, as well as dispute resolution between companies and data subjects.

Our team also advises on broader data related topics in an evolving EU legislative landscape. Effectively, the future legislative and regulatory landscape is not just about "personal data"; it as about "data" in general. We advise our clients on the EU's data related legislation, which includes the Data Act, the Data Governance Act and the European Data Health Space.

Technology transactions

The tech sector is dynamic and multi-faceted.  To a degree, almost every business has some reliance on technology or technologies that define it.

Our widely-recognised and respected Tech team has been providing clients with unrivalled counsel for over two decades. The team's position at the top of the market, and the high-profile mandates we have learned from, means clients can engage us for a truly risk-free solution.

Working on some of the most significant and high-profile tech projects for entities ranging from government departments to the fastest growing and most exciting businesses around the world, we combine the right insights and expertise for a particular project.

We recognise that clients want fast access to efficiently combined expertise. Our integrated approach means that we work as one team with colleagues across practices in employment, corporate, real estate, regulatory, competition, data protection and dispute resolution spanning our European network.

Whether a client is executing a roll-up strategy on the acquisition trail, requires support with traditional procurement and sales cycles, is working to manage IT infrastructure efficiently and cost-effectively or defending core IP rights that underpin their business, our experts are in tune with the rapid changes in technology which impact businesses and their customers.

 Digital & E-commerce

We help organizations navigate through the EU's complex digital legal landscape. We help providers of intermediary services (such as web hosting service providers and online platforms) to offer their services in the EU in compliance with the Digital Services Act (DSA). We also assist developers of artificial intelligence services to comply with the Artificial Intelligence Act (AI Act). Lastly, we assist online merchants who sell their products and services in the EU to comply with e-commerce and consumer protection laws both at a European and a national level.

Recent deals and highlights:

 Privacy, Data & Cybersecurity

  • We successfully counselled multiple organisations through the process of multiple binding corporate rules applications (both pre and post-GDPR), and across multiple different Member States as lead authority. 
  • The group advised clients on post-GDPR regulatory investigations across a number of European Member States.
  • We have managed large volume data subject access requests (DSARs) for clients in the public and private sectors. 
  • We have provided commercial contracting support to a wide range of leading, household brand clients in the run-up to GDPR, ensuring that their customer and vendor contracting templates were GDPR compliant, and helped to push those contracts out and negotiate them through to completion successfully.  This work was completed both within our team and also using our CONDOR solution for high volumes.
  • The team has managed large cybersecurity incidents for a multinational businesses, which has resulted in extensive reviewing of potentially compromised data. We supported the client through its communications to the regulatory, staff and affected data subjects.
  • We advised on privacy issues in the Internet of Things (IoT) for multiple clients including connected toys, vehicles and homes.
  • We provide data protection officer services to clients in the tech, pharma, retail and leisure industries.
  • The group advised a media business on the compliant collection and monetisation of viewing information.
  • We advised various ad tech businesses on their compliance with e-privacy and GDPR consent requirements, and in connection with regulatory enquiries into online advertising practices.

Technology Transactions

  • We have reviewed IT contracts under Belgian and French law for multiple companies.
  • The group has conducted legal audits of IT web platforms, including reviewing a website's terms and conditions, verifying the use of cookies and other online tracking technology and drafting other online policies.
  • We assisted a large outsourcing and consultancy group on a daily basis with negotiations for complex IT and BPO contracts, including assisting with the implementation of required data transfer agreements.
  • The team supported a French IT solutions provider on the acquisition of software from another company.
  • We assisted a multinational professional services company on IT, data protection and M&A questions.
  • We have advised an innovative IT start-up since its inception, amongst others, with the roll-out of a major change to its commercial model: putting in place B2B contract terms and negotiating them with our client's B2B companies where needed and working closely with them to help prepare for GDPR.
  • We advised an innovative SaaS platform with the drafting of the conditions of use, the contracts with the subcontractors and negotiations with supermarkets as well as acting as an external DPO.

Digital & E-commerce

  • We audited several e-commerce platforms on various issues, such as reviewing or drafting web privacy notices, online terms & conditions, online purchasing terms and reviewing online cookie consent platforms. 
  • We assisted multinational online platforms to comply with the Digital Services Act, which included conducting a preliminary analysis of the intermediary services provided, developing & implementing a notice & action procedure, implementing a complaint handling mechanism, drafting a DSA activity report; and updating the general terms & conditions.
  • We provided legislative and regulatory updates on the upcoming Artificial Intelligence Act.
  • We advised several clients on the use of electronic signatures and trust services under the eIDAS regulation.

What Others Say About Us

Their engagement with their client is outstanding. Understanding of the business model and their peculiarities is unpaired, and each and every advice they provide is practical and understandable, to the point that could be passed on to the business without filters for the layman.

Legal 500 - 2023

The team is exceptional in all senses, their availability, quality of the work delivered, their knowledge of the sector as well as the privacy laws and their practical implications. The advice they provide is always practical and can be easily implemented in practice.

Legal 500 - 2023

The team has an excellent knowledge of data protection and all its development and is at the forefront of the operationalisation of these new developments such as the transfer impact assessments. We rely on their expertise as also shown in their engagement with the personal data community.

Legal 500 - 2023

"My experience has been wonderful. It has very good lawyers, the best I have worked with. I think very highly of the firm", says a client. Sources highlight the firm's network, noting that their "ability to draw on specialist local resources is hugely important," and praising the fact that "clients around the world get tailor-made advice.