GDR 100 2024 - Introduction

Welcome to the 2024 edition of the GDR 100, which identifies and profiles the world’s best data law firms. The GDR 100 is the only global ranking that captures the capabilities, track record and market reputation of the leading firms in the field. GDR is now part of Lexology PRO, but this ranking remains similar to former editions and will continue to be known as the GDR 100 until its next edition.

For those who are not already familiar with the GDR 100, it examines not only law firms’ privacy and data protection capabilities but also their work on all other kinds of data law. We look at the likes of data localisation, B2B disputes about data acquisition and breach responsibility, the use of IP and confidentiality laws to protect proprietary data, and more. As you might expect, advice on the regulation and use of AI has spiked.

While we have seen plenty of non-personal data work as a result, the GDR 100 reflects the market: most companies still primarily need data protection-related services. Data localisation is a big deal – especially in cloud and financial services – and data-focused companies need to have watertight IP and database rights over their assets, but the bulk of the data-focused work out there is related to personal data. For example, there is plenty of cybersecurity and data breach work to go around, but for many companies, data protection and security go hand in hand. There is relatively little demand for advice on ‘pure’ cybersecurity matters that are unrelated to personal data. There is of course a business and reputational risk to losing control of valuable data, but the regulatory risk is just as important.

We exclude every firm that does not send us the information we need to justify including them in the survey. Each year, we contact firms we think have a chance of making the final cut and ask them to send us extensive information about their practice. Given the extensive analysis we conduct, and the effort that submitting firms put into telling us what we need to know, we believe it would be unfair to those firms and the process as a whole to include any firm that does not submit. Allowing firms in without submissions would also be a highly subjective exercise, and any firm we decide did not quite make the cut would be fully justified in asking us why they did not make it through and any non-submitting firm did. We also apply this policy to firms that participated in previous years but which, for whatever reason, did not send a submission this year, or sent one that was so patchy as to give us an incomplete picture of the work they do. We felt that our policy also allowed us to make better decisions when it came to excluding firms that did submit from the list.

It’s worth bearing in mind that our process for including new firms to the survey leans heavily on the feedback we directly receive from 100 participants. We make no apology for this: given the heavily advisory and behind-closed-doors nature of most data advice, it is tough, if not impossible, for us to make calls on inclusion based on the very limited amount of public information available to us. That’s why we ask all of our participants to tell us who else they rate highly; we take particular interest in information about referral partners in jurisdictions where we might not otherwise know to look. These references are taken seriously when we decide whether to invite firms to participate. We are grateful for the firms that provide us with this information in confidence. Rest assured that it is put to good use.

We believe that the 131 firms that made the cut this year fully merit the accolade. We encourage any law firms or consultancies that feel they should be on the list to contact [email protected] so that we can involve them in the process for the next edition.

What is a data practice?

Lexology PRO is published by Law Business Research, which publishes brands such as Global Competition Review, Global Investigations Review, Global Restructuring Review, Global Arbitration Review and Global Banking Regulation Review. Each of these has its own ‘100’ publication (with the exception of Global Banking Regulation Review, which launched in 2020 and has yet to publish its first). We also work alongside sister brands IAM and World Trademark Review, which respectively cover patents and trademark law and have even more ambitious ‘1,000’ rankings.

There is a lot of variation between those rankings, but they all closely follow a single practice area and pick out the best firms on their respective markets.

The GDR 100 is far harder to cleanly delineate. Each of the 100s and 1,000s above cover distinct markets: antitrust lawyers are easy to spot, international arbitration is a sufficiently specialised market from general commercial litigation that you can usually tell the two apart, and restructuring and insolvency experts tend to hold themselves out as such.

Data law is a different beast – or rather, a collection of different beasts. GDR frequently comes across lawyers with backgrounds in contentious and non-contentious IP, technology contracts, white-collar investigations, commercial disputes and more.

Can GDR identify a data lawyer? We think we know one when we see one. But it’s no easy task.

If it’s hard to identify data lawyers, it’s even harder to say one team of such lawyers is better than the other: law firms also approach data in very different ways, and it’s tough to mount a fair head-to-head comparison.

Some, for example, have a small bench of data protection specialists who have spent decades doing little else. Others have retooled lawyers with backgrounds in soft IP, commercial contracts and outsourcing as it became clear that data increasingly drives technology markets, and now offer a one-stop-shop service that will handle all data-related aspects of a client’s activity – whether that data is personal or not.

We take no position on the best way to do things. Privacy specialists make a good argument that experience trumps all. All-rounders can sometimes snipe that experts can develop tunnel vision. GDR isn’t taking sides: both approaches are valid ways of doing business, and in reality most practitioners sit somewhere between the two extremes – if nothing else because it’s only relatively recently that the market has grown to the point where it can sustain scores of senior lawyers who are true data protection specialists.

Methodology and trends

Once we received submissions from participants, we included only those that we felt had deep, lasting practices with a track record of acting for major companies on complex cases and deals, and of advising on significant compliance projects and product launches. Some of those firms were assessed relative to Elite peers, on which more here. National firms and boutiques were compared to others operating in their local markets. It would plainly be unfair to pit a two-partner boutique’s track record against that of a global juggernaut; our approach does not discriminate by size, and we feature smaller firms whose practices deserve to be assessed by reference to the quality of their work.

Our analysis incidentally gives us a unique snapshot of how data law demand has evolved.

A couple of years ago, many of the urgent mandates undertaken by the world’s largest firms were driven by issues such as the Cambridge Analytica scandal – arguably the wake-up call for data rights in the post-GDPR world, while it was technically a pre-GDPR case – and, in due course, the bombshell Schrems II judgment.

GDPR and other data privacy work remains the mainstay of every practice we have featured this year. It will not come as a surprise that global demand for AI-related advice has shot up: clients are anxious to ensure their use of the technology complies with the likes of the EU’s AI Act and other frameworks, and are increasingly seeking counsel to ensure they get the best out of their acquisition and use of underlying data through their commercial agreements and direct data scraping. A handful of firms have been tapped to defend major AI operators in the burgeoning AI IP litigation scene.

The GDR 100 editorial team has seen different areas of data law rise and fall relatively quickly – for example, we unsurprisingly don’t see many firms boasting about their metaverse or NFT work. It seems likely that AI advice will be much more than a flash in the pan.

Register now for your free, tailored, daily legal newsfeed service.

GDR 100 2024 - Introduction

Filed under

Topics

Popular articles from this firm

In conversation with Editor Brian Cousin: hot topics in employment law *

In conversation with Editor Marianne Anton: hot topics in renewable energy law *

In conversation with Editor Ulrich Grau: hot topics in healthcare law *

In conversation with Editor Maurice Suh: hot topics in sports law *

In conversation with Editors Jeremy Mandell and Calvin Funk: hot topics in consumer finance law *

Professional development

Related practical resources PRO

Related research hubs

Artificial intelligence

Global

IT & Data Protection