On confidentiality and tools for lawyers
An absurd situation this August 20, 2025.
I am scrolling through my LinkedIn feed and I come across a post by an AI consultant (one who was a Web3 consultant before — you know the type).
In summary, this consultant describes his encounter with a lawyer (Martin) who considers that professional secrecy issues are outdated nonsense because by using an Office 365 suite, data is already “in danger.”
According to Martin, the mere act of sending an email with Outlook containing confidential data would be a violation because confidentiality guarantees would not be met given the use of a US service provider.
Conclusion, according to this lawyer: let us stop gesticulating about AI confidentiality and use paid, secure versions because it is exactly the same as using the Office 365 suite.
After reading this post, I reacted in my own way, by recalling certain principles (which I discuss below), and the tone began to escalate between this consultant who believed he was being targeted when I was attacking “Martin’s” reasoning. Hours passed and I noticed that all the posts had disappeared. The consultant’s, mine that had reshared and commented on the consultant’s post… LinkedIn censorship or deletion by the consultant?
In any case, this seems to confirm that my point of view is not outlandish and should be shared since it bothers consultants selling training courses on how to prompt like an ace.
I also believe this reflection must be shared because it highlights errors in judgment that we have made. It pushes us to acknowledge that we were wrong, which for some can be very unpleasant. It also remains one of the ways to move toward “something better.”
So, at first reading, one might validate the approach. If the profession accepts/tolerates the use of an email provided by a US provider, there is no reason to consider that another US provider offering GAI and “equivalent/similar” contractual guarantees could not be used.
However, this reading is insufficient and overlooks some important elements.
1) The growing awareness of EU digital sovereignty calls into question the tools we use.
Microsoft has demonstrated in 6 months that it is no longer the trustworthy partner it claims to be.
A) Microsoft’s declaration of April 30, 2025
Microsoft, sensing which way the wind was blowing, came forward with strong “commitments” stating notably:
We will continue to protect the privacy of European data
Unfortunately, we learn a few weeks later that this commitment has variable geometry.
B) The revelations about the deletion of the International Criminal Court (ICC) Prosecutor’s account
On May 16, 2025, we discover in the press that Karim Khan, the ICC Prosecutor, had his email account deleted by Microsoft. This deletion measure would have resulted from sanctions against the ICC in reaction to investigations launched against Israel for war crimes perpetrated in Gaza, invoked by the latest US president.
C) The statements by Anton Carniaux at the French Senate on June 10, 2025
Anton Carniaux is the Director of Public and Legal Affairs at Microsoft France.
The minutes of his hearing are enlightening regarding the deletion of the ICC accounts but especially on the question of guarantees that data hosted by Microsoft “will never be transmitted to the American government.”
Mr. Carniaux’s response is unequivocal.
To the question from rapporteur Wattebeld:
Can you guarantee before our commission, under oath, that the data of French citizens entrusted to Microsoft via Ugap will never be transmitted, following an order from the American government, without the explicit consent of the French authorities?
Anton Carniaux responds:
No, I cannot guarantee that, but, once again, this has never happened yet.
2) Professional secrecy is a component of the fundamental right to privacy
The conclusion I draw from all this is that, in the current state of legislation, American regulations could potentially override the lawyer’s professional secrecy.
All the guarantees we currently know do not seem to me to be met and/or respected. In Belgium, for example, an investigating judge can carry out searches in a law firm, but this search is strictly supervised, notably through the President of the Bar.
It would therefore be possible for data protected by attorney-client privilege to be accessed by an American authority. One might then think like “Martin” and say that of course, the US has very little interest in knowing what is said in rental disputes before court X.
One could debate for hours about the “sensitive” or non-sensitive nature of information in lawyers’ files and conclude that a significant number of elements are certainly confidential but hold no interest for third parties.
I will not make this mistake because it would mean ranking confidential information and therefore considering that some information is worthy of protection while other information would not be.
For the lawyer, the data of a rental dispute is just as important to protect as that of a commercial transaction worth several hundred million. If this is not the case, then client trust, which arises from this obligation of secrecy, will crumble and the right to privacy will see increasing interference.
Of course, no fundamental right is absolute. They can be subject to interferences that must comply with a series of conditions.
Professional secrecy is a duty for the lawyer (or for the doctor and other regulated professions) because it is a right linked to respect for privacy for the citizen. The violation of professional secrecy is moreover criminally sanctioned precisely to reinforce the necessary protection of this fundamental right that is privacy.
If we come to consider that a right becomes outdated because of a decrease in the effectiveness of its protection, then we will no longer live in the same society.
I believe we must precisely review the use of our tools and our professional standards in light of these elements, and the current geopolitical awareness is contributing to accelerating this transition toward tools that are more respectful of lawyers’ obligations but above all of fundamental rights.
Edward Snowden said:
Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.
One could say the same about professional secrecy… Not caring about it today because our current tools are already full of holes is not a validation of their use.
Let us acknowledge our mistakes and try to correct course.