Lauren Cuyvers
Partner
Overview
Lauren Cuyvers is a partner in Crowell’s Privacy and Cybersecurity Practice based in Brussels. She focuses her practice on strategic cross-border compliance, regulatory enforcement, and litigation related to EU data privacy and cybersecurity laws. Her practice covers the full spectrum of, and strategic interactions between, the GDPR, EUDPR, ePrivacy Directive, EU AI Act, EU Data Act, EHDS, EU Cyber Resilience Act, EU NIS2 Directive, and EU DORA.
Career & Education
- University of Liège, L.L.M., cum laude, 2014
- KU Leuven, Master of Laws, 2013
- University of Hasselt, L.L.B., 2011
- Belgium
- Women Leading Privacy Advisory Board, IAPP
- EU Advisory Board Member, IAPP
- EDPB, Support Pool of Experts
- Women 4 Cyber Mentorship Program
- Dutch
- English
- French
Representative Matters
Some of Lauren’s experience includes*:
Data Privacy/Cyber Regulatory Investigations and Incident Response
- Representing the world’s largest cloud and software provider in a regulatory investigation by and follow-on settlement discussion before an EU data protection authority and initiation of court proceedings before the EU Court of Justice (CJEU);
- Assisting a leading pharma company following a security incident, including the roll-out of a large-scale pan-EU notification process and assistance in cross-border internal and regulatory investigations before an EU data protection authority;
- Assisting a multitude of Fortune 500 companies with regulatory data privacy and cyber RFI responses and response coordination pan-EU, including following a data breach, DSAR or complaint, and successful closure of such RFIs;
- Representing the world’s largest social media platform in a regulatory investigation, proceedings, and litigation before the Belgian DPA and courts in relation to its use of third-party cookies;
- Leading and assisting in various global incident response matters including for global companies in highly regulated sectors such as one of the world’s largest semiconductor companies, a gaming and betting company, and an Insurtech company, which involved successful notification and closure of follow-on RFIs before various EU data protection authorities including the Belgium DPA, Irish DPC, and UK ICO;
- Leading multiple complex incident response and crisis management mandates including following complex attacks involving sophisticated ransomware, third-party API, and supply-chain vulnerabilities;
- Developing and providing immersive table-top exercises and Board and employee cyber training, often in collaboration with forensic and PR specialists; and
- Assisting a U.S. airline with sensitive GDPR DSARs and related information requests;
Data Privacy and Cyber Regulatory Compliance
- Assisting various multinational companies including in the MedTech, diagnostics, Insurtech, cybersecurity platform, payments, software, and pharma industries in relation to scoping and compliance with the various EU cyber laws (NIS2, CRA, DORA, CER) and digital data laws (Data Act, AI Act, Product Liability Directive);
- Leading EU external product counselling matters for the world’s largest social media company in relation to ePrivacy matters;
- Providing product and compliance counsel to a prominent video management software company under the EU Cyber Resilience Act;
- Assisted numerous companies with pan-EU (incl. BE and NL) legal requirements in relation to the use of cookies and related tracking technologies, as well as direct marketing (unsolicited communications) outreach – both in a B2C and B2B context – and related requirements applicable to AdTech;
- Assisting a global prominent professional services company with a data migration and sovereignty project, involving coordination in 18+ EU and RoW jurisdictions;
- Assisting a leading UK multinational consumer healthcare company in the development and implementation of a pan-EU NIS2 compliance strategy and program, including NIS2 registrations;
- Acting for an emerging supercomputing company in the interpretation and implementation of EU data privacy and data sovereignty restrictions and assistance with expansion into the EU market;
- Acting for various cloud providers (SaaS, PaaS, IaaS) in relation to matters under the EU Data Act, including drafting and negotiating switching and data egress obligations;
- Assisting various multinational companies in the scoping, assessment, and implementation of obligations under the EU AI Act, including high-risk providers and deployers, and the development of global AI governance programs;
- Acting for various pharma and MedTech companies in the implementation of the requirements under the EU Health Data Space Regulation (EHDS); and
- Developing and implementing GDPR compliance projects for hundreds of multinational companies including in relation to international data transfers, consent management, and data processing agreements.
Transactions
- Acting for an investment form on its strategic majority investment in Peter Park System GmbH in relation to the EU AI Act;
- Acting for an audio technology brand in its acquisition by Sony Interactive Entertainment LLC in relation to the EU GDPR and ePrivacy considerations;
- Representing a global leader in connected vehicle and asset management solutions in its acquisition of the commercial operations of Verizon Connect’s telematics business in Australia, the United Kingdom, Ireland, Italy, France, Portugal, Poland, the Netherlands, and Germany, in relation to the EU GDPR, AI Act, ePrivacy and cyber law considerations;
- Representing a leading semiconductor and telecommunications technology company headquartered in San Diego, California in its acquisition of an Italian-based open-source hardware and software company, in relation to EU data privacy and cyber matters; and
- Representing a European investment firm in its agreement to partner with Smartbox Assistive Technology Group (Smartbox).
*The above matters were handled prior to Lauren joining Crowell.
Recognition
- Legal 500 UK 2023, Data Protection, Privacy, and Cybersecurity
