-
Substantial Regulatory Investigations Experience
Yann began his career as an Administrator at the French National Assembly, where he focused on personal data law and criminal law and criminal investigations. He also served as Secretary General of the CNIL—France’s data protection authority—where he notably built the CNIL’s enforcement and technological capacities. Yann was also involved in the early negotiation of the GDPR at the EU level.
-
Focused on Representing Clients in France and at the Pan-European Level
In private practice, Yann has focused on enforcement and sanction proceedings by Regulators at the pan-European and French levels on complex cases involving cross-border processing and multinational companies.
-
Comprehensive Scope of Experience—From Regulatory Investigations to Privacy and Cybersecurity Matters
In addition to regulatory investigations matters, Yann also advises companies on cybersecurity issues and internal investigations. His practice centers on finding innovative solutions for the novel regulatory responses that companies face.
-
Leadership Roles in International Privacy and Data Protection Organizations
In 2019, Yann was appointed “country leader” for France by the International Association of Privacy Professionals (IAPP). He was also named “strategic advisor” from 2016 to 2019 by the Information Commissioner’s Office (ICO) —the UK’s Data Protection Authority —on the interplay between innovation and regulation (“sandbox” initiative).
Yann Padova is a partner in the Brussels office of Wilson Sonsini Goodrich & Rosati, where he is a member of the firm’s privacy and cybersecurity practice. He has extensive experience dealing with regulatory issues and with issues related to internet law, data protection, internet surveillance, cloud computing, international data transfers and cybercrime. He has also assisted numerous businesses with complex projects involving new technologies (ethics of algorithm, data and AI governance, biometrics, profiling, e-discovery procedures, etc.).
Yann advises on enforcement and sanction proceeding by regulators. He also works with large companies on problems linked to cybercrime, internal investigation and security breach notification matters.
Prior to joining Wilson Sonsini in 2023, Yann was a partner in the information technology group and head of the data protection practice at Baker McKenzie in France. Before joining Baker McKenzie, Yann served as Commissioner with the Commission de Régulation de l’Energie (CRE - 2015-2017), to which he was appointed by the President of the National Assembly due to his skills in the field of personal data. Before this appointment, he worked for Baker McKenzie in Paris as Senior Counsel in the information technology team (2012-2015).
For six years, he was Secretary General of the CNIL (2006-2012), the French data protection authority, where he built the enforcement and technological capacities of the authority and participated in the very first rounds of negotiations of the GDPR.
He began his career as an Administrator at the National Assembly (1995-2006) where he specialized in personal data laws, criminal law, and criminal investigations and, perhaps most notably, participated in the legal work that led to the transposition of the Directive 95/46 on data protection into French Law.
Yann is also a lecturer in Data Protection and Digital Regulations at Paris II Law University and at Sciences Po Paris.
Yann is fluent in English, French, and Spanish. He has a conversational level in Swedish.
Yann Padova is a partner in the Brussels office of Wilson Sonsini Goodrich & Rosati, where he is a member of the firm’s privacy and cybersecurity practice. He has extensive experience dealing with regulatory issues and with issues related to internet law, data protection, internet surveillance, cloud computing, international data transfers and cybercrime. He has also assisted numerous businesses with complex projects involving new technologies (ethics of algorithm, data and AI governance, biometrics, profiling, e-discovery procedures, etc.).
Yann advises on enforcement and sanction proceeding by regulators. He also works with large companies on problems linked to cybercrime, internal investigation and security breach notification matters.
Prior to joining Wilson Sonsini in 2023, Yann was a partner in the information technology group and head of the data protection practice at Baker McKenzie in France. Before joining Baker McKenzie, Yann served as Commissioner with the Commission de Régulation de l’Energie (CRE - 2015-2017), to which he was appointed by the President of the National Assembly due to his skills in the field of personal data. Before this appointment, he worked for Baker McKenzie in Paris as Senior Counsel in the information technology team (2012-2015).
For six years, he was Secretary General of the CNIL (2006-2012), the French data protection authority, where he built the enforcement and technological capacities of the authority and participated in the very first rounds of negotiations of the GDPR.
He began his career as an Administrator at the National Assembly (1995-2006) where he specialized in personal data laws, criminal law, and criminal investigations and, perhaps most notably, participated in the legal work that led to the transposition of the Directive 95/46 on data protection into French Law.
Yann is also a lecturer in Data Protection and Digital Regulations at Paris II Law University and at Sciences Po Paris.
Yann is fluent in English, French, and Spanish. He has a conversational level in Swedish.
- Master’s Degree, Advanced Public Law, University of Toulouse, 2012
- DEA Economics, Sciences Po Paris, 1993
- Diploma, Public Service, Sciences Po Paris, 1991
- Bachelor’s Degree, History, Université Paris IV Paris-Sorbonne, 1988
- Member, International Association of Privacy Professionals
- Member, Political Sciences Institute (Paris)
- Former Chair of the NGO e-enfance (Paris)
- Ranked for TMT: Data Protection in Belgium by Chambers Europe, 2025-2026
- Selected for inclusion in the 2025-2026 editions of the Lawdragon’s "500 Leading Global Cyber Lawyers" guide
- Recognized as a key lawyer for privacy and data protection in the 2024 edition of The Legal 500 Europe
- Ranked as in the “Hall of Fame,” Tier 1 – Data Privacy and Data Protection in the Legal 500 EMEA – France, 2023
- Recognized as a “Westin Emeritus Fellow” by the International Association of Privacy Professionals (IAPP), 2023
- Recognized as “Best Lawyer for Information Technology Law” in Best Lawyers Guide, 2023
- Recommended as Global Leader, Data Privacy & Protection by Who’s Who Legal, 2023
- Ranked in Band 1 – TMT in France and Europe by Chambers and Partners, 2021-2023
- Recommended as National Leader, Data by Who’s Who Legal, 2022
- Recognized as a leading individual, data privacy and data protection - Tier 1 by Legal 500 EMEA France, 2019-2022
- Entered the Top 40 ranking of France’s best business attorneys in private practice and the only one in Data Protection (“CAC 40”) by Forbes France and La Lettre des Juristes d’Affaires, 2021
- Recognized as “Country Leader, France” by the International Association of Privacy Professionals (IAPP)
- Paris Bar
- Brussels Bar E-List
- Master’s Degree, Advanced Public Law, University of Toulouse, 2012
- DEA Economics, Sciences Po Paris, 1993
- Diploma, Public Service, Sciences Po Paris, 1991
- Bachelor’s Degree, History, Université Paris IV Paris-Sorbonne, 1988
- Member, International Association of Privacy Professionals
- Member, Political Sciences Institute (Paris)
- Former Chair of the NGO e-enfance (Paris)
- Ranked for TMT: Data Protection in Belgium by Chambers Europe, 2025-2026
- Selected for inclusion in the 2025-2026 editions of the Lawdragon’s "500 Leading Global Cyber Lawyers" guide
- Recognized as a key lawyer for privacy and data protection in the 2024 edition of The Legal 500 Europe
- Ranked as in the “Hall of Fame,” Tier 1 – Data Privacy and Data Protection in the Legal 500 EMEA – France, 2023
- Recognized as a “Westin Emeritus Fellow” by the International Association of Privacy Professionals (IAPP), 2023
- Recognized as “Best Lawyer for Information Technology Law” in Best Lawyers Guide, 2023
- Recommended as Global Leader, Data Privacy & Protection by Who’s Who Legal, 2023
- Ranked in Band 1 – TMT in France and Europe by Chambers and Partners, 2021-2023
- Recommended as National Leader, Data by Who’s Who Legal, 2022
- Recognized as a leading individual, data privacy and data protection - Tier 1 by Legal 500 EMEA France, 2019-2022
- Entered the Top 40 ranking of France’s best business attorneys in private practice and the only one in Data Protection (“CAC 40”) by Forbes France and La Lettre des Juristes d’Affaires, 2021
- Recognized as “Country Leader, France” by the International Association of Privacy Professionals (IAPP)
- Paris Bar
- Brussels Bar E-List
Select Publications
- Co-author, “Increased Focus on the Protection of Minors and Age Verification in the EU and the UK,” Wilson Sonsini Alert, January 9, 2025
- Co-author, “EU Court Awards Damages for Breach of EU Data Transfer Rules,” Wilson Sonsini Alert, January 9, 2025
- Co-author, “New Enforcement Powers for the French Data Protection Authority (CNIL),” Wilson Sonsini Alert, July 25, 2024
- Co-author, “French Data Protection Authority Publishes Recommendations on the Development of AI Systems: Seven Takeaways,” Wilson Sonsini Alert, April 23, 2024
- Co-author, “10 Privacy Predictions in the EU for 2024,” Wilson Sonsini Alert, January 17, 2024
- Co-author, “EU Lawmakers Reach Political Agreement on the AI Act,” Wilson Sonsini Alert, December 11, 2023
- Co-author, “Flagship Online Safety Bill Moves Closer to Enactment in the UK: Who Will Be in Scope and What Will It Require?,” Wilson Sonsini Alert, October 10, 2023
- Co-author, “EU and U.S. Finalize Data Privacy Framework: Here’s How to Get Certified,” Wilson Sonsini Alert, July 10, 2023
- Co-author, “EU’s Top Court Rules That Competition Authorities Can Consider Data Protection Breaches in Their Investigations,” Wilson Sonsini Alert, July 6, 2023
- Co-author, “European Commission Proposes New Rules for Cross Border GDPR Enforcement,” Wilson Sonsini Alert, July 5, 2023
- Co-author, “What's Next After the EU Parliament's Position on the Draft AI Act?,” Wilson Sonsini Alert, June 28, 2023
- “Opinion: Should ChatGPT really be banned?” in Les Echos, April 2023 (French)
- “Data Dilemna: Will Europe Favor Privacy or a Crackdown on Gatekeepers?”Center for European Policy Analysis (CEPA), May 2022
- “Data Protection or Data sharing: does the DMA leave companies with impossible choices?” in Revue Lamy du droit de l'Immatériel (RLDI), May 2022
- “Opinion: The DSA, or the mandatory data sharing at any price?” Tribune in Les Echos, May 2022 (French)
- “Opinion: Google analytics targeted by CNIL: are we talking about Data Protection or Data Protectionism?” in Les Echos, March 2022
- “Opinion: Choosing between data security and data sharing should not be an option” in Euractiv, January 2022
- “International data transfers: between principle based and risk-based approaches” in Revue Lamy du droit de l'immatériel (RLDI), September (Part I) and October (Part II) (published in French) 2021
- “Can Data Protection Principles and Innovation Be Reconciled, and How?” Centre for Information Policy Leadership (CIPL), January 2021
- “Data ownership versus data sharing: and what about privacy?” in Lex Electronica, n° 21-1 (English), 2021
- "Is the right to be forgotten a universal, regional or “glocal” right ?" in International Data Privacy Law (IDPL), Oxford University Press, Volume 9, Issue 1, February 2019
- “Opinion: Does the right to be forgotten means the right to forget the judge?” in La Tribune, October 2019
- “Opinion : Artificial intelligence versus collective intelligence?” in Les Echos, September 2017 (French)
- “Opinion: Legal and regulatory innovation: the other weapon for Brexit?” Les Echos, January 2017 (French)
- “Is the right to be forgotten a universal right?” Revue Lamy droit de l'immatériel (LRDI), October 2016 (French)
- Co-author with V. Mayer-Schönberger (Professor, Oxford University), “Regime change? The Global Data Protection Regulation and Big Data,” Columbia Law Review, June 2016
- “The Safe Harbor is invalid. But what tools remain and what comes next?” Oxford International Data Privacy Law Review (IDPL), June 2016
- “Opinion: Will algorithms replace politics?” in Huffington Post, September 2016 (French)
- “Opinion: Is Encryption the new public enemy?” in Les Echos, March 2016 (French)
- “Safe Harbor is invalid: Analysis of the rationale and the consequences of the ECJ’s ruling,” Revue Lamy droit de l'immatériel (LRDI), November 2015
- Co-author with A. Voss (German MEP), “We need to make Big Data into an opportunity for Europe!” first published on Le Monde (French), June 2015, and later on Euractiv (English), July 2015
- “Will the European Court of Justice cancel the Safe Harbor agreements because of the PRISM scandal?” published in Revue Lamy droit de l'immatériel (LRDI) (French) and on Euractiv (English), December 2014
- “Opinion: Cyber criminality: why it won’t happen only to the others?” in Les Echos, August 2014 (French)
- “What the European draft Regulation on personal data is going to change for companies,” Oxford IDPL Review, February 2014 (English)
- “Has the French DPA become a major player in the control of cyberspace?” Revue Lamy droit de l'immatériel (LRDI), February 2014 (French)
- “What will the Regulation change for businesses – Part 2,” Expertises, July 2013
- “What will the Regulation change for businesses – Part 1,” Expertises, June 2013
- “Between the right to personal data and the freedom of expression, what is the position of the search engines?” Revue Lamy droit de l'immatériel (LRDI), February 2013 (French)
- “The law on repeated infringements,” Regards sur l'actualité, March 2006 (French)
- “Freedom of expression versus the repression of racism and homophobia,” La Gazette du Palais, March 2005 (French)
- “Rights of the data, rights of the individuals,” La Gazette du Palais, January 2004 (French)
- “In the search of the absolute proof, reflections on the use of DNA in criminal proceedings,” Les Archives de la politique criminelle, Pédone, 2004 (French)
- “An overview of the fight against cybercrime,” Revue de science criminelle et de droit comparé, 2002 (French)
Select Speaking Engagements
- Panelist, “Who is Going to Regulate Ai and How,” IAPP Europe Data Protection Congress 2024, November 20, 2024
- Speaker, Privacy Symposium 2024, June 10, 2024
Select Publications
- Co-author, “Increased Focus on the Protection of Minors and Age Verification in the EU and the UK,” Wilson Sonsini Alert, January 9, 2025
- Co-author, “EU Court Awards Damages for Breach of EU Data Transfer Rules,” Wilson Sonsini Alert, January 9, 2025
- Co-author, “New Enforcement Powers for the French Data Protection Authority (CNIL),” Wilson Sonsini Alert, July 25, 2024
- Co-author, “French Data Protection Authority Publishes Recommendations on the Development of AI Systems: Seven Takeaways,” Wilson Sonsini Alert, April 23, 2024
- Co-author, “10 Privacy Predictions in the EU for 2024,” Wilson Sonsini Alert, January 17, 2024
- Co-author, “EU Lawmakers Reach Political Agreement on the AI Act,” Wilson Sonsini Alert, December 11, 2023
- Co-author, “Flagship Online Safety Bill Moves Closer to Enactment in the UK: Who Will Be in Scope and What Will It Require?,” Wilson Sonsini Alert, October 10, 2023
- Co-author, “EU and U.S. Finalize Data Privacy Framework: Here’s How to Get Certified,” Wilson Sonsini Alert, July 10, 2023
- Co-author, “EU’s Top Court Rules That Competition Authorities Can Consider Data Protection Breaches in Their Investigations,” Wilson Sonsini Alert, July 6, 2023
- Co-author, “European Commission Proposes New Rules for Cross Border GDPR Enforcement,” Wilson Sonsini Alert, July 5, 2023
- Co-author, “What's Next After the EU Parliament's Position on the Draft AI Act?,” Wilson Sonsini Alert, June 28, 2023
- “Opinion: Should ChatGPT really be banned?” in Les Echos, April 2023 (French)
- “Data Dilemna: Will Europe Favor Privacy or a Crackdown on Gatekeepers?”Center for European Policy Analysis (CEPA), May 2022
- “Data Protection or Data sharing: does the DMA leave companies with impossible choices?” in Revue Lamy du droit de l'Immatériel (RLDI), May 2022
- “Opinion: The DSA, or the mandatory data sharing at any price?” Tribune in Les Echos, May 2022 (French)
- “Opinion: Google analytics targeted by CNIL: are we talking about Data Protection or Data Protectionism?” in Les Echos, March 2022
- “Opinion: Choosing between data security and data sharing should not be an option” in Euractiv, January 2022
- “International data transfers: between principle based and risk-based approaches” in Revue Lamy du droit de l'immatériel (RLDI), September (Part I) and October (Part II) (published in French) 2021
- “Can Data Protection Principles and Innovation Be Reconciled, and How?” Centre for Information Policy Leadership (CIPL), January 2021
- “Data ownership versus data sharing: and what about privacy?” in Lex Electronica, n° 21-1 (English), 2021
- "Is the right to be forgotten a universal, regional or “glocal” right ?" in International Data Privacy Law (IDPL), Oxford University Press, Volume 9, Issue 1, February 2019
- “Opinion: Does the right to be forgotten means the right to forget the judge?” in La Tribune, October 2019
- “Opinion : Artificial intelligence versus collective intelligence?” in Les Echos, September 2017 (French)
- “Opinion: Legal and regulatory innovation: the other weapon for Brexit?” Les Echos, January 2017 (French)
- “Is the right to be forgotten a universal right?” Revue Lamy droit de l'immatériel (LRDI), October 2016 (French)
- Co-author with V. Mayer-Schönberger (Professor, Oxford University), “Regime change? The Global Data Protection Regulation and Big Data,” Columbia Law Review, June 2016
- “The Safe Harbor is invalid. But what tools remain and what comes next?” Oxford International Data Privacy Law Review (IDPL), June 2016
- “Opinion: Will algorithms replace politics?” in Huffington Post, September 2016 (French)
- “Opinion: Is Encryption the new public enemy?” in Les Echos, March 2016 (French)
- “Safe Harbor is invalid: Analysis of the rationale and the consequences of the ECJ’s ruling,” Revue Lamy droit de l'immatériel (LRDI), November 2015
- Co-author with A. Voss (German MEP), “We need to make Big Data into an opportunity for Europe!” first published on Le Monde (French), June 2015, and later on Euractiv (English), July 2015
- “Will the European Court of Justice cancel the Safe Harbor agreements because of the PRISM scandal?” published in Revue Lamy droit de l'immatériel (LRDI) (French) and on Euractiv (English), December 2014
- “Opinion: Cyber criminality: why it won’t happen only to the others?” in Les Echos, August 2014 (French)
- “What the European draft Regulation on personal data is going to change for companies,” Oxford IDPL Review, February 2014 (English)
- “Has the French DPA become a major player in the control of cyberspace?” Revue Lamy droit de l'immatériel (LRDI), February 2014 (French)
- “What will the Regulation change for businesses – Part 2,” Expertises, July 2013
- “What will the Regulation change for businesses – Part 1,” Expertises, June 2013
- “Between the right to personal data and the freedom of expression, what is the position of the search engines?” Revue Lamy droit de l'immatériel (LRDI), February 2013 (French)
- “The law on repeated infringements,” Regards sur l'actualité, March 2006 (French)
- “Freedom of expression versus the repression of racism and homophobia,” La Gazette du Palais, March 2005 (French)
- “Rights of the data, rights of the individuals,” La Gazette du Palais, January 2004 (French)
- “In the search of the absolute proof, reflections on the use of DNA in criminal proceedings,” Les Archives de la politique criminelle, Pédone, 2004 (French)
- “An overview of the fight against cybercrime,” Revue de science criminelle et de droit comparé, 2002 (French)
Select Speaking Engagements
- Panelist, “Who is Going to Regulate Ai and How,” IAPP Europe Data Protection Congress 2024, November 20, 2024
- Speaker, Privacy Symposium 2024, June 10, 2024
- Privacy Policy
- Terms of Use
- Accessibility