Paul Lanois | Fieldfisher
Skip to main content

My practice focuses on advising companies on data privacy and cybersecurity matters drawing on my international experience, having lived and worked in the United Kingdom, France, Luxembourg, Switzerland, Hong Kong and the United States. I help companies – ranging from startups to large Fortune 500 multinationals across a range of industries – to develop data protection and privacy strategies for new products and services. I advise clients on complying with evolving global privacy and data protection laws, such as the General Data Protection Regulation (GDPR), the ePrivacy Directive, as well as the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA) and similar data privacy laws passed in Virginia, Colorado, Connecticut, and Utah.
In particular, I advise clients in relation to their cutting-edge B2B and B2C offerings, such as connected products and services (Internet of Things) including virtual reality, mobile apps (including augmented reality apps), artificial intelligence (AI) and machine learning (ML) as well as cloud-based integrations. I also advise on cybersecurity matters, including on data breaches and incident response, risk assessments, policy development and compliance with industry standards, such as the Payment Card Industry Data Security Standard (PCI DSS). I also coordinate large projects spanning privacy law requirements in a large number of countries to provide clients with a consolidated advice that is practical and actionable.
In 2018, I was selected for inclusion on the list of arbitrators developed by the U.S. Department of Commerce, the EU Commission and the Swiss Federal Administration as part of the Privacy Shield Framework Binding Arbitration Program. Before joining Fieldfisher, I was Vice President and senior legal counsel at a leading international bank, Credit Suisse, at its headquarters in Switzerland as well as its Hong Kong office. Before that, I worked on technology transactions at large international law firms in London (UK) and Luxembourg, and was an Associate Professor at the University of Cergy-Pontoise Law School in France.

I have written extensively on current developments in relation to cybersecurity, as well as American and European privacy law. For example, I was one of the lead authors of the Cloud Security Alliance's guidance "Observations and Recommendations on Connected Vehicle Security" published in 2017 which covered vehicle security connectivity, possible attack vectors of concern, and recommendations for securing the connected vehicle environment. I was also one of the lead authors of the Cloud Security Alliance's guide on "Future-proofing the Connected World: 13 Steps to Developing Secure IoT Products" published in 2016 and which provides a comprehensive guidance for product designers and developers. I currently co-chair the National Institute of Standards and Technology (NIST) Privacy Workforce Public Working Group's Data Processing Ecosystem sub-group.
I frequently speak at conferences around the world and lead industry committees and organizations. For example, within the American Bar Association’s Science & Technology Law Section, I am a member of the Book Publishing Board and am the co-chair of the E-Privacy Law Committee. I am currently a member of the CIPP/US Exam Development Board at the International Association of Privacy Professionals (IAPP). I was previously a member of the IAPP's Education Advisory Board, European Advisory Board as well as the CIPT Exam Development Board. I am a member of the California Lawyers Association's Privacy Law Section Executive Committee.
Recent industry recognition include:

  • Selected as a winner of the 2022 California Legal Awards in the category of 'Lawyers on the Fast Track (under 40)' by The Recorder (2022);
  • Listed in the 'Sports/Gaming/Entertainment Law Trailblazers' by The National Law Journal (2021);
  • Named in the Global Data Review (GDR) '40 under 40' (2021);
  • Named in the list of '2020 Most Influential People in Security' by Security Magazine (2020);
  • Won the 'Rising Star Award' from AIIM Association of Information Professionals (2019);
  • Selected as 'General Counsel of the Year' by The American Lawyer / Legalweek at the Transatlantic Legal Awards (2018);
  • Won the 'Innovator Award' from CompTIA Association of IT Professionals (2018);
  • Listed in the list of 'Top 10 30-Somethings' by the Association of Corporate Counsel (2018);
  • Won the 'Advocacy Award' from the Association of Corporate Counsel (2017);
  • Named 'Innovative Corporate Counsel' by Law 360 (2016);
  • Listed in the 'Cybersecurity & Data Privacy Trailblazers' by The National Law Journal (2016);
  • Listed in the 'GC Powerlist: France' (inaugural issue) by The Legal 500 (2016). 

I regularly teach courses on data privacy at the University of California (UC) College of the Law San Francisco ('UC Law SF', formerly known as 'UC Hastings Law School'), as well as the Law Society of Ireland's Certificate in Data Protection Practice program.
I am a Systems Security Certified Practitioner (SSCP) from (ISC)², the world's largest non-profit association of cybersecurity professionals, and I am also a Payment Card Industry Professional (PCIP). In addition, I am a Fellow of Information Privacy (FIP) of the International Association of Privacy Professionals (IAPP) and am a Certified Information Privacy Professional, with concentrations in Asian law (CIPP/A), US law (CIPP/US), European law (CIPP/E) and Canadian law (CIPP/C). I am also a Certified Information Privacy Manager (CIPM) and a Certified Information Privacy Technologist (CIPT). I also hold the Certified Data Privacy Solutions Engineer (CDPSE) certification from ISACA.
I am fluent in both English and French. I also have an intermediate level of German.

Download Profile

Download Now