Privacy and Cybersecurity
Overview
Keeping up with technological change
Technological advancement is something humans do well. The advantage of this is clear – it opens our world to new discoveries and possibilities. But there are also disadvantages: the right to privacy can be threatened and the risk of a cyberattack increases.
Businesses operating in the EU rely on Crowell’s experienced Privacy and Cybersecurity team to help them navigate the laws that govern the collection, use, transfer, and protection of data both within the EU and globally. We help our clients understand their rights and obligations and ensure that they are prepared for cyberattack and data breach through risk assessment and crisis management.
Our Services
We provide our clients with day-to-day counseling and training on data protection compliance, including on-site workshops and tabletop exercises. Our team helps with contractual work and global and Europe-wide privacy audits. We analyze our clients’ existing data protection practices and make recommendations for compliance, helping them to better understand their data processing, map the location and flows of the data, and identify potential threats and compliance issues. We assist in the development and implementation of tailor-made privacy programs, which may include drafting new privacy policies and procedures, notices, and data transfer agreements, as well as advice on security measures to be taken.
Within Europe, the General Data Protection Regulation (GDPR) introduced a sea change in data law, with new principles, concepts, and obligations resulting in many companies needing to revise their personal data processing practices and culture.
We help our clients review their operations to determine GDPR applicability and impact. We conduct internal analyses of their data flows and data protection policies and practices to identify potential gaps or compliance risks and we help them design risk-based compliance frameworks that are tailored to meet their needs.
More information regarding the GDPR is available here.
In case of data or other security breach, we are on-call for our clients until the issues are resolved, from the initial internal investigation stage through the communication, government enforcement, and follow-on litigation stages.
We represent our clients before all the relevant authorities and the Belgian civil and criminal courts. We also defend clients in class action lawsuits.
Insights
Client Alert | 6 min read | 03.11.25
On February 27, 2025, the Court of Justice of the European Union (“CJEU”) issued a ruling about the requirements on data controllers to respond to data access requests regarding an automated decision-making system. In particular, the CJEU interpreted the meaning (under Article 15(1)(h) GDPR) of the phrase “meaningful information about the logic involved” in automated decision-making. Importantly, the ruling also separately addressed how to balance data access rights with the protection of the controller’s trade secrets, when the protection of trade secrets is invoked under Article 15(4) as a reason not to disclose a copy of personal data in an access request.
Client Alert | 4 min read | 12.19.24
New EU Directive Impacting Digital Platforms and Individuals Working for Them
Blog Post | 08.26.24
The NIS2 Directive is on the Edge of Enforcement: What Now for EU/US Companies?
Insights
EU Cybersecurity: Legislative Developments for the Region
|05.14.24
Privacy and Cybersecurity Outlook: The 2024 Landscape
The European Data Protection Supervisor Releases New Opinion on the EU’s Proposed AI Act
|11.27.23
IBJ/IJE Partnerblog
5 jaar GDPR in de eventsector: van “big data” naar “smart data” in 5 lessen
|07.05.23
Event Confederation
La Licéité du Traitement de Données Personnelles du Travailleur au Regard du Noveau Règlement UE n° 2016/679 sur la Protection des Données
|05.10.17
Data Protection & Privacy – The GDPR in Practice, N. Ragheno (ed.), Anthémis
"The Essentials on Employee Data Privacy," Meru Data Webinar, 2023.
|02.24.23
The NIS2 Directive is on the Edge of Enforcement: What Now for EU/US Companies?
|08.26.24
Crowell & Moring’s Data Law Insights
Insights
Client Alert | 6 min read | 03.11.25
On February 27, 2025, the Court of Justice of the European Union (“CJEU”) issued a ruling about the requirements on data controllers to respond to data access requests regarding an automated decision-making system. In particular, the CJEU interpreted the meaning (under Article 15(1)(h) GDPR) of the phrase “meaningful information about the logic involved” in automated decision-making. Importantly, the ruling also separately addressed how to balance data access rights with the protection of the controller’s trade secrets, when the protection of trade secrets is invoked under Article 15(4) as a reason not to disclose a copy of personal data in an access request.
Client Alert | 4 min read | 12.19.24
New EU Directive Impacting Digital Platforms and Individuals Working for Them
Blog Post | 08.26.24
The NIS2 Directive is on the Edge of Enforcement: What Now for EU/US Companies?
Insights
Client Alert | 6 min read | 03.11.25
On February 27, 2025, the Court of Justice of the European Union (“CJEU”) issued a ruling about the requirements on data controllers to respond to data access requests regarding an automated decision-making system. In particular, the CJEU interpreted the meaning (under Article 15(1)(h) GDPR) of the phrase “meaningful information about the logic involved” in automated decision-making. Importantly, the ruling also separately addressed how to balance data access rights with the protection of the controller’s trade secrets, when the protection of trade secrets is invoked under Article 15(4) as a reason not to disclose a copy of personal data in an access request.
Client Alert | 4 min read | 12.19.24
New EU Directive Impacting Digital Platforms and Individuals Working for Them
Blog Post | 08.26.24
The NIS2 Directive is on the Edge of Enforcement: What Now for EU/US Companies?