Dr. Lukas Feiler

Biography

Dr. Lukas Feiler, SSCP, CIPP/E, is specialized in technology litigations, focusing on regulatory and civil disputes in the areas of data protection, AI, and platform regulation. Building on his litigation expertise, Lukas advises clients on strategic compliance issues in the areas of cyber security, data protection, and AI.

He heads the Firm’s Commercial, Data, IPTech and Trade practice in Vienna. Lukas also leads the AI Desk in Vienna and is a member of the Firm’s EMEA Data Privacy & Security leadership team. Lukas regularly represents clients before the Austrian Supreme Court, the Austrian Administrative Supreme Court, the European Commission, and the EU’s General Court and the CJEU.

Lukas has published best-selling books on data protection, AI, and cybersecurity law. He also holds teaching positions for data protection law and AI law at the University of Vienna and the Sigmund Freud University Vienna.

Before his legal career, he worked as a software developer and system administrator in New York, Vienna, and Leeds and holds a certification as a Systems Security Certified Practitioner.

Practice Focus

Lukas’ practice is focused on representing clients in complex regulatory and civil technology litigations in the areas of data protection, AI, and platform regulation and regularly handles high-profile cases for market-leading technology companies. In particular, he has represented clients from various industries in more than 25 high-profile litigations against the data protection activist Max Schrems and his NGO noyb. Lukas is also known in the market as a strategic advisor in the areas of data protection, AI, cyber security, and digital copyright.

Representative Legal Matters

Advising the shareholders of APEIRON Biologics AG on the sale of their shares to an American investor.
Representing Google before the CJEU in a landmark case that established for the first time that the E-Commerce Directive’s country-of-origin principle grants the EU Member State where a provider is established the exclusive authority to regulate such provider (C‑376/22).
Representing two Austrian regional governments in GDPR mass litigations with 900 separate proceedings, including before the Austrian Administrative Supreme Court and the CJEU (C-638/23).
Representing a technology company in a collective redress litigation against Max Schrems and other plaintiffs seeking immaterial damages and unjust enrichment claims for alleged GDPR violations.
Representing a global financial services provider in an AI litigation concerning a claim for the disclosure of the logic of the client’s AI-powered AML algorithm.
Representing a Very Large Online Platform in appeals proceedings under the Digital Services Act (DSA) before the EU’s General Court.
Managing a global cyber incident for a global SaaS cloud provider, including the coordination of data breach notifications to customers and to authorities in 41 jurisdictions.
Representing a global technology company before the Austrian Supreme Court in a digital copyright litigation concerning retransmission rights and live online streaming of TV content.

Professional Honors

JUVE 2024 Tier 1 – IT and data protection
Bronze, World Trade Review (WTR) 1000 Austria 2024
An authority in data protection law, trend lawyers’ ranking 2022
Among the Top 3 for data protection law, trend Anwaltsranking 2021
Next Generation Partner in data privacy and data protection, in TMT, Legal 500 Europe 2020-2024
Intellectual Property, Chambers Global 2023/2024
TMT: Information Technology - Austria, Chambers Europe, 2020 - 2024
Best Lawyers in Austria 2019 and 2022 for information technology law, Handelsblatt in cooperation with Best Lawyers, 2019 and 2022
Rising Star in TMT, IFLR Europe 2019

Professional Associations and Memberships

Certified Information Privacy Professional/Europe (CIPP/E) (2015)
Systems Security Certified Practitioner (SSCP) (Certification) (2009)
International Association of Privacy Professionals (IAPP)
Austrian Chapter of the International Information Systems Security Certification Consortium ((ISC)²)
IT-LAW.AT - Scholarly Association for Information Law

Admissions

Austria (2014)

Education

University of Vienna (Dr. iur.) (2011)
Fellowship at the Freeman Spogli Institute for International Studies at Stanford University (2011)
Stanford-Vienna Transatlantic Technology Forum (TTLF) (Fellowship) (2009)
University of Vienna (Mag. iur.) (2008)

Languages

English
French
German

Co-author, "KI-VO – EU-Verordnung über Künstliche Intelligenz,“ 2024
Co-author (with Philipp Maier, Alexander Petsche, Silvia Samek), "Whistleblowing Directive: Closing the Gap — in 3 Steps," Baker McKenzie InsightPlus, November 2023
Co-author (with Michaela Petsche, Marlies Kittinger), "KI erschwert Patentierung von Erfindungen," Der Standard, 17.8.2023
Co-author (with Beat König, Ariane Müller), "KI: Imitation des Menschen als Quell der Regulierung," Der Standard, 18.07.2023
Co-author, "EU-DSGVO und DSG,“ 2nd ed., 2022

Co-author, “The EU General Data Protection Regulation (GDPR): A Commentary,” 2nd ed., 2021
Co-author (Abd El Malak Abanoub, Neuper Oliver, Reichetseder Martin, Rieken Simone, Romandy Istvan), "Whistleblowing & Internal Investigations - Praxiskommentar zur Whistleblowing-Richtlinie," LexisNexis ARD ORAC, 14 September 2021
Co-author (with Simone Rieken, et al.) Handbook "Hinweisgebersysteme - Implementierung in Deutschland, Österreich und der Schweiz," 2nd edition by Nic Behr, Felix Ruhmannseder and Georg Krakow, Müller C.F. Wirtschaftsrecht series, June 2021
Co-author (with Christopher Drolz), "DSGVO erleichtert Machine Learning für autonome Fahrzeuge," Industrie Magazin, 3 March 2021
Co-editor, (with Thomas Rainer Schmitt), MSchG Markenschutzgesetz in Leitsätzen, Verlag Österreich, 7 December 2020
Co-author (with Elisabeth Dehareng, Francesca Gaudino, Julia Kaufmann, Holger Lutz, Michaela Nebel, Michael Schmidl, Florian Tannen, Magdalena Kogut-Czarkowska, Joanna De Fonseka, Benjamin Slinn), "Europe: Guidelines on the concepts of controller and processor in the GDPR," Baker McKenzie InsightPlus, 22 September 2020
Contributor, Handbook Compliance, 3rd edition, edited by Karin Mair and Alexander Petsche, August 2019
Co-author, "Umsetzung der DSGVO in der Praxis,“ 2018
Co-author and publisher (with Dr. Bernhard Horn), "Umsetzung der DSGVO in der Praxis,“ Praxisliteratur, Vienna, 1 February 2018
Author, "Zur Vergütung von Vervielfältigungen zum privaten Gebrauch auf Speicherkarten für Mobiltelefone [The Compensation for Private Copies on Storage Cards of Mobile Phones]," Zeitschrift für Informationsrecht 2015/2, May 2015
Co-author, "Staatsschutz: Die Freiheit als Preis? [National Security: Is Freedom the Price?]," Der Standard, April 2015
Co-author, "Data Disposal Security Requirements under EU, Austrian and German Law," World Data Protection Report, March 2015
Co-author, "Internetriesen wollen Zahlungsdienste ohne Banken [Internet Giants Want Payment Services without Banks]," Der Standard, December 2014
Author, "Informationsfreiheit vs. Datenschutz - Datenschutz als Hemmschuh und Wegbereiter für das Grundrecht auf Zugang zu amtlichen Informationen [Freedom of Information v. Data Protection – Data Protection as Roadblock and Driver of the Fundamental Right of Access to Government Information]", Jahrbuch Datenschutzrecht 2014 [Yearbook Data Protection 2014], November 2014
Co-author, "Neuer Referentenentwurf zum IT-Sicherheitsgesetz [New Proposal for an IT Security Act in Germany]," cr-online.de, November 2014
Co-author, Der Entwurf für ein IT-Sicherheitsgesetz - europarechtlicher Kontext und die (eigentlichen) Bedürfnisse der Praxis [The Draft for an IT Security Act – EU Law Context and (Actual) Business Needs]", Computer und Recht, November 2014
Co-author, "Veröffentlichte Inhalte zur freien Verwendung? [Published Content Free for the Taking?]," Die Presse, November 2014
Author, Pflichten zur sicheren Datenentsorgung [Secure Data Disposal Duties], Medien und Recht, October 2014
Co-author, "Regulator will unlauteren Gewinn kassieren [Regulator Wants to Seize Unfair Profit]," Der Standard, September 2014
Co-author, "Die Mühen des Onlinevertriebs [The Troubles of Online Distribution]," Wirtschaftsblatt, July 2014
Co-author, "Die Leerkassettenvergütung für Computerfestplatten und SmartphoneDatenspeicher [Copyright Levy on Computer Hard-Discs and Smartphone-Data-StorageMedia]," ÖBl 2014/26, May 2014
Co-author, "Webgesperrt - Europäischer Gerichthof bejaht Website-Sperrungen bei Urheberrechtsverletzungen [Blocked Web – European Court of Justice Affirms Website Blockings in Case of Copyright Infringement]," c’t 2014/10, April 2014
Co-author, "EU-Gericht entzieht Festplattenabgabe ihre Grundlage [EU Court Destroys Basis for Private Copying Levy for Hard Disks]," Der Standard, April 2014
Co-author, "Big Data under Austrian Data Protection Law," World Data Protection Report, Volume 14, Number 3, March 2014
Co-author, "Bitcoin: Virtuelles Geld im rechtsfreien Raum? [Bitcoin: Virtual Money in Legal Vacuum?]," Die Presse, March 2014
Co-author, "Festplattenabgabe auf Irrwegen [Misguided Private Copying Levy for Hard Disks]," Die Presse, January 2014
Co-author, "Datenschutzrechtliche Schranken für Big Data [Limits for Big Data under Data Protection Law]," Medien und Recht, January 2014
Author, "Datenschutzrechtliche Herausforderungen bei internen Compliance-Untersuchungen [Data Protection-Related Challenges During Internal Compliance Investigations]," Jahrbuch Datenschutzrecht und E-Government 2013 [Yearbook Data Protection Law and EGovernment 2013], November 2013
Author, "Soziale Medien: Die Demokratisierung der Vierten Gewalt [Social Media: The Democratization of the Fourth Estate]," Meinungsfreiheit - Quo vadis? Jahrbuch Menschenrechte 2012/2013 [Freedom of Expression - Quo vadis? Jahrbuch Menschenrechte 2012/2013], October 2013
Author, "Urheberrechtsgesetz, Datenschutzgesetz, Computerstrafrecht [Copyright Act, Data Protection Act, Computer Crime]," Das neue Unternehmensstrafrecht [The New Corporate Criminal Law], July 2013
Author, "Auf Zuruf muss Google Ruf schützen [Upon Request, Google Must Protect Reputation]," Die Presse, May 2013
Author, "Die Cybersecurity-Richtlinie der EU-Kommission [The Cybersecurity Directive of the European Commission]," Security Insider, March 2013
Co-author, "Zulässige Privatkopie ist totes Recht [The Right to Private Copying is Dead]," Der Standard, February 2013
Co-author, "Teilen eines Links auf Facebook kann strafbar machen [Sharing a Link on Facebook Can Make Criminally Liable]," Die Presse, February 2013
Co-author, "High Noon im Kampf um Technologielizenzen" (High Noon in the battle for technology licenses), Der Standard, January 2013
Co-author, "Fragen für User, Antwort für Urheber [Questions for Users, Answers for Copyright Holders]," Die Presse, December 2012
Author, "Birth of the First-Download Doctrine —The Application of the First-Sale Doctrine to Internet Downloads under EU and US Copyright Law," Journal of Internet Law, September 2012
Co-author, "EuGH gewährt zweite Chance auf .eu-Wunschdomain [ECJ Grants Second Chance to Obtain Preferred .eu Domain]," Die Presse, August 2012
Co-author, "Die Grenzen des Keyword-Advertising [The Legal Limits of Keyword Advertising]," Recht.Extrajournal.Net Dossier, July 2012
Co-author, "Neue Net-Adressen erschweren Markenschutz [New Domain Names Complicate Trademark Protection]," Der Standard, June 2012
Co-author, "Prozedurale Prosa auf Europäisch – Kein Urheberrechtsschutz für Programmiersprachen [Procedural Prose in Europe—No Copyright Protection for Programming Languages]," c’t, June 2012
Co-author, "wetter.tv – Keine Haftung des Unternehmers für eine Google AdWords-Anzeige, Entscheidungsanmerkung zu OGH 20.12.2011, 17 Ob 22/11a [No Liability for a Corporation for a Google AdWord Campaign, Comment on Austrian Supreme Court 20.12.2011, 17 Ob 22/11a]," Österreichische Blätter für gewerblichen Rechtsschutz und Uhrheberrecht [ÖBl], May 2012
Co-author, "Wie Urheber im Web zu ihrem Recht kommen könnten [How Copyright Holders Could Enforce Their Rights Online]," Die Presse, May 2012
Co-author, "Facebook-Fremdpostings können teuer werden [Third-Party Facebook Postings Can Come at a High Price]," Der Standard, April 2012
Author, "Website Blocking Injunctions under EU and U.S. Copyright Law—Slow Death of the Global Internet or Emergence of the Rule of National Copyright Law?," Stanford-Vienna Transatlantic Technology Law Forum (TTLF) Working Paper No. 13, April 2012
Co-author, "Musik für Patienten und Freunde macht keine Abgabe nötig [Music for Patients or Friends Does Not Require Royalty Payments]," Die Presse, March 2012
Author, "Website-Sperren sind auch ohne ACTA Realität [Website Blocking Injunctions are Reality even without ACTA]," Der Standard, March 2012
Author, "Der Vorschlag der Europäischen Kommission für eine DatenschutzGrundverordnung der EU [The European Commission’s Proposal for a General Data Protection Regulation]," Medien und Recht International, February 2012
Author, "Händler haften für geknackte E-Gutscheine [Merchants Face Liability for Hacked Electronic Gift Certificates]," Der Standard, January 2012
Co-author, "Internet-Recht: Eigene Regeln über Online-Fans nötig [Internet Law: Separate Contractual Rules Needed for Twitter Followers]," Die Presse, January 2012
Author, “Information Security Law in the EU and the U.S.: A Risk-Based Assessment of Regulatory Policies,” 2011
Author, "Falsche Facebook-Freunde können gesetzwidrig sein [False Facebook Friends Can Be Illegal]," Der Standard, November 2011
Co-author, "Videospiele: Sanktionen für eilige Verkäufer [Video Games: Sanctions Against Hasty Sellers]," Die Presse, November 2011
Author, "Information Security Law in the EU and the U.S.," Springer, November 2011
Co-author, "Rechtliche Aspekte der Netzneutralität und ihrer Einschränkung [Legal Aspects of Net Neutrality and Its Limitation]," Medien und Recht, October 2011
Author, "Besser einmal als 27-mal [Better One Time Than 27 Times]," Der Standard, Wirtschaft & Recht, October 2011
Author, "Outages of Critical Information Infrastructure under EU and U.S. Law – Transparency v. Secrecy," Journal of Internet Law, September 2011
Co-author, "3D-Druck und die Rechte Dritter [3D Printing and the Rights of Third Parties]," DiePresse, July 2011
Co-author, "Die Einführung der Vorratsdatenspeicherung in Österreich [The Implementation of Traffic Data Retention in Austria]," Medien und Recht, June 2011
Author, "Information Security Law in the EU and the U.S. – A Risk-Based Assessment of Regulatory Policies," Stanford-Vienna Transatlantic Technology Law Forum (TTLF) Working Paper No. 9, April 2011
Author, "Separation of Ownership and the Authorization to Use Personal Computers: Unintended Effects of EU and US Law on IT Security," Santa Clara Computer & High Tech. L.J., March 2011