Dr. Christian Schröder

Partner

Düsseldorf

Dr. Christian Schröder leads Orrick's Cyber, Privacy & Data Innovation Group in Europe and collaborates with team members in the United States (U.S.), Europe (EU), and Asia to provide support to global clients. As a technology-focused partner, Christian advises on cybersecurity and privacy regulatory compliance, incident response, regulatory investigations and enforcement, litigation and intellectual property licensing, and transactional matters.

Christian helps clients consider the privacy and artificial intelligence implications of new technology, supports their compliance programs, and helps them stay ahead of enforcement trends. One particular focus of his work deals with internal data transfer agreements, external data transfers with external providers, and product launches that comply with international data protection standards, as well as privacy requirements for connected cars. Christian provides guidance on privacy and data protection considerations for developing, acquiring, using, licensing and selling technology, data and intellectual property, including M&A transactions and IP focused joint ventures. He supports companies on the set-up of webshops, outsourcings, license agreements, in cases of trademark or unfair and deceptive trade practice issues, as well as on hard and software license and information technology (IT) project agreements.

Christian maintains strong working relationships with German data protection authorities and EU regulatory authorities with jurisdiction over privacy and data security matters. He effectively defends companies in cybersecurity and privacy-related investigations initiated by EU regulatory authorities. He also engages with authorities on behalf of clients and helps clients avoid proceedings and possible litigation. When litigation can't be avoided, Christian vigorously defends his clients.

For companies facing global cybersecurity incidents, Christian helps with crisis mitigation, including counseling on notification requirements, coordinating media strategies, and representing clients before data protection authorities in related regulatory investigations.

Christian regularly contributes practical thought leadership to global privacy industry publications and German privacy books and journals. Christian authors the Chapter V (international data transfers) of Germany’s leading GDPR commentary Kühling/Buchner (3rd ed.) and is co-author to the Corporate Privacy Handbook (Betrieblicher Datenschutz). As an active member of the Sedona Conference, Christian drives the development and understanding of cross border privacy. He also participates in, hosts and moderates speaking programs with fellow private practitioners, EU data protection authorities, and academics focused on privacy and data security. Legal 500 Germany noted that Christian is "a pioneer in the legal field, a data protection guru." They also recognized Christian and Orrick as "truly global" and how that it is "vital as they require the various leaders of each region to participate and bring issues to the table as a forum".

Prior to working in private practice, Christian interned with the German Federal Data Protection Commissioner and www.epic.org.

Engagements
Recent Engagements:

Data Privacy / Cybersecurity
- Privacy compliance and IT agreement: Advising a growing smart SaaS provider on its IT agreement and privacy compliance in long and complex bidding process with large German customer
  (contract volume 15 MEUR)
- GDPR Compliance Programs: Advising various mid to large sized multinational companies on GDPR compliance, understanding international data flows, drafting data sharing agreements, setting up compliance structure and privacy-by-design programs, assisting with Privacy Impact Assessments, and revising data privacy policies. Some of these clients are among the worldwide leading technology companies.
- Data Processing Agreements: Representing market leading Cloud providers in negotiations of data processing agreements with large customers.
- Connected Cars: Advising global tech companies and car manufacturers on data privacy implications with Connected Cars and on international data transfers.
- IoT: Advising leading real estate company on smart home project, advising leading tool manufacturer on implementing IoT and related cloud services for its customers.
- International Data Transfer Mechanisms: Developing and implementing enterprise-wide compliance programs, including (online) customer and employee privacy policies, cookie compliance, terms of service, and end user licensing agreements relating to core privacy and related consumer-protection issues.
- International Investigation: Advising a leading vendor on internal investigation of a leading public organization involving various jurisdictions.
- Employee Monitoring and Works Council Agreements: Advising several global companies in connection with the implementation of employee monitoring schemes and cross-border data flows, international transfer (both intra-group transfers and third-party transfers) of employee data from countries outside of Europe to a service provider in Europe (and vice versa) and, developing a global HR data privacy approach; drafting and representing clients in works council agreements relating to the implementation and use of IT applications.
- Representation before Supervisory Authorities: Representing a global event organizer in supervisory procedures regarding data privacy matters.
- Vendor Data Processing Agreements: Advising several global tech companies on tailored data processing agreements which include cloud services with various sub-processors.
- Data Privacy and E-Commerce: Advising several international companies on data privacy and e-commerce law matters, inter alia on using personal data for direct marketing, and collecting and using personal data in the online environment.
- Travel and Ed-Tech Data Privacy: Advising leading travel and Ed-Tech companies on data privacy issues specific to their businesses.
- Advising Tech Start-ups on Data Privacy: Advising numerous mid-sized start-ups from the U.S. and Germany regarding IT and data privacy matters, i.e. to develop marketable products and services that align with consumer privacy and data protection principles. Also, drafting privacy policies, terms and conditions, and vendor contracts, as well as evaluating cutting-edge and disruptive technologies and businesses on privacy compliance and consumer protection concepts.
- Cybersecurity and Data Breach Incident Plans: Counseling major computer software companies on Cybersecurity and incident plans.
- Strategic Cloud Computing Advice: Providing strategic advice to key cloud computing market players in relation to data protection and information security issues.
- Post-M&A Integration Issues: Integrating a German affiliate into the group's internal data sharing/access schemes and, in this context, conducting challenging negotiations with IT providers and the affiliate's works council (Betriebsrat).
Information Technology
- IT Licensing: Advising leading U.S. software manufacturer and Cloud services providers on their EU and German software licensing terms & conditions and regularly conducting negotiations with their customers.
- Software Joint Venture: Advising a leading German market platform on a Joint Venture with a software manufacturer.
Unfair Trade and IP
- Unfair Trade Practices Litigation: Representing several software and e-commerce companies in unfair competition litigation, e.g. regarding unfair advertising and breach of consumer protection regulations.
- Trademark Prosecution and Litigation: Advising various small to large national and international companies on trademark prosecution and litigation.
M&A Technology/Joint Venture Transactions
- Advising Deutsche Telekom on a Joint Venture with Carl Zeiss AG regarding Smart Glasses
- Represented Macquarie in the acquisition of IDAGIO.
- Advised on Northzone’s acquisition of Outfittery.
- Represented Northzone in the acquisition of Lesara.
- Advised Anterra on the acquisition of IP & R&D provider LemnaTec.
- Advised on Nanosaar’s acquisition of Pritidenta.
- Represented TVM Capital Life Science in the acquisition of Leon Nanodrugs.
- Advised GEA on Acquisition of Grundfos-Group’s Sanitary Pumps Division.
- Represented Weaveworks Ltd. in the acquisition of Cello.
- Advised on Two Financings in Germany.
- Advised Ironman on the purchase of branch of Lagardère.
- Advised RLG on implementation of new financing structure.
- Orrick advises TCV on Investment in SuperVista - One of Germany's Largest VC Financings in 2016.
Other
- Christian assists several representative clients, including Flexera Software, Microsoft, NVIDIA, Mouser Electronics, TTI, and SIG Combibloc.

Insights

Events

News

D:+49 211 3678 7269
E:[email protected]

Address:

Heinrich-Heine-Allee 12
Düsseldorf, 40213
Germany

vCard

Practices

Admitted In
- Germany
Education
- University of Kiel, Faculty of Law, 2007
- University of Bonn, First State Examination, Düsseldorf, 2000
- Higher Regional Court Koblenz, Second State Examination, 2002
Honors
- Ranked as leading German Privacy Practitioner 2021 by Best Lawyers/Handelsblatt
- Ranked as a leading German Data Privacy Practitioner 2022 by Legal 500 Germany
- Ranked as leading EMEA Data Privacy Practitioner by Legal 500 EMEA 2022
Languages
- German
- English
- French
Memberships
Speeches
- Academy of European Law - Online Hate Speech: Legal and Policy Developments, Focus on the draft Digital Services Act - Trier & Online, 24-25 November 2022. Christian Schröder gives a speech on " How should business prepare for the Digital Services Act?".
- The Sedona Conference Working Group 6 Annual Meeting 2022 will take place on 3 and 4 February 2022. Christian Schröder will participate in two sessions alongside Hon. Elliott Myers, John M. Conlon, Hon. James C. Francis, Kenneth J. Withers,Emily Fedeles, Natascha Gerlach, Taylor Hoffman, Leeanne Mancari, Wayne Matus, David C. Shonka and Nichole Sterling and discuss recent privacy enforcement activities in the EU and privacy litigation.
Publications
- Author of the chapters on Data Privacy in M&A Transactions and Compliance and Whistleblowing in the Handbook on Corporate Data Privacy Law, Forgo/Helfrich/Schneider, 3 ed (March 2019)
- Co-authored, "Stumbling blocks of the DSGVO for multinational companies", DuD "Data Protection and Data Security" (December 2018)
- Author of the Chapter V on international data transfers in the German legal commentary Kühling/Buchner: DS-GVO, 2. ed. (March 2018)
- „In an editorial of the German commercial business magazine „Der Betrieb“ Christian summarized the key changes under the new German amended Federal Data Protection Act“.
- Co-Author, "Obtaining Discovery From EU After GDPR's Passage," New York Law Journal (February 2017)
- Co-Author, "Is Your Data Safe? National Cybersecurity Awareness Month", (October 2016)
- "EU General Data Protection Regulation and its Potential Impacts on Japanese Businesses", JCA Journal (July 2016)
- Co-Author, U.S. Companies Fined by German Data Protection Authority, RFG, (July 2016).
- Contributor, "Germany Eases Restrictions on Certain Privacy Class Actions," The Cybersecurity Law Report (February 2016).
- Co-Author, “German DPAs Add Further Pressure to E.U.-U.S. Data Transfers,” Intellectual Property & Technology Law Journal (January 2016).
- Author, "Continuing Fallout from the Invalidation of the U.S. – EU Safe Harbor Framework: What are the Next Steps?" The Chronicle of eDiscovery (December 2015).
- Author, “Safe Harbor : A terrible end - When is Safe Harbor 2.0,” ZD (German law journal on data privacy) (November 2015).
- Co-Author, "Safe Harbor ruling: coping with the current uncertainties," E-Commerce Law and Policy (November 2015).
- Author, "The Impact of the European Court of Justice’s Safe Harbor Ruling: Perspective from Germany," The Chronicle of eDiscovery (October 2015).
- Co-Author, "U.S. Southern District Court of New York: Microsoft is forced to hand over data stored in Ireland," ZD-Aktuell (2014).
- Co-Author, "US Southern District Court of New York: US-Warrant may cover data stored in clouds abroad," ZD (2014).
- Co-Author, "USA: Access by U.S. authorities to e-mails stored in Ireland – New risks for U.S. Clouds?" ZD-Aktuell (2014).
- Co-Author, Legal Handbook "Corporate Data Protection Law," Chapters 'Data Protection in M&A Transactions' and 'Compliance and Data Protection' Beck (2014).
- Author, "Product Protection for Innovative Mid-Size Companies," Mittelstandsmagazin Innovation & Wachstum Herbst (2013).
- Author, "Cloud and the In-house Data Protection Official," WEKA Sonderheft (2013).
- Co-Author, "Cloud Computing und EU/US Safe Harbor Principles – US-Department of Commerce publishes its own view," ZD-Aktuell (2013).
- Author, "Data Protection & Privacy Laws 2012 (Germany Chapter)," Financier Worldwide (December 2012).
- Co-Author, "Study on law enforcement access to information stored in clouds," ZD-Aktuell (2012).
- Co-Author, "Cloud Computing Strategie of EU Commission," ZD-Aktuell (2012).
- Co-Author, "Update: New Strategies on Promoting Cloud Computing," ZD-Aktuell (2012).
- Co-Author, "Art. 29 Group's Working Document on Cloud Computing - Are there special data protection requirements for the Cloud?," ZD (2012).
- Author, "Kirsch, Corporate Data Protection, recension," ZD-Aktuell (2012).
- Co-Author, "International Requirements for Cloud Computing - Summary and Analysis of the Best Business Recommendations of the Berlin Group," ZD (2012).
- Co-Author, "New requirements for Cloud Computing, Summary and Analysis of the "Guidance on Cloud Computing" issued by the German Data Protection Supervisory Authorities," ZD (2011).
- Author, "New German Federal Data Protection Act Amendments Take Effect, Experience With 2009 Amendments Assessed," BNA Privacy & Security Law Report (October 2011).
- Co-Author, "U.S.-District Court Utah: German data protection law is not considered a blocking statute within the context of a US Discovery," MMR (2010).
- Co-Author, "German Data Protection Act and Hague Convention," MMR (April 2010).
- Co-Author, "The impact of US-E-Discovery on German corporations," MMR (2008).
- Author, "The liability for the breach of privacy policies and codes of conduct under US-American and German law," (PhD-Thesis), Frankfurter Studien zum Datenschutzrecht (Hrsg. Simitis), Nomos Verlag Baden (November 2007).
- Author, "European Data Retention Directive - adoption in sight?" World Internet Law Report (December 2005).
- Author, "Binding Corporate Rules – analysis on the requirement on "being binding" pursuant to § 4 c II Federal Data Protection Act," DuD (2004).
- Author, "The US access to European passenger name records data - new threats due to passenger profiling? CAPPS II)," RDV (2003).
- "Anti-Money Laundering Law in Germany is going to be aggravated", Schröder, International Enforcement Reporter, 3 July 2002
- Author, "Notorious Names Override Common Names In German Domain Law," www.amrecht.com (June 2002).

Events

The Sedona Conference Working Group 6 Annual Meeting 2022

The Sedona Conference Working Group 6 Annual Meeting 2022 will take place on 3 and 4 February 2022. Christian Schröder will participate in two sessions to discuss recent privacy enforcement activities in the EU and privacy litigation.

February.03.2022 - February.04.2022 | Online (Zoom)

Dr. Christian Schröder

Engagements

Insights

5 Things You Need to Know About the EDPB's Cookie Report

You May Be Subject as Well!: Digital Services Act – What Companies Need to Know

Events

Orrick at the International Association of Privacy Professionals (IAPP) Global Privacy Summit

International Data Privacy Day with Orrick and the American Chamber of Commerce in Germany: EU-U.S. Data Privacy Framework

News

Jeffrey McKenna Receives 2022 “Outstanding Contributor Award” from LCJ for Innovation in International Discovery and Privacy

Orrick Advises German Vantage Towers AG on Multi-billion Infrastructure Deal with Vodafone, KKR and Global Infrastructure Partners