Raphaël Dana is an attorney in Paris. His practice includes advice relating to IPT and data aspects of domestic and international M&A transactions (due diligence, contractual documentation, reps and warranties, liability clauses); software licensing; interpretation of the GDPR and advice on its implementation; and cybersecurity. He represents financial institutions, and clients/companies in the industrial, manufacturing, life sciences, telecoms, technology, infrastructure and transport sectors.
Describe your career to date.
I ranked first at the bar exam in 2000, and started my career in the United States, as a visiting attorney, with the law firm Duane Morris LLP. I am fluent in French and English, and kept some (decent) speaking skills from my seven years of studying German.
I came back to France in 2003, and focused my practice on computer law, privacy and cybersecurity before it became trendy in Europe. The computer world has always fascinated me. Having spent over 15 years practising law at reputed French firms, in 2018 I co-founded Frieh Associés, a leading boutique law firm in Paris that is notably specialised in private equity, IPT and data protection.
What attracted you to a career in data law?
From a young age, the computer world always attracted me – ever since my parents bought an Apple Macintosh in the late 1980s, and signed up to an internet provider in the early 1990s. During my years studying law, I had, from the outset, decided that I would practise in the field of software and computers, and by extension, data.
As clients are becoming increasingly sophisticated, what are the main qualities they look for in an effective data lawyer?
We need to be genuinely interested by the products and services our clients develop, to be curious, to want to understand everything. Our clients need us to understand and anticipate their needs, and to be creative when it comes to understanding the business implications of a situation, before we begin the legal drafting.
How has the implementation of GDPR impacted the nature of the work you have been receiving?
We have seen an increase in the number of compliance audits, aiming at ensuring that our clients’ processes and legal documentation are in line with the GDPR’s provisions. Also, legal agreements that had been waiting a while to be put in order suddenly became the focus of attention because of international data flows at stake, or data falling in the frame of the GDPR article 9’s special categories of personal data.
What are the greatest challenges currently facing data lawyers?
I am quite involved in discussion groups with international legal leaders, computer experts, lawmakers and think tanks about the most recent technological developments (such as blockchain-based projects and AI-based decision-making processes), as I believe that data lawyers must understand technological developments and anticipate the corresponding legal questions. This is how we will be able to accompany our clients and help them interpret both existing legislation, and regulations to come.
How has the importance of data privacy for clients changed since you started practising?
When I came back from the US and started my legal career in France in 2002, we had to really push hard to get our clients to understand the need to comply with the French data privacy act of 1978. Back then, websites had to be declared to the French data protection authority (the CNIL), and were assigned a number that had to be visible (some French websites actually still contain the CNIL reference number). Data processing needed to be subject to declarations to the CNIL, and were classified under various categories (simplified declaration, normal declaration, authorisation, etc). The entry into force of the GDPR, the fines it contains and the fact that regulators have actually been imposing significant fines since then have all changed our clients’ approach to data privacy. This field is now recognised and taken seriously.
How do you see your practice developing over the next five years?
Similarly to what has been a classic piece of legal work for American lawyers, I clearly see a trend for increasing cybersecurity missions. My team and I are among the few French attorneys to have strong skills and experience in cybersecurity assessments, vetting of security risks in corporate transactions, and handling data incidents.