Dr. Michaela Nebel

Biography

Dr. Michaela Nebel is a partner in the Frankfurt office of Baker McKenzie. She obtained her Doctor of Law degree on a topic related to privacy in the Web 2.0 at the University of Passau. From July until December 2014 she practiced from the San Francisco office of Baker McKenzie. She is a Certified Information Privacy Professional/Europe (CIPP/E) and a Certified Information Privacy Professional/United States (CIPP/US). She is also the author of numerous articles on information technology law, in particular on data protection law and e-commerce law, and the co-author of an English language commentary on the EU General Data Protection Regulation.

Practice Focus

Michaela advises German and international companies on all aspects of information technology law, data protection law, data related and digital laws, IT contract law as well as e-commerce and artificial intelligence related matters. Her practice covers in particular data dispute matters, including legal disputes regarding the GDPR.

Representative Legal Matters

Advising several globally operating companies in connection with the use of AI systems.
Advising globally operating companies in connection with NIS2 requirements.
Advising numerous globally operating companies from various industries on the implementation of the GDPR as well as on international data transfers.
Advising several globally operating companies on proceedings with the data protection authorities and on legal disputes regarding the GDPR.
Advising several globally operating companies on their website compliance requirements (including terms of use, imprints, privacy statements, use of cookies and similar technologies, price indications, unfair competition, consumer protection law, contract law).
Seconded for two years to a large financial institution to advise on the implementation of the GDPR and on data protection law in general.

Professional Honors

TOP lawyer 2020 and 2024 for "IT law," WirtschaftsWoche, 2020, 2024
Germany's best lawyers 2020 for "data protection," Handelsblatt
Germany's best lawyers 2021, 2022, 2023 and 2024 for "data protection" and "information technology," Handelsblatt

Professional Associations and Memberships

Certified Information Privacy Professional/United States (CIPP/US) (2017)
Certified Information Privacy Professional/Europe (CIPP/E) (2015)
International Association of Privacy Professionals (IAPP)

Admissions

Germany (2011)

Education

Higher Regional Court of Munich (2011)
University of Passau (2010)
University of Passau (2008)

Languages

English
German

Previous Offices

San Francisco

Publications

Co-author, "Europe’s enhanced cybersecurity regime: Who does NIS2 apply to and what are the key obligations?", ConnectOnTech, February 2025
Co-author, "GDPR v. AI Act & other EU Data Regulation, Bloomberg, May 2024
Co-author, The EU-US data privacy framework and the impact on companies in the EEA and USA compared to other international data transfer mechanisms, Journal of Data Protection & Privacy, pages 120-134
Co-author, "NIS2-Directive: What companies have to consider", Baker McKenzie Kompass, 02/2023
Co-author, "Draft Whistleblowing Act – data protection considerations ", Baker McKenzie Kompass, 01/2023
Co-author, "International Data Transfers", IWRZ 2022, pages 204-208

Co-author, "International Data Transfer and Trade Restraints", Computer Law Review International 2022, S. 140 ff
Co-author, "KI-VO-Entwurf: Vorschlag zur Regulierung künstlicher Intelligenz", Baker McKenzie Kompass, March 2022
Co-author, "TMT Looking Ahead Tech Regulation and Compliance", Baker McKenzie report, March 2022
Co-author, "Whistleblower-Richtlinie - Umsetzungsfrist ist abgelaufen", Baker McKenzie Kompass, January 2022
Co-author, "Data Protection Day - Key developments and looking ahead to 2022", January 2022
Co-author (with Lukas Feiler and Nikolaus Forgo), "The EU General Data Protection Regulation (GDPR): A Commentary" second edition, October 2021
Co-author, "Standardizing data-processing agreements globally", IAPP, The Privacy Advisor, September 28, 2021
Co-author, "Top-10 do's and don'ts for service providers implementing the new SCCs with EU customers", IAPP, The Privacy Advisor, 22 June 2021
Podcast, ConnectOnTech, "Episode 32 - Enforcement of Schrems II - Focus on Germany"
Co-author, "The New European Commission Standard Contractual Clauses: What you need to know", ConnectOnTech, 11 June 2021
Co-author, "The third anniversary of the GDPR: Looking ahead", ConnectOnTech, 25 May 2021
Co-author, ConnectOnTech, "Data Protection Day - Looking ahead to 2021", 28 January 2021
Co-author, "International Data Transfers: Update regarding Standard Contractual Clauses", Baker McKenzie Kompass, February 2021
Co-author, "Data transfers and Brexit: Update", Baker McKenzie Kompass, February 2021
Co-author "Compliance and Investigations in Deutschland im Jahr 2020", Baker McKenzie InsightPlus, March 2021, p. 24-28
Co-author, "Geplante Änderungen des BGB zur Stärkung der Verbraucherschutzrechte", Baker McKenzie InsightPlus, December 2020
Co-author, "Another Million Euro Fine under the GDPR in Germany - What does it tell us?," Baker McKenzie InsightPlus, 16 October 2020
Co-author, "EU Consumer Protection Scrutiny of Terms & Conditions", Bloomberg Law, October 2020
Co-author, "Europe: Guidelines on the concepts of controller and processor in the GDPR," Baker McKenzie InsightPlus, 22 September 2020
Co-author, "Germany - Schrems II: Opinion of the European Data Protection Committee," Baker McKenzie InsightPlus, 24 July 2020
Co-author, "Germany: How to get Governmental Funding for Digital Health Apps?," Baker McKenzie InsightPlus, 23 July 2020
Co-author, "Germany: The decision of the German Federal Court of Justice on cookie consent - and further implications," Baker McKenzie InsightPlus, 9 July 2020
Co-author, "Europe: The "New Deal" - Consumer Protection Law Developments in the EU," Baker McKenzie InsightPlus, 1 July 2020
Co-author, "New EU Rules for Platform Providers", Baker McKenzie InsightPlus, June 2020
Co-author, "Omnibus Directive: Is There a New GDPR-style Legislation Waiting for us?", Connect On Tech, May 2020
Co-author, "EDPB - Guidelines on the Territorial Scope of the GDPR (Art. 3) and on Representatives (Art. 27) – Now adopted after public consultation", Baker McKenzie InsightPlus, December 2019
Co-author, "How are German Data Protection Authorities going to determine a fine? High fines imposed in Germany", Baker McKenzie Kompass, November 2019
Author, "The ECJ's decision on Cookies," Baker McKenzie Kompass, October 2019
Author, "One year of GDPR: What companies should observe," Baker McKenzie Kompass, June 2019
Author, "Free Flow of Data," IT-Rechtsberater, 5/2019, p. 113-115
Author, "Nine Months EU General Data Protection Regulation," Business Law Magazine 1/2019, p. 7-10
Author, Commentary on parts of the German Genetic Diagnostics Act, in: Dornbusch/Krumbiegel/Löwisch (eds.), Kommentar zum gesamten Arbeitsrecht, 9th edition 2018, 10th edition 2021
Co-author, "Drones and data protection," Baker McKenzie Kompass, August 2018
Co-author, "U.S. Cloud Act - clouds gathering over the General Data Protection Regulation?," Computer und Recht, June 2018, p. 408-412
Author, "New guidance from the data protection conference - Joint Controllers," Baker McKenzie Kompass, April 2018
Co-author, "The EU General Data Protection Regulation (GDPR): A Commentary," February 2018
Author, "Data Retention 2.0: More security for less freedom?," Wirtschaftsführer für junge Juristen, October 2017, p. 58
Author, "What you should know regarding the new Federal Data Protection Act," Baker McKenzie Kompass, August 2017
Citations regarding the draft ePrivacy Regulation in "Brussels increases requirements for digital offers," Lebensmittel-Zeitung, August 2017, p. 18
Author, "Data retention (Vorratsdatenspeicherung) 2.0," Baker McKenzie Kompass, August 2017
Co-author, "EU-U.S. Privacy Shield and Alternatives for International Data Transfers," Europäische Zeitschrift für Wirtschaftsrecht, November 2016, p. 811-816
Co-author, "The EU-U.S. Privacy Shield Versus Other EU Data Transfer Compliance Options," BNA, World Data Protection Report, Vo. 16 No. 8, August 2016
Author, "The EU General Data Protection Regulation’s Impact on Website Operators and eCommerce," Computer Law Review International, August 2016, p. 102-108
Co-author, "Germany: Official Guidance on Monitoring Emails and Internet Use of Employees," Computer Law Review International, June 2016, p. 93-95
Co-author, "Alternatives for Alternative Dispute Resolution in EU E-Commerce," Bloomberg BNA, Commerce & Law Report, June 2016
Author, "New EU Information Requirements Regarding Online Dispute Resolution for Online Retailers," BakerInform, March 2016
Co-author, "Data Residency Requirements Creeping into German Law," Bloomberg BNA, Privacy and Security Law Report, March 2016
Co-author, "Consequences of Russian data residency laws for cloud services and Internet service providers," Computer und Recht, August 2015, p. 510-515
Co-author, "Going Global Online - Basic E-Commerce and Data Privacy Considerations," Bloomberg BNA, Privacy and Security Law Report, January 2015, p. 1-7
Co-author, "Second Generation IT Outsourcing," Computer und Recht, October 2014, p. 629634
Co-author, "Unified Communications as a Service – Legal Challenges," Computer und Recht, February 2014, p. 85-93
Co-author, "Recent German Telecommunications Act: Amendments affecting data protection and data security breaches," World Data Protection Report, June 2013, p. 15-18
Co-author, "Damage claims for failure of Internet access," Kommunikation & Recht, April 2013, p. 251-253
Author, "Bring Your Own Device – Legal Challenges with private devices at work," Justament, April 2013, p. 12
Co-author, "Monitoring of Internet use of employees – Webtracking and Webfiltering Tools," Computer und Recht, December 2012, p. 787-792
Co-author, "E-Mail Services in the Cloud: Privacy and other Legal Considerations in 12 EU Member States," World Data Protection Report, August 2012, p. 37-40
Author, "The protection of privacy against media," in: Gräf/Halft/Schmöller (eds.), Privatheit Formen und Funktionen, April 2011, p. 109-133
Co-author, "Ownership Unbundling – A wrong track from an EU law perspective?," Europarecht 2009, p. 348-368

Events

Co-presenter, Employee data protection and AI, Baker McKenzie Frankfurt, November 26, 2024
Co-presenter, Data Act, Beck-Seminar, Webinars, e.g. March 16, 2024, November 15, 2024
Co-presenter, Data Act Roundtable, Baker McKenzie Frankfurt, September 16, 2024
Co-presenter, Roundtable on AI Act, Baker McKenzie Frankfurt, May 28, 2024
Co-presenter, "EU-U.S. Data Privacy Framework", Baker McKenzie Webinar, August 16, 2023
Co-presenter, "DORA – the Digital Operational Resilience Act for the financial sector", Roundtable, Frankfurt, June 20, 2023
Speaker, "Draft AI Act", Baker McKenzie Seminar, Munich, May 25, 2023
Speaker "Navigating New EU Laws (Digital Services Act, draft Artificial Intelligence Act and draft Data Act)" at the Global Data Privacy Roundtable, Palo Alto April 26, 2023, San Francisco April 27, 2023
Co-Speaker, Cybersecurity – selected legal topics and current developments, Baker McKenzie Seminar, Frankfurt, March 30, 2023
Moderator, "Current data protection topics from the perspective the data protection authority", IAPP KnowledgeNet, Frankfurt, March 09, 2023
Speaker, "Access requests pursuant to Art. 15 GDPR " at the Association of Foreign Banks e.V., online, November 10, 2022
Co-presenter at Tech Talk Germany 2022 for "Cybersecurity and Data protection" as well as "Update international data protection law ", online, November 11, 2022, https://tmt.bakermckenzie.com/en/thought-leadership/tech-talkgermany-2022
Co-Presenter, "Enforcement and data protection claims of individuals ", IAPP Data Protection Intensive: Germany 2022, Munich, October 12, 2022
Panelist, "Privacy: Best Practice and Avoiding Pitfalls Around the World", Tech Talk Silicon Valley 2022, Palo Alto, September 15, 2022
TMT Podcast Episode 59: “Privacy 2022 Predictions and What to Prepare For”, July 21, 2022
Moderated the Frankfurt KnowledgeNet Chapter event of the International Association for Privacy Professionals (IAPP) on May 24, 2022 on “U.S. Privacy Law Update for German Companies – California, Virginia, Colorado, Utah and what is next?”
Panelist in Washington D.C. at the IAPP Global Privacy Summit regarding "Privacy on the Blockchain – Challenges and Solutions" on April 12, 2022
Speaker at TÜV Nord in Hamburg on March 31, 2022 regarding "Die neuen Standardvertragsklauseln der EU: Auswirkungen auf die Praxis"
Co-presenter at the online seminar "Aktuelle Entwicklungen im Datenrecht" on March 29, 2022; presented on the draft Act on Artificial Intelligence
Co-presenter at the “Cross-Border Remote Working Compliance Talk” on March 1, 2022
Co-presenter at the "Central Asia in focus webinar series" on "Data protection and Covid-19: Trends, insights and comparison with the General Data Protection Regulation", February 23, 2022
Moderator of online session of the Frankfurt IAPP KnowledgeNet Chapters regarding "International data transfers" on January 28, 2021
Moderator of online session of the Frankfurt IAPP KnowledgeNet Chapters regarding “employee data protection in times of Covid19 from the regulators perspective”, on November 23, 2021
Moderator of virtual “Tech Talk Germany” and presenter on topics "Data Disputes" and "International Data Transfers", November 9, 2021
Keynote speech “Data Protection - Looking ahead to 2022" at Data Privacy Summit, Baker McKenzie Istanbul und Harvard Business Review, Webinar, September 30, 2021
Moderator of online conference of the International Federation of Computer Associations, September 30, 2021 for panel regarding “Trans-border Commerce – Present Challenges”
Co-presenter on “Privacy – Top 10 Hot Topics: What You Need to Know” at Tech Talk Silicon Valley on September 23, 2021
Co-presenter at webinar on "Standardizing Data Processing Agreements Globally", Baker McKenzie Webinar, August 10, 2021
Co-presenter, "Update Data Protection", Baker McKenzie Online Seminar, 13 July 2021
Speaker, "Managing Workforce", Baker McKenzie Online Seminar, 8 July 2021
Speaker, "The Draft Version of the new Standard Contractual Clauses", IAPP KnowledgeNet Frankfurt, 22 April 2021
Speaker, "International data transfers after Schrems II", 9. GDD Winter-Workshop, 25 January 2021
Co-presenter, "Deletion Concept", IAPP KnowledgeNet Frankfurt, 05 November 2020
Co-presenter, "Q&A - Schrems II - Your Questions - Our Responses", Baker McKenzie Online-Seminar, 02 November 2020
Moderator, "TMT Blockchain ", Baker McKenzie Webinar, 29 October 2020
Co-presenter, " Trends and challenges in the production and distribution of goods and services in the current legal environment: Online trade in the EU: What can companies expect?", Baker McKenzie Online-Seminar, 14 October 2020
Speaker, "Current developments regarding third country transfers", TÜV NORD Academy: Data Protection Conference, Hamburg, 08 -09 October 2020
Speaker, "International data transfers in the light of Schrems II and Brexit", Data Protection Conference VAB, Frankfurt, 15 September 2020
Co-presenter, "Data Transfers - Survival Strategies after CCPA, CPRA and Schrems II ", Tech Talk Silicon Valley 2020, 14 September 2020
Co-presenter, "US data transfers in the light of the Schrems II decision of the ECJ dated 16 July 2020", Baker McKenzie Online-Seminar, 07 August 2020
Co-presenter, " New risks and developments in e-commerce in the EU", Baker McKenzie Webinar, 29 July 2020
Co-presenter, „Data Protection International - Current developments in international data transfers“, Baker McKenzie Online-Seminar, 22 July 2020
Co-presenter, "Virtual Roundtable on Schrems II," Baker McKenzie Webinar 16 July 2020
Co-presenter, „EU Consumer Protection Law Developments – Impact on the TMT Industry”, Baker McKenzie Live Webinar, 15 June 2020
Host, “CCPA and other U.S. privacy developments - update on what German companies need to be aware of”, IAPP KnowledgeNet Frankfurt, 05 May 2020
Speaker, "Data protection issues when using cookies and similar technologies," Baker McKenzie Breakfast Briefing and Expert Committee Internet and eCommerce of the German Association of Law and Informatics ("Deutsche Gesellschaft für Recht und Informatik"), Frankfurt, December 2019
Panelist, "Data Protection Roundtable - Keeping up with privacy compliance: GDPR, CCPA and other data protection regulations", Brussels, November 2019
Speaker, "Vendors: contracting and auditing in practice," IAPP Data Protection Intensive Deutschland 2019, Munich, September 2019
Speaker, "Practical problems with the right of access," IAPP KnowledgeNet Frankfurt, June 2019
Panelist, "A year of GDPR: Enforcement in the limelight," Brussels, June 2019
Speaker, "Free Flow of Data," Deutscher IT-Rechtstag, Berlin, April 2019
Panelist, "Ahead of Privacy," Amsterdam, April 2019Speaker, "8 Months Post-GDPR - Best Practices," Frankfurt, January 2019
Speaker, "International data transfers pursuant to the GDPR," seminar at the Association of Foreign Banks in Germany e.V., November 2018
Speaker, "Data Monetization, Ownership and Privacy," Frankfurt, September 2018
Panelist, "Global Privacy Updates," Tech Talk, Santa Clara, September 2018
Speaker, "EU GDPR - Observations and Practical Guidance for the final 7 weeks," webinar, April 2018
Speaker, "The GDPR - like the sword of Damocles - act now?," 17th Compliance Talk in Frankfurt/Main, March 2018
Speaker, "Data Protection: What challenges companies have to face under the GDPR," Inhouse Under 40, Frankfurt, January 2018
Panelist, "Deep-Dive into the Evolving Landscape of European Data Privacy and its Relationship to the United States," Data Privacy Summit for Life Sciences, Philadelphia, October 2017
Speaker, "Draft ePrivacy Regulation: Impact on Internet and eCommerce," Expert Committee Internet and eCommerce of the German Association of Law and Informatics ("Deutsche Gesellschaft für Recht und Informatik"), Darmstadt, September 2017
Panelist, "GDPR Update", "Internet Service Provider / Platform Liability," Tech Talk, Santa Clara, September 2017
Speaker, "Data Protection Challenges: What companies have to do to prepare for the GDPR," Inhouse Under 40, Munich, March 2017
Speaker, "Update General Data Protection Regulation - draft ePrivacy Regulation, Art. 29 Working Party Guidance and draft German Federal Data Protection Act Supplementing the GDPR," Baker McKenzie Breakfast Briefing, Frankfurt/Main, March 2017
Panelist, "European Privacy Update," Tech Talk, Santa Clara, September 2016
Speaker, "EU General Data Protection Regulation - Impact on Internet and eCommerce," Expert Committee Internet and eCommerce of the German Association of Law and Informatics ("Deutsche Gesellschaft für Recht und Informatik"), Frankfurt/Main, June 2016
Speaker, "The Safe Harbor decision of the Court of Justice of the European Union of October 6, 2015," Baker McKenzie Breakfast Briefing, Frankfurt, October 2015
Panelist, "The Cloud and Data Residency," Tech Talk, Santa Clara, September 2015
Speaker, "EU Web and Mobile Compliance: Focus on European Marketing and Privacy Laws - Cookies, Opt-in Requirements, E-Commerce Laws," B&M Webinar, April 2015
Panelist, "EU Web and Mobile Compliance: Focus on European Marketing and Privacy Laws - Cookies, Opt-in Requirements, E-Commerce Laws," Association of Corporate Counsel, Santa Clara and San Francisco, March/April 2015
Speaker, "How to expand internationally, Part 9: Going Global Online," Bloomberg BNA Technology Business Webinar, November 2014
Panelist, "Data Protection/Privacy: Where Next Global Data Protection/Privacy Compliance," "Enforcement and Disputes: Data Privacy and Consumer Protection Highlights" and "Contracting Across Geographies: Localization and Negotiation Strategies," Doing Business Globally - Tech Talk, Santa Clara, November 2014
Speaker, "The UsedSoft Decision of the European Court of Justice," 1. Treffen zum deutsch-französischen IT-Recht, Deutsche Gesellschaft für Recht und Informatik, Frankfurt/Main, October 2012

Firm Committee Memberships

Head of Industry Group TMT GER