Hugo Roy, Attorney at the Paris Bar
c/o Baker McKenzie
1 rue Paul Baudry
75008 Paris, France
- +33 1 44 17 65 60
- +33 1 44 17 59 21
Passionate about technology, the development of the Web and security issues, I advise my clients on regulatory aspects and defend their interests in negotiations and in litigation, before courts as well as data protection authorities.
Data / GDPR
- Strategy and representation on CNIL proceedings (investigations, formal notices and sanctions) and other European data protection authorities
- Analysis of territorial and material scopes of data protection laws and regulations
- Writing of accountability internal documentation (legitimate interests analysis, data protection impact assessment, assistance on compliance records, etc.)
- Writing/review of terms and conditions, privacy policies and data use policies and disclosure notices
- Analysis and assistance on transfers of data out of the EU and in particular to the USA (GDPR, Cloud ACT, SCA, blocking statutes, etc.)
- Strategy and representation in group actions, data subject rights actions and liability proceedings
- Training and assistance for implementing Open Source and free software licenses management in accordance with best practices (OSI, FSF, SPDX, REUSE, OpenChain, etc.)
- Audit and risk analysis for complex integration involving copyleft licenses (GNU GPL, LGPL, AGPL, MPL, etc.)
- Due diligence audits in the context of mergers/acquisitions of technology companies
- Disputes and litigations on software law (copyright and patents)
Internet and networks
- Advice and litigation on national and international surveillance laws (access to data, interceptions of communications, real time algorithms, etc.)
- Regulatory analysis and filings to NRA (ARCEP)
- Liability issues online and e-Commerce (LCEN)
Infosec / ANSSI
- Investigations and proceedings in relation to security vulnerabilities and incidents, data breaches, and unlawful access to IT equipment and systems
- Assistance on certifications by ANSSI (French Cybersecurity Agency)
- Filings on cryptography technology import/export
Representative cases and matters
Litigation ⋅ Data / GDPR Representing technology services companies and ecommerce companies, worldwide leaders in their field, in investigations and/or sanctions proceedings at the CNIL
Litigation ⋅ Pro Bono ⋅ Internet and networks Representing Privacy International before the EU Court of Justice in matters of national and international electronic communications surveillance by French intelligence services
Advice ⋅ Data / GDPR Analysis of issues around personal data transfers to US authorities for an international humanitarian NGO based in Europe
Advice ⋅ Data / GDPR Development of arguments on non-compliance with data protection rules by the French tax administration, for a French group worldwide leader in their field
Regulatory ⋅ Infosec / ANSSI Assistance of a worldwide leader in the field of technology services for obtaining an ANSSI certification
Advice and litigation ⋅ Infosec Representing a French company subject to a data breach, an extortion attempt, and investigating to obtain identification data to enable pressing charges
CJEU provides a strict framework for national security surveillance measuresOct. 14, 2020 Short Article
France’s Contact Tracing App: CNIL issues its second opinion on StopCovid’s implementationJune 29, 2020 Twitter Thread
Contact Tracing COVID-19 apps and privacy: the legal frameworkApr. 17, 2020
Associate within the IT/C department at Baker McKenzie (Paris). Previously:
Open Invention Network (Berlin), patent lawyer (intern), 2014.
Hewlett-Packard (Paris), open source lawyer (intern), 2011.
Free Software Foundation Europe (Berlin), policy/legal intern, 2009.
LLM and Bachelor's degree, Sciences Po (Paris), 2013.
Admission to practice as an attorney at law (CAPA), Paris Bar School (EFB), 2015.
Certificate of completion of CopyrightX, Harvard Law School (online), 2016.