Background - Practices (Details)
Privacy & Cybersecurity
CONTACTS +

Privacy and cybersecurity issues are becoming increasingly important in today’s technologically advanced environment, as witnessed by recent developments in EU law and several high-profile cases in the press. More than ever, companies need to understand their rights and obligations in this area and need to be aware that non-compliance may not only result in heavy fines but will also be perceived very negatively by the market.

The EU General Data Protection Regulation (in force from May 2018) introduces new principles, concepts and obligations, which will result in companies having to revise their personal data processing practices and culture. Crucially, the Regulation i) extends the enforcement powers of data protection authorities (e.g., by way of heavy fines) and ii) is of wide-reaching effect: the new Regulation affects not only those businesses established in the EU but also companies that are not established in the EU but that are offering goods or services to data subjects in the EU or who monitor the activities of such data subjects.

Experience

For more than two decades, we have been closely monitoring EU and Belgian developments in the data protection area. During this time, we have advised many national and multinational clients from different industry sectors, with a particular focus on life sciences, TMT, energy, utilities, retail, as well as HR departments in general.

In order to provide our clients with a pan-European and global service, we have developed a network of experienced data protection lawyers in other jurisdictions with whom we have had strong ties for many years. We are also closely involved in Crowell & Moring’s U.S. Data Protection and Cybersecurity group and work closely with our U.S. colleagues on cross-border issues involving the international transfer of personal data.

The Challenges of New Technology

In this technological age, an important part of our practice consists of advising clients on the processing of personal data through the internet, the storing and international transfer of personal data and related cybersecurity issues, the use of “big data” and profiling for marketing purposes, the use of new technologies in the workplace, such as email monitoring and the use of social media by employees. In particular, we advise telecommunications companies and internet service providers regarding sector specific data protection obligations.

Compliance

We help our clients achieve data protection compliance through day-to-day counseling and contractual work and through global and Europe-wide privacy audits. We analyze our clients’ existing data protection practices and make recommendations for compliance. In this way, we help our clients to better understand their data processing, map the location and flows of the data and identify potential threats and compliance issues.

We develop and implement tailor-made privacy programs, which may include the drafting of privacy policies and procedures, notices, data transfer agreements and advice on security measures to be taken. We assist our clients in their contacts with the various Data Protection Authorities in Europe.

Training

It is not enough that our clients know the law and have the necessary policies and procedures in place to handle data in a safe and secure way. The knowledge and culture of the people actually handling the personal data on a daily basis is crucial, and will only become more important under the new EU Data Protection Regulation. It serves no purpose to have policies and procedures in place when these are not applied and complied with in practice. An important part of our service therefore consists of training key staff on applicable law and the client’s internal procedures.

Our Team

Our privacy and cybersecurity team is composed of highly experienced lawyers from each of our firm’s core practice areas, including corporate, commercial, employment and TMT. The practice is led by senior counsel Frederik Van Remoortel (CIPP/E, former member of IAPP European Advisory Board). Senior counsel Maarten Stassen (also a former member of the IAPP European Advisory Board) focuses in addition on other legal and operational aspects of the digital ecosystem. Partners Thomas De Meese (who has a particular focus on TMT and competition law), and Emmanuel Plasschaert, who concentrates on HR data protection complete the Brussels team.

"‘Superb data privacy lawyer’ Frederik Van Remoortel heads Crowell & Moring’s team, which includes Thomas De Meese and Emmanuel Plasschaert, who is an expert in HR-related data protection" Legal 500 EMEA, 2016

“Senior counsel Frederik Van Remoortel is ‘reliable like a Swiss watch’” Legal 500 EMEA, 2016

Emmanuel Plasschaert, who heads the [Crowell & Moring Brussels] corporate and labour practice groups, is ‘responsive and pragmatic’”. “[He] shows exceptional attention to detail.” Legal 500 EMEA, 2016

Representative Matters

Day-to-day Advice

  • Regularly answered questions such as: ‘Can I transfer this set of personal data to third parties in the US?’ ‘How long must I retain certain personal data?’ ‘Can I use customers’ personal data for targeted advertising?’
  • Advised on the use of customers’ personal data for the installation of so-called ‘smart meters.’
  • Advised several companies on data retention periods.

Privacy Audits

  • Worldwide privacy compliance projects with respect to personal data processed by the HR departments of a U.S. and a Belgian multinational.
  • Privacy audit and compliance project for an important Belgian telecommunications company (including customer and supplier data, user data, and marketing data).

Litigation and Contractual Work

  • Conducted legal proceedings with respect to the conformity with privacy laws of a ‘bad payer list’ set up by several undertakings in the same sector.
  • Reviewed contractual documents between doctors, hospitals, patients and the client (a manufacturer of medical devices), and notified the client’s data processing with the relevant data protection authority.
  • Drafted privacy policies: for the personnel of several Belgian and multinational companies, (e.g., in the telecommunications sector); and for the websites of national and multinational clients.