Paul Lanois's practice focuses on advising companies on data privacy and cybersecurity matters drawing on his international experience, having lived and worked in the United Kingdom, France, Luxembourg, Switzerland, Hong Kong and the United States. Lanois helps companies – ranging from startups to large Fortune 500 multinationals across a range of industries – to develop data protection and privacy strategies for new products and services. He advises clients on complying with evolving global privacy and data protection laws, such as the General Data Protection Regulation (GDPR), the ePrivacy Directive, as well as the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA) and similar data privacy laws passed in Virginia, Colorado, Connecticut, and Utah.
In particular, Lanois advises clients in relation to their cutting-edge B2B and B2C offerings, such as connected products and services (Internet of Things) including virtual reality, mobile apps (including augmented reality apps), artificial intelligence (AI) and machine learning (ML) as well as cloud-based integrations. He also advises on cybersecurity matters, including on data breaches and incident response, risk assessments, policy development and compliance with industry standards, such as the Payment Card Industry Data Security Standard (PCI DSS). He also coordinates large projects spanning privacy law requirements in a large number of countries to provide clients with a consolidated advice that is practical and actionable.
Lawdragon Honors
| Honor | Year | Practice |
|---|---|---|
| The 2024 Lawdragon 500 X – The Next Generation | 2024 | Data Privacy, Cybersecurity |
| Lawdragon 500 X – The Next Generation | 2023 | Data Privacy, Cybersecurity |
In 2018, Lanois was selected for inclusion on the list of arbitrators developed by the U.S. Department of Commerce, the EU Commission and the Swiss Federal Administration as part of the Privacy Shield Framework Binding Arbitration Program. Before joining Fieldfisher, he was Vice President and senior legal counsel at a leading international bank, Credit Suisse, at its headquarters in Switzerland as well as its Hong Kong office. Before that, he worked on technology transactions at large international law firms in London (UK) and Luxembourg, and was an Associate Professor at the University of Cergy-Pontoise Law School in France.
Lanois has written extensively on current developments in relation to cybersecurity, as well as American and European privacy law. For example, he was one of the lead authors of the Cloud Security Alliance's guidance "Observations and Recommendations on Connected Vehicle Security" published in 2017 which covered vehicle security connectivity, possible attack vectors of concern, and recommendations for securing the connected vehicle environment. Lanois was also one of the lead authors of the Cloud Security Alliance's guide on "Future-proofing the Connected World: 13 Steps to Developing Secure IoT Products" published in 2016 and which provides a comprehensive guidance for product designers and developers. He currently co-chair the National Institute of Standards and Technology (NIST) Privacy Workforce Public Working Group's Data Processing Ecosystem sub-group.