OYAT

mh.tonnellier@oyat.law
+33 1 81 22 40 10/+33 6 80 94 38 01
www.linkedin.com/in/mariehelenetonnellier/

Marie-Hélène has co-founded the Oyat law firm and heads the Digital & IP department. Both in advice and in litigation, she deals with all issues relating to IT, ecommerce and personal data issues, for private and public companies. She writes regularly in the legal literature specializing in these topics. Marie-Hélène also provides specialized training in new technology law and personal data. She is in particular responsible for teaching  "IT contracts", for the Master 2 Law of Creation and Digital at Paris-Saclay University since 1995 and at HEAD school (Hautes Etudes Appliqués du Droit) for the Master 2 Law of Digital and Intellectual Property. She also regularly takes part in seminars, and was the previous President of IFCLA Association. She's very active in the AFDIT Association. Marie-Hélène holds a postgraduate degree (DEA) in Business Law (University Paris I – Panthéon Sorbonne) and a postagraduate degree (DESS) in Notarial Law (University Paris II – Assas)

c.barraco-david@oyat.law
+33 1 81 22 40 15
www.linkedin.com/in/charlotte-barraco-david-avocat/

Charlotte Barraco-David is a French qualified lawyer and Counsel at Oyat law firm.
She is involved in all types of matters relating to the law governing new technologies and particularly in personal data law.

Charlotte assists public and private operators in implementing the obligations provided for in the French law governing data protection (loi informatique et libertés) of 1978 and in the General Data Protection Regulation (GDPR) (drafting confidentiality policies, outsourcing, crisis management in case of data leakage, assistance in the relationships with the French supervisory authority (CNIL), appointments of DPOs, developing a plan for complying with the GDPR, compliance reviews for asset acquisition projects...). She assists clients in litigation and prelitigation matters before the CNIL (onsite verifications, formal notices, sanctioning proceedings initiated by the "formation restreinte", the CNIL's enforcement body).
She has been a data protection officer (DPO) since 2013, and she is now certified by the French Standardisation Agency (AFNOR).

Charlotte is a member of AFCDP (French professional association of DPOs), of ADIJ (French association for the development of legal informatics), of AFDIT (French association for informatics and telecommunications law) and of of IAPP (International Association of Privacy Professionals).
Charlotte holds a postgraduate degree (DESS) in Space and Telecommunications Law with a focus on information society law from the University of Paris XI – Sceaux, France and a postgraduate degree (DEA) in International and European Law from the University of Versailles – Saint Quentin, France.

+33 1 81 22 40 20

s.lapeyre@oyat.law

Stéphanie Lapeyre-Castellane has been a member of the Paris Bar since 2015 and joined OYAT as a partner in 2026. She heads the ‘Personal Data and Cybersecurity’ practice and co-heads the ‘AI’ practice. She began her career at August Debouzy, subsequently moving to DLA Piper. Stéphanie specializes in new technology law and provides both advisory and litigation support to her clients on their innovative projects. Her clientele, mainly major French and international companies (GAFAM, CAC 40, Next 40, major public organizations), operate in a wide range of sectors including luxury goods, retail, media, energy, transport, healthcare, finance and technology.

She has developed a highly recognized expertise in all issues relating to the protection of personal data and cybersecurity, working on various topics including the implementation of GDPR compliance procedures, contract negotiations, investment operations, internal investigations, launching cutting-edge technologies (e.g. AI, connected objects and facial recognition), data transfers, targeted advertising and fraud prevention. She also assists her clients in the event of cyberattacks and data breaches, as well as helping them to comply with the cyber regulatory framework (NIS 2, DORA, etc.). Besides, she has solid experience in pre-litigation and litigation processes before the French Data Protection Authority (the CNIL), as well as in ‘personal data’ litigation before civil and criminal courts.

Finally, Stéphanie regularly advises companies on the strategic and legal issues relating to their AI projects, particularly with regard to implementing the obligations set out in the AI Act (qualifying actors, governance, etc.) and managing the risks inherent in this technology.