Morrison Foerster is an international law firm with lawyers practicing throughout the United States, Asia, and Europe. Click to discover more.

mofo_share_image.jpg

Morrison Foerster

common-default.jpeg

Terms / Notices

Cookies

Privacy Policy

Reporting Hotline

Attorney Advertising

Alumni

  Linkedin

MoFo LinkedIN

  Facebook

MoFo Facebook

YouTube

MoFo Youtube

Morrison Foerster - Footer

In Defense of the One-Stop Shop: CNIL Stands Corrected

You have not solved the recaptcha challenge yet or session expired, try again.

Email Disclaimer

Disclaimer

Unsolicited e-mails and information sent to Morrison Foerster will not be considered confidential, may be disclosed to others pursuant to our <a href="https://www.mofo.com/about/privacy-policy.html">Privacy Policy</a>, may not receive a response, and do not create an attorney-client relationship with Morrison Foerster. If you are not already a client of Morrison Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.

Feedback

mofo-logo-2022.svg

People

Capabilities

Resources

About

Culture

Offices

Careers

Stay Connected

Alex van der Wolk, Lokke Moerel, and Ronan Tigner authored an article for Law360 covering the decision made by the French Council of State,

We are Morrison Foerster — a global firm of exceptional credentials. Our clients include some of the largest financial institutions, investment banks, and Fortune 100, technology, and life sciences companies. Our lawyers are committed to achieving innovative and business-minded results for our clients, while preserving the differences that make us stronger.Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Prior results do not guarantee a similar outcome.

About Morrison Foerster

people-default-header-desktop.jpg

people-default-header-mobile.jpg

Default Meta Data

Alex van der Wolk, Lokke Moerel, and Ronan Tigner authored an article for Law360 covering the decision made by the French Council of State, which confirmed French data protection authority CNIL’s decision fining Google €50 million, and also corrected CNIL on a key element of General Data Protection Regulation (GDPR) enforcement: how to rightfully apply the “one-stop-shop” mechanism (OSS).“The French Council of State corrects CNIL where it required that, for the EU headquarters of Google in Ireland to qualify as the ‘main establishment’ under the OSS provided in the GDPR, it also has to determine ‘the purposes and means’ of the relevant cross-border processing (and therefore also has to qualify as the controller for the relevant processing),” the authors said.“If that were correct, the OSS mechanism would de facto not be available for non-EU-based companies (such as Google), as their EU administrative headquarters will rarely independently decide on the purposes and means of its cross-border processing activities in the EU. This would entail that these companies be exposed to a potential accumulation of fines for their cross-border processing activities in the EU, as each and every national data protection authority, or DPA, would be able to fine the company up to the maximum allowed under GDPR.”Read the <a href="https://media2.mofo.com/v3/assets/blt5775cc69c999c255/bltee5da861dd0b1870/6273ef580d4d8e1d7f110b8b/200708-one-stop-shop.pdf" target="_blank">full article</a>.

In Defense of the One-Stop Shop: CNIL Stands Corrected

Sign Up

<div class="videoWrapper"><iframe title="Meet Alex van der Wolk, Privacy and Data Security Partner" src="https://www.youtube-nocookie.com/embed/DP4avINgkB8?rel=0" frameborder="0" allow="autoplay; encrypted-media" allowfullscreen="1" class="sticky-video" title="iframe"></iframe></div>Alex van der Wolk, co-chair of Morrison Foerster’s preeminent Global Privacy & Data Security practice and managing partner of the firm’s Brussels office, employs his nearly 20 years of experience to advise global companies on their most complex data strategies and compliance programs governing all aspects of information management. Alex’s clients benefit from his practical approach and global perspective, saying: “he quickly gets to the heart of the issue and provides solid, pragmatic advice based on the experience he has gained,” “in addition to having very strong legal knowledge, he has a commercial understanding and provides great insight in global matters,” and  “Alex is a true privacy expert with the ability to offer practical guidance on complex problems” (Chambers EU).Alex helps clients develop privacy and data strategies at the forefront of their digital and data-driven endeavors, especially those involving new technologies, such as artificial intelligence and the metaverse. He has particular experience assisting clients with structuring their approach to data in specialized areas, such as health-tech, Agtech, and Adtech. Alex is an experienced litigator, representing clients in privacy litigation in Europe, including successfully representing clients in the first class action cases in the Netherlands and the UK. Additionally, Alex is often called upon to head crisis management teams for clients facing investigations by data protection authorities or responding to cybersecurity incidents. He counsels clients on their incident and cyber preparedness and has done significant work advising clients on EU cyber and data regulatory frameworks, such as NIS2, DORA, the Cyber Resilience Act, and the EU Data Act.Notably, Alex was one of the first practitioners in Europe to help companies set up Binding Corporate Rules (BCRs), and since that time has used this deep knowledge to develop a longstanding and unparalleled track record in obtaining regulatory approval for BCRs, both in the EU and in the UK.Alex is a frequent speaker at high-profile international conferences, including IAPP and South by Southwest (SXSW), and is a guest lecturer at the Tilburg Institute for Law, Technology, and Society. He is a Dutch-qualified lawyer and a member of the Amsterdam and Brussels Bars. He speaks fluent English and Dutch.

Alex van der Wolk

Managing Partner, Brussels

<div class="videoWrapper"><iframe class="sticky-video" title="Meet Lokke Moerel, Privacy and Data Security Senior Of Counsel" src="https://www.youtube-nocookie.com/embed/uk873cH6OuE?rel=0" frameborder="0" allow="autoplay; encrypted-media" allowfullscreen="1" title="iframe"></iframe></div>Among the world’s best-known privacy and cybersecurity advisers, Lokke Moerel is regularly called upon by some of the most sophisticated multinational organizations to confront their global privacy and ethical challenges. Lokke routinely offers guidance to clients when implementing new technologies and digital business models and assists them with their global cybersecurity incident response and regulatory investigations.An authority on Artificial Intelligence (AI), Big Data, and the Internet of Things, Lokke has a proven track record helping clients shape complex AI projects that combine global data assets of multinational companies in the healthcare, financial services, technology, and recruitment sectors, with the intricate technologies of tech giants to create next generation AI solutions. An industry thought leader, Lokke presented a review of the drafted AI Regulation to a closed session of European Commission and Members of Parliament on behalf of the World Employment Federation and has spoken at SXSW on the subject of privacy and cybersecurity in the Metaverse. Lokke is MoFo’s lead counsel on Binding Corporate Rules (BCR) and has unsurpassed experience advising multinational companies in obtaining their BCR approvals throughout the EU, having authored the leading textbook on BCR published by Oxford University.Lokke is also professor of global ICT law at Tilburg University and co-academic director of the Tilburg University professional learning programs “Big Data: AI & Law” (teaching Algorithmic Accountability) and “Advanced Cyber Security and Governance.” Lokke is a member of the Dutch Cyber Security Council (the independent advisory body of the Dutch cabinet on cybersecurity), member of the Monitoring Committee of the Dutch Corporate Governance Code, and non-executive board member of several nonprofit organizations.Lokke has practiced law in the Netherlands, London, and Berlin, and is now resident in MoFo’s Brussels office. She is also a member of MoFo’s global Environmental, Social, and Governance (ESG) steering committee.

Lokke Moerel

Senior Of Counsel

Litigation

Privacy + Data Security