What do you do?
I advise companies across industries and around the globe on everything relating to data and IT. This goes from the development of data-driven products and services to cyber breaches, regulatory enforcement and litigation, data-driven deals and strategic governance.
Because it is off the beaten track with new laws and challenges emerging around every corner. Advising on data law means working across risk, regulatory and transactions, and it involves collaboration across jurisdictions with other practice groups, depending on the project – this is a thrilling and fast-paced environment which brings many opportunities for the young generation of lawyers.
What’s keeping you busy?
I am currently involved in a data breach investigation where we just presented a report to various regulators across the globe, and we are now fending off mass litigation. Another interesting project is the creation of a data ecosystem in the auto sector, and there is currently a lot of product-related advice of communication providers who are affected by the latest legislative changes of the ePrivacy regime in the EU. There is also a lot of policy work and proactive advice to tech companies in the context of new the gatekeeper regulation and on new laws regulating data access by authorities.
What mentors or other influential figures have helped you get where you are today?
My lead partners and mentors Norbert Nolte and Klaus Beucher paved the way for me. Together with Freshfields colleagues around the globe, they helped me build a dedicated international team of tech-savvy data lawyers which is now working on some of the most high-profile international cases and projects.
If you could change one data-related law, how and why would you change it?
I would change the GDPR and make it more complex so that there is more work for legal advisors... Just kidding: I would indeed amend the GDPR but to make its application more practical for situations where there is less risk for the rights and freedoms of affected individuals (eg consider carve-outs from the GDPR in the B2B space, or implement de minimis thresholds, for example with regard to data breach reporting obligations).
How has covid-19 affected what you do?
Covid has fueled digital transformation for some of our clients which translated into more work for the team. Covid has also changed the way we work, in particular for projects where we are very embedded into our client's operations: in the past we used to have a lot of on-site meetings and workshops to understand the technical details of a product. Now we just do video conferences, which brings the opportunity to speak more often and to get even closer involved.
What’s the next big thing – what data opportunities are companies now looking at?
I think we are going to see more vertical integration with regard to data-driven businesses. In the past there was a huge trend towards outsourcing, but some companies now realise that they want to be the sole owners of their data in order to claim its value, but also to be in charge of processes to ensure compliance with applicable data laws.
What’s keeping companies worried at the moment – what are some key data risks?
It is (still) the high fines and emerging mass litigation risk. Another key risk is not considering data laws beyond GDPR, in particular the ones that are now on the horizon – this may be data protection regimes outside the EU or sector-specific regulation like, for example, ePrivacy, IT security, content control on the internet, healthcare, finance etc. A good risk mitigation strategy considers all those aspects but also cuts through the complexity by finding unified solutions that are practical to implement.
What do you do to relax?
I currently spend most of my free time with my wife, my two children and I try to get a fair share of mindfulness and exercise. I read whenever I can with a personal interest in tech.