Who's Who Legal
Who's Who Legal
New to Who's Who Legal?
New to Who's Who Legal?
Menu
User Menu
New to Who's Who Legal?
Thought Leaders

Thought Leaders

Steven De Schrijver

Steven De Schrijver

AstreaLouizalaan 235 Avenue LouiseBrusselsBelgium1050

Thought Leader

WWL Ranking: Global Elite Thought Leader

WWL says

Steven De Schrijver is “an expert in the field” of data security, demonstrating deep knowledge and experience in the market. He is commended by peers for his “great understanding of his client’s business, which proves indispensable in the area of personal data”.

Questions & Answers

Steven De Schrijver is a partner with the Belgian law firm Astrea. He has 28 years of expertise in a wide range of IT and technology law matters. Steven has been involved in many outsourcing, digital transformation and data protection (now GDPR) compliance projects. He has a passion for artificial intelligence, robotics and drones. He is also considered to be one of Belgium’s top tech M&A lawyers.

Describe your career to date.

I started my career in 1992. Though I wanted to become a competition lawyer, due to client requirements I became a corporate lawyer. By chance all my corporate projects were in the TMT sector. As there was no dedicated technology lawyer in my first firm, all the technology law-related work ended up on my desk. Almost 20 years ago I started to use the competition and trade law resources of my then-law firm (we had lawyers of about 20 different nationalities at our firm in Brussels) to conduct pan-European data protection law programmes. Since then I have focused my career on a broad range of technology law issues, including data protection and privacy issues, and I have built a worldwide network of technology lawyers with whom I cooperate on cross-border client matters on a daily basis. I obtained my CIPP/E Certification two years ago, but whereas some of my partners at Astrea deal with general data protection compliance work, I focus on the high-level data protection issues that technology companies are facing in large projects and transactions.

What inspired you to pursue a legal career?

I think it was my passion for writing. I still attach a lot of importance to drafting legible, to-the-point legal advice and conclusive contracts.

In your opinion, what is the importance of blockchain for the future of data law?

Blockchain is transforming businesses across the world. As a secure, distributed ledger, it helps companies cut out intermediaries and maintain secure records of every transaction at a fraction of the cost of traditional systems.

However, it cannot be denied that it is difficult to reconcile the blockchain technology with the current legal framework – more specifically with the GDPR and other data protection legislation, and sometimes also with consumer protection legislation.

The main issue is that data in a blockchain cannot be modified or deleted, whereas the GDPR gives data subjects the right to rectify or erase their data, and the right to be forgotten. These are concepts that are incompatible with the blockchain concept, as data in a blockchain ledger cannot be modified nor erased. Another important issue is that anyone entitled to write in a blockchain or send data should be considered a data controller under the GDPR. The GDPR places strict onus on data controllers to ensure compliance with its terms and to report any failure to do so. It requires organisations to self-report breaches to data regulators, and imposes hefty fines for those who do not comply. Moreover, questions arise with respect to limited storage periods under the GDPR versus unerasable content in the blockchain, “privacy by design” and “privacy by default”, data export outside the EU, etc. Encryption and permissioned blockchains certainly protect personal data and restrict who can access such data. But as blockchain continues to evolve, privacy must also remain integral to its design.

These are substantial issues that the EU policy dealmakers will have to deal with in the coming years.

How has the role of data lawyers changed since you started practising?

Twenty years ago we were pioneers informing our clients about the applicable national legislations in the different EU member states, trying to obtain the buy-in from management to do a compliance programme, coordinating working with data lawyers in other EU member states and helping to decide which countries had to be prioritised in view of the likelihood of action by the local data protection authority.

Nowadays the clients are much more sophisticated and the technical complexity of the issues is much higher, given the broad scope and extraterritorial application of the GDPR, and the new rights and obligations for all parties involved. It has almost become impossible to advise on legal issues surrounding data protection without close cooperation with consultants specialised in risk assessment and IT security. Given the high fines that can be imposed, data lawyers now play a more important role in the decision-making of the company.

What are the greatest challenges facing data lawyers today? 

One challenge data lawyers and their clients consistently face is how to implement privacy compliance solutions that meet the growing number of local and national requirements demanded of a global privacy programme. There are challenges to building a programme to meet multi-jurisdictional requirements, and then actively demonstrating the business’s effectiveness at meeting those requirements. Privacy programmes often require clients to change their focus from protecting systems and applications to responsibly managing their information assets — and change is never easy. When you couple this with the fact that data often sits on multiple systems across an organisation, implementation of (multi-jurisdictional) privacy programmes can be challenging.

What are the unique demands of dealing with large data sets in your practice?

Managing the legal risks around big data can be challenging. Privacy and data protection laws will apply to the business if the big data set contains any personal data, including sensitive personal data, such as names, addresses, health records, bank details or unique identifiers. Hence, a simple method to conform to all requirements of GDPR is to process only anonymous data. However, the definition of anonymity is not trivial. Even if directly identifiable parameters are removed from a dataset, it might be possible to re-identify single individuals by combining the dataset with other information.

As result of the implementation of the GDPR, businesses seeking to mine big data sets need to take into account “privacy by design” and “privacy by default” and conduct data protection impact assessments. The GDPR also has a wider scope than existing laws, meaning it will capture both data and companies that previously fell outside the remit of the EU’s data protection laws. Such businesses must comply with data processing principles such as data minimisation (eg, through pseudonymisation) and storage limitation, and be mindful of security and governance processes so that the personal data they store or process is secure and protected from misuse and hacking (appropriate technical and organisational measures to ensure a level of security appropriate to the risk may include techniques such as data encryption, access control, physical protection and, again, pseudonymisation). Businesses dealing with big data should also have appropriate privacy compliance processes and standards in place and be open and transparent about how information will be collected, processed and transferred. The GDPR has imposed a greater compliance burden and increased accountability obligations on businesses.

From the above it is clear that big data and the GDPR are not always compatible. For example, big data mining relies on the analysis of large amounts of data, which often contradicts the principle of data minimisation. In addition, in data analysis very often new hypotheses for testing are introduced after the data is collected; however, the data subjects from which the data is collected have initially given consent for a different purpose. Thus, from a legal perspective, data processing should be done – if possible – on anonymised data, otherwise great care must be taken that the GDPR is respected.

How has GDPR influenced the work you have been doing over recent years?

The GDPR is probably the largest shake-up to data privacy in two decades and it has clearly influenced the work of data lawyers over the past few years.

Due to its extraterritorial application, it has a substantial impact on non-EU companies.

Due to advances in computing processing power and AI, much more data is processed and what companies can do with this data is beyond imagination – this is not always compatible with the GDPR.

Under the GDPR, data security breaches must be reported within a tight time frame of 72 hours after first being discovered, meaning that the time to investigate the extent of any damage and put in place mitigation steps is extremely short.

Because of the huge fines, the possibility for direct actions through class action proceedings, and the increasing enforcement actions of the national data protection authorities – not forgetting any reputational impact resulting from any breach of the GDPR – data lawyers are now much closer to the boardroom than they were prior to the GDPR.

What advice would you give to someone starting out as a data lawyer?

If you want to launch a career in privacy law, you should follow the relevant courses. You may want to obtain an IAPP certification as a certified information privacy professional (CIPP). You should look for privacy law opportunities at your workplace, as there should be plenty. You may look for fellowships and/or attend conferences. You also should try to network with reputed privacy lawyers and immerse yourself in the community. Further, you should try to publish some articles. And, finally, you should familiarise yourself with the new technologies and, if you are tech-savvy enough, learn to code which will definitely give you an edge as a data lawyer.

Thought Leaders - Data 2019

Q&A

WWL Ranking: Thought Leader

Questions & Answers

Steven De Schrijver is a partner with the Belgian law firm Astrea. He has 25 years of expertise in e-commerce, software licensing, internet law, privacy law, IT security, technology transfers, digital signatures, IT outsourcing, cloud computing, advertising, drones, robotics and artificial intelligence. Steven has also been involved in numerous national and cross-border M&A transactions in the IT, media and telecom sectors, and many outsourcing, digital transformation and data protection (now GDPR) compliance projects.

WHAT MOTIVATED YOU TO SPECIALISE IN THE AREAS OF IT AND MEDIA LAW?

I started out as a corporate lawyer at the beginning of the 1990s and by chance most of the transactions I was involved in during the first years of my career were in the TMT sector. With the inception of the world wide web more and more corporate clients started asking me questions about privacy and use policies, and e-commerce. I was also becoming the firm’s dedicated technology lawyer. So I started attending internet law conferences, became a member of the Computer Law Association (now ITechLaw), and started building my worldwide network of technology lawyers, which has become an important source of referrals.

WHAT DID YOU FIND MOST CHALLENGING ABOUT STARTING OUT IN THESE AREAS?

It requires time and patience to build expertise and experience in a new area of law. You go to conferences, write articles, give presentations, try to meet the lawyers servicing the clients that you would like to service. But in the end you also need some luck for interesting clients to cross your path. The specificity of ICT law is that, unlike say in tax law, not only does the applicable regulatory framework constantly change but also the object of the regulatory framework, ie, the underlying technologies. This means that you need to constantly keep up with the latest technological developments.

WHAT DO YOU ENJOY MOST ABOUT YOUR WORK?

Technically, corporate and M&A work can sometimes be a bit monotonous. The share purchase and shareholders’ agreements we draft today are not so different from those we drafted 20 years ago. Technologies constantly change, which often implies that they raise new legal and sometimes ethical questions. I am very interested in the legal and ethical policies that need to be developed to harness the opportunities that artificial intelligence is creating across areas such as transportation and safety, life sciences, employment, criminal justice and national security.

WHAT MAKES ASTREA STAND OUT FROM ITS COMPETITORS IN THE MARKET?

We just try to actually deliver what any client might expect from their lawyer or law firm: high-quality technical and strategic legal advice, good service with a high level of responsiveness, and a business-oriented and personal approach. Clients like to work with skilled lawyers who are specialised; are passionate about their profession; attach importance to values such as integrity and dependability; and are pleasant to work with.

YOU ARE MEMBER OF SEVERAL INTERNATIONAL BAR AND IT INDUSTRY ASSOCIATIONS. HOW DOES MEMBERSHIP OF SUCH ORGANISATIONS ENHANCE YOUR PRACTICE?

Of course, international bar and industry associations provide a forum for the exchange of ideas, and attendance of IT conferences is important for catching up with industry partners and peers and keeping up to date on the latest developments in the sector. Even more importantly, however, they provide you with a global network for in-bound and out-bound referrals, which is very important in IT law as by its nature it transcends national borders. Over the years many of the world’s leading technology lawyers have become close friends.

HOW DO YOU SEE YOUR PRACTICE DEVELOPING OVER THE NEXT FIVE YEARS?

Despite what some consultants like to claim, I personally believe there will always be a place in the market for independent law firms providing high-quality legal advice and top-notch service with a personal twist, despite the challenges posed by AI-driven legal tech and competition from large multidisciplinary firms. On the one hand, lawyers in general know more about technologies, IT and privacy law. And on the other hand, the technologies and the relevant laws have become more complicated. So it is up to us technology lawyers to keep continually up to date with new technologies and legal developments so that we can continue to provide our clients with strategic and value-added legal advice.

Quantum computing, with blockchain, has the capability to reshape high-volume, low-value record-based services such as asset-tracking, identity management, patient health records and B2B insurance. The volume of global data will increase exponentially. The combination of automation and artificial intelligence will allow companies to automate business processes in an intelligent manner and drive efficiency in organisations, allowing employees to focus on more meaningful work. These new technologies will change how we work; how we interact with digital content, machines and our homes; and how we transport goods or travel or start new business models. This will raise all kinds of legal issues such as privacy (certainly in light of the GDPR), cybersecurity, liability, insurance, employment, intellectual property but also ethical issues that will keep us technology lawyers more than busy in the coming five years.

LOOKING BACK OVER YOUR CAREER, WHAT IS THE MOST MEMORABLE CASE YOU HAVE BEEN A PART OF?

I always hope that my most memorable case will be my next one. I have enjoyed working with some of the largest law firms in the world on the Belgian legal aspects of global M&A transactions, but enjoyed just as much assisting foreign investors on the purchase of, and Belgian entrepreneurs on the sale of, Belgian technology companies. I especially enjoyed assisting large companies such as Mazda Europe, ISS Facility Services and Bridgestone on their IT outsourcing projects. For the past six years I assisted Skype on a Belgian criminal matter regarding the interception of metadata and content of Skype communications. Recently, I was asked to assist a Nordic listed company for an XaaS-project transforming their business model from selling products to selling services. No Belgian law aspects were involved. I take it as a compliment if clients start calling you in for your sector expertise, rather than your local law expertise.

YOU HAVE ENJOYED A VERY DISTINGUISHED CAREER SO FAR. WHAT WOULD YOU LIKE TO ACHIEVE THAT YOU HAVE NOT YET ACCOMPLISHED?

As long as I continue to deserve the respect of my associates, partners, clients and peers and can continue to handle interesting technology-related legal matters for appreciative clients I have accomplished everything I wanted to achieve in my career. What I have really enjoyed over the past few years is that clients and colleagues from all over the world seek my advice not only on Belgian law-related matters but, also on transboundary technology projects.

Global Leader

WWL Ranking: Global Elite Thought Leader

WWL says

Steven De Schrijver leads our research this year in Europe and is "an expert in the field" of data security, demonstrating deep knowledge and experience in the market. He is commended by peers for his "great understanding of his client's business, which proves indispensable in the area of personal data".

Biography

Steven De Schrijver is a partner in the Brussels office of Astrea. He has more than 25 years of experience advising some of the largest Belgian and foreign technology companies, as well as innovative entrepreneurs on complex commercial agreements and projects dealing with new technologies. His expertise includes e-commerce, software licensing, website development and hosting, data protection and privacy law, cybersecurity and cybercrime, technology transfers, digital signatures, IT outsourcing, cloud computing, advertising, drones, robotics and social networking.

Steven has also been involved in several national and cross-border transactions in the IT, media and telecom sectors. He participated in the establishment of the first mobile telephone network in Belgium, the establishment of one of the first e-commerce platforms in Belgium, the acquisition of the Flemish broadband cable operator and network, and the acquisition and sale of numerous Belgian software and technology companies. He has been involved in numerous outsourcing projects and data protection (now GDPR) compliance projects.

Steven is the Belgian member of EuroITCounsel, a quality-led circle of independent IT lawyers. He is also a board member of ITechLaw and the International Federation of Computer Law Associations. In 2012, 2014, 2017 and 2018, he was given the Global Information Technology Lawyer of the Year award by Who’s Who Legal and, in 2012, he received the ILO Client Choice Award in the corporate law category for Belgium.

Steven has been admitted to the Brussels Bar. He holds a law degree from the University of Antwerp (1992) and an LLM degree from the University of Virginia School of Law (1993).

Data - Data Security 2019

Professional Biography

WWL Ranking: Recommended

WWL says

Steven De Schrijver leads our research this year in Europe and is "an expert in the field" of data security, demonstrating deep knowledge and experience in the market. He is commended by peers for his "great understanding of his client's business, which proves indispensable in the area of personal data".

Biography

Steven De Schrijver is a partner in the Brussels office of Astrea. He has more than 25 years of experience advising some of the largest Belgian and foreign technology companies, as well as innovative entrepreneurs on complex commercial agreements and projects dealing with new technologies. His expertise includes e-commerce, software licensing, website development and hosting, data protection and privacy law, cybersecurity and cybercrime, technology transfers, digital signatures, IT outsourcing, cloud computing, advertising, drones, robotics and social networking.

Steven has also been involved in several national and cross-border transactions in the IT, media and telecom sectors. He participated in the establishment of the first mobile telephone network in Belgium, the establishment of one of the first e-commerce platforms in Belgium, the acquisition of the Flemish broadband cable operator and network, and the acquisition and sale of numerous Belgian software and technology companies. He has been involved in numerous outsourcing projects and data protection (now GDPR) compliance projects.

Steven is the Belgian member of EuroITCounsel, a quality-led circle of independent IT lawyers. He is also a board member of ITechLaw and the International Federation of Computer Law Associations. In 2012, 2014, 2017 and 2018, he was given the Global Information Technology Lawyer of the Year award by Who’s Who Legal and, in 2012, he received the ILO Client Choice Award in the corporate law category for Belgium.

Steven has been admitted to the Brussels Bar. He holds a law degree from the University of Antwerp (1992) and an LLM degree from the University of Virginia School of Law (1993).

WWL Ranking: Global Elite Thought Leader

WWL says

Steven De Schrijver is “the number-one IT lawyer in Belgium" as well as the top name in EMEA in our research, thanks to his combination of deep expertise and extensive experience.

Biography

Steven De Schrijver is a partner in the Brussels office of Astrea. He has more than 25 years of experience advising some of the largest Belgian and foreign technology companies, as well as innovative entrepreneurs on complex commercial agreements and projects dealing with new technologies. His expertise includes e-commerce, software licensing, website development and hosting, data protection and privacy law, cybersecurity and cybercrime, technology transfers, digital signatures, IT outsourcing, cloud computing, advertising, drones, robotics and social networking.

Steven has also been involved in several national and cross-border transactions in the IT, media and telecom sectors. He participated in the establishment of the first mobile telephone network in Belgium, the establishment of one of the first e-commerce platforms in Belgium, the acquisition of the Flemish broadband cable operator and network, and the acquisition and sale of numerous Belgian software and technology companies. He has been involved in numerous outsourcing projects and data protection (now GDPR) compliance projects.

Steven is the Belgian member of EuroITCounsel, a quality-led circle of independent IT lawyers. He is also a board member of ITechLaw and the International Federation of Computer Law Associations. In 2012, 2014, 2017 and 2018, he was given the Global Information Technology Lawyer of the Year award by Who’s Who Legal and, in 2012, he received the ILO Client Choice Award in the corporate law category for Belgium.

Steven has been admitted to the Brussels Bar. He holds a law degree from the University of Antwerp (1992) and an LLM degree from the University of Virginia School of Law (1993).

Data - Telecoms & Media 2019

Professional Biography

WWL Ranking: Global Elite Thought Leader

WWL says

The "very service-oriented" Steven De Schrijver is a top-tier name for transactional work relating to the telecoms and media sectors. He tops our research in EMEA this year and is highly regarded as a guru for his vast experience working on high-value, cross-border deals in the space.

Biography

Steven De Schrijver is a partner in the Brussels office of Astrea. He has more than 25 years of experience advising some of the largest Belgian and foreign technology companies, as well as innovative entrepreneurs on complex commercial agreements and projects dealing with new technologies. His expertise includes e-commerce, software licensing, website development and hosting, data protection and privacy law, cybersecurity and cybercrime, technology transfers, digital signatures, IT outsourcing, cloud computing, advertising, drones, robotics and social networking.

Steven has also been involved in several national and cross-border transactions in the IT, media and telecom sectors. He participated in the establishment of the first mobile telephone network in Belgium, the establishment of one of the first e-commerce platforms in Belgium, the acquisition of the Flemish broadband cable operator and network, and the acquisition and sale of numerous Belgian software and technology companies. He has been involved in numerous outsourcing projects and data protection (now GDPR) compliance projects.

Steven is the Belgian member of EuroITCounsel, a quality-led circle of independent IT lawyers. He is also a board member of ITechLaw and the International Federation of Computer Law Associations. In 2012, 2014, 2017 and 2018, he was given the Global Information Technology Lawyer of the Year award by Who’s Who Legal and, in 2012, he received the ILO Client Choice Award in the corporate law category for Belgium.

Steven has been admitted to the Brussels Bar. He holds a law degree from the University of Antwerp (1992) and an LLM degree from the University of Virginia School of Law (1993).

Features by Steven De Schrijver

Xaas: the legal implications of the inevitable evolution towards an integrated, service-based business model

Xaas: the legal implications of the inevitable evolution towards an integrated, service-based business model


The Future Is Now: Legal Consequences of Electronic Personality for Autonomous Robots

The Future Is Now: Legal Consequences of Electronic Personality for Autonomous Robots

Awards won by Steven De Schrijver

To view this content please login, or register if you are new to Who's Who Legal
Law Business Research
Law Business Research Ltd
Meridian House, 34-35 Farringdon Street
London EC4A 4HL, UK
© Law Business Research Ltd 1998-2019. All rights reserved.
Company No.: 03281866