Photo of Myria Saarinen

Myria Saarinen is a partner in the Litigation & Trial Department of Latham & Watkins' Paris office. Her practice focuses on complex commercial litigation, data privacy, and compliance. She is the Global Co-Chair of the Technology Industry Group. Ms. Saarinen's practice focuses on resolving a broad range of complex disputes through litigation proceedings, mostly in an international context and in various areas of business (healthcare, aeronautics, information technology, construction works, insurance, etc.). She is very active in litigation relating to major industrial operations and is involved in a broad range of general commercial disputes (contract and liability) and corporate litigation. Ms. Saarinen has expertise on cross-border issues raised in connection with Discovery and similar requests in France. In addition, she has developed specific expertise, for 20 years now, in the privacy/personal data area, advising international clients. She supports her clients in their compliance program regarding the GDPR. She is also active in the corporate governance and compliance area and assists clients in drafting and implementing grant of powers, delegation of liability, and other compliance schemes.

The pressure on companies to adapt to stronger privacy regulation and enforcement in the EU increased this week, following the release of a letter to Google on behalf of 30 European data-protection commissioners.

On October 16, 2012, the Article 29 Data Protection Working Party publicly disclosed the correspondence it sent simultaneously to Google following the investigation into Google’s new privacy policy that started in February this year. In the correspondence (letter and appendix), the European data protection

The French Data Protection Authority (CNIL) has issued a working document setting out its recommendations to companies contemplating the use of cloud computing services. This is in part the result of a public consultation carried out by the CNIL from October to December 2011. The guidance includes a checklist applicable to both private and public clouds with seven key steps, summarized below, to be followed by cloud customers:

1. Identify the types of data and the data processing that could

In a decision published on February 16, 2011 (Deliberation No. 2011-023), the French data protection authority (CNIL) exempted non EU-based companies from any prior notification obligation with regard to their payroll, customer and prospects data processed in France.  This exemption will be of particular interest for non EU companies engaging cloud service providers with processing facilities in France.

Under the French Data Protection Act (Act No. 78-17), data controllers not established in the EU are nevertheless subject to

iStock_globe.jpgIn a 32-page-long decision adopted on March 17, 2011, the French Data Protection Authority (CNIL) determined that Google Inc.’s collection of data in the course of its Street View application and Latitude service breached the French Data Protection Act No. 78-17. (The CNIL’s English summary of its action is here).  Making use of its enforcement and sanction powers, CNIL decided to issue a record fine of €100,000.  Google Inc. has now two months to lodge an appeal