Dr. Michaela Nebel (geb. Weigl)

Partner

Baker McKenzie Rechtsanwaltsgesellschaft mbH von Rechtsanwälten und Steuerberatern

Frankfurt

T + 49 69 2 99 08 368

Email
Vcard

Biography

Dr. Michaela Nebel is a partner in the Frankfurt office of Baker McKenzie. Prior to joining Baker McKenzie she studied law at the University of Passau. She obtained her Doctor of Law degree on a topic related to privacy in the Web 2.0. From July until December 2014 she practiced at the San Francisco office of Baker McKenzie. She is a member of the International Association of Privacy Professionals (IAPP), since May 2015 a Certified Information Privacy Professional/Europe (CIPP/E) and since May 2017 a Certified Information Privacy Professional/United States (CIPP/US). She is also the author of numerous articles on information technology law, in particular on data protection law and e-commerce law, and the co-author of an English language commentary on the EU General Data Protection Regulation.

Practice Focus

Michaela advises German and international companies on all aspects of information technology law, data protection law, IT contract law as well as on e-commerce, IT / data litigation related matters. Her practice covers in particular advice of companies on issues concerning domestic and cross-border data privacy law.

Representative Legal Matters

Advising numerous globally operating companies from various industries on the implementation of the GDPR as well as on international data transfers.
Advising several globally operating companies on proceedings with the data protection authorities and on legal disputes regarding the GDPR.
Advising several globally operating companies on their website compliance requirements (including terms of use, imprints, privacy statements, use of cookies and similar technologies, price indications, unfair competition, consumer protection law, contract law).
Advising several globally operating companies on the implementation of eSignatures.
Advising a global operating financial institution on the acquisition of a provider of payment gateway software.
Seconded for two years to a large financial institution to advise on the implementation of the GDPR and on data protection law in general.
Advising a global operating automobile manufacturer on questions concerning data protection law in connection with the development of driver assistance systems.

Professional Honors

TOP lawyer 2020 for "IT law", WirtschaftsWoche, 2020
Germany's best lawyers 2020 for "data protection", Handelsblatt
Germany's best lawyers 2021 and 2022 for "data protection" and "information technology", Handelsblatt

Professional Associations and Memberships

Certified Information Privacy Professional/United States (CIPP/US) (2017)
Certified Information Privacy Professional/Europe (CIPP/E) (2015)
International Association of Privacy Professionals (IAPP)

Admissions

Germany (2011)

Education

Higher Regional Court of Munich (2011)
University of Passau (2010)
University of Passau (2008)

Languages

English
German

Previous Offices

San Francisco

Publications

Co-author (with Johannes Doeveling), "KI-VO-Entwurf: Vorschlag zur Regulierung künstlicher Intelligenz", Baker McKenzie Kompass, March 2022
Co-author, "TMT Looking Ahead Tech Regulation and Compliance", Baker McKenzie report, March 2022
Co-author (with Katja Häferer und Aileen Zengler), "Whistleblower-Richtlinie - Umsetzungsfrist ist abgelaufen", Baker McKenzie Kompass, January 2022
Co-author (with Benjamin Slinn, Brian Hengesbaugh, et al.), "Data Protection Day - Key developments and looking ahead to 2022", January 2022
Co-author (with Lukas Feiler and Nikolaus Forgo), "The EU General Data Protection Regulation (GDPR): A Commentary" second edition, October 2021
Co-author (with Lothar Determann, Helena Engfeldt, Flávia Rebello und Kensaku Takase), "Standardizing data-processing agreements globally", IAPP, The Privacy Advisor, September 28, 2021

Co-author (with Anna Verena Böhm, Gregor Dornbusch, Katja Haeferer, Guenther Heckelmann, Ludmilla Maurer, Matthias Scholz, Alexander Wolff, Matthias Köhler, Barbara Deilmann), "AR - Kommentar, Kommentar zum gesamten Arbeitsrecht," Luchterhand, 10. Auflage, 24.8.2021
Co-author (with Brian Hengesbaugh and Lukas Feiler), "Top-10 do's and don'ts for service providers implementing the new SCCs with EU customers", IAPP, The Privacy Advisor, 22 June 2021
Podcast (with Brian Hengesbaugh), ConnectOnTech, "Episode 32 - Enforcement of Schrems II - Focus on Germany"
Co-author (with Brian Hengesbaugh, Lothar Determann, et al.), "The New European Commission Standard Contractual Clauses: What you need to know", ConnectOnTech, 11 June 2021
Co-author (with Benjamin Slinn, Yann Padova, Magalie Dansac Le Clerc, Francesca Gaudino, Elisabeth Dehareng, Lukas Feiler et al.), "The third anniversary of the GDPR: Looking ahead", ConnectOnTech, 25 May 2021
Co-author (with Ben Slinn et al.), ConnectOnTech, "Data Protection Day - Looking ahead to 2021", 28 January 2021
Co-author (with Holger Lutz), "International Data Transfers: Update regarding Standard Contractual Clauses", Baker McKenzie Kompass, February 2021
Co-author (with Julia Kaufmann), "Data transfers and Brexit: Update", Baker McKenzie Kompass, February 2021
Co-author (with Holger Lutz) "Compliance and Investigations in Deutschland im Jahr 2020", Baker McKenzie InsightPlus, March 2021, p. 24-28
Co-author (with Julia Kaufmann, Johannes Teichmann, Michael Schmidl, Holger Lutz, Florian Tannen), "Geplante Änderungen des BGB zur Stärkung der Verbraucherschutzrechte", Baker McKenzie InsightPlus, December 2020
Co-author (with Julia Kaufmann, Michael Schmidl, Florian Tannen, Holger Lutz), "Another Million Euro Fine under the GDPR in Germany - What does it tell us?," Baker McKenzie InsightPlus, 16 October 2020
Co-author (with Julia Kaufmann, Lothar Determann), "EU Consumer Protection Scrutiny of Terms & Conditions", Bloomberg Law, October 2020
Co-author (with Elisabeth Dehareng, Lukas Feiler, Francesca Gaudino, Julia Kaufmann, Holger Lutz, Michael Schmidl, Florian Tannen, Magdalena Kogut-Czarkowska, Joanna De Fonseka, Benjamin Slinn), "Europe: Guidelines on the concepts of controller and processor in the GDPR," Baker McKenzie InsightPlus, 22 September 2020
Co-author (with Julia Kaufmann, Holger Lutz, Michael Schmidl, Florian Tannen, Nadine Neumeier), "Germany - Schrems II: Opinion of the European Data Protection Committee," Baker McKenzie InsightPlus, 24 July 2020
Co-author (with Julia Kaufmann, Michael Schmidl, Florian Tannen, David Pfahler, Frank Pfüger, Holger Lutz), "Germany: How to get Governmental Funding for Digital Health Apps?," Baker McKenzie InsightPlus, 23 July 2020
Co-author (with Julia Kaufmann, Michael Schmidl, Florian Tannen, Holger Lutz), "Germany: The decision of the German Federal Court of Justice on cookie consent - and further implications," Baker McKenzie InsightPlus, 9 July 2020
Co-author (with Julia Kaufmann and Michael Schmidl), "Europe: The "New Deal" - Consumer Protection Law Developments in the EU," Baker McKenzie InsightPlus, 1 July 2020
Co-author (with Julia Kaufmann, Michael Schmidl, Holger Lutz, Florian Tannen), "New EU Rules for Platform Providers", Baker McKenzie InsightPlus, June 2020
Co-author (with Julia Kaufmann, Magdalena Kogut-Czarkowska), "Omnibus Directive: Is There a New GDPR-style Legislation Waiting for us?", Connect On Tech, May 2020
Co-author (with Julia Kaufmann, Holger Lutz, Michael Schmidl, Benjamin Slinn, Harry Small, Julia Wilson, Florian Tannen), "EDPB - Guidelines on the Territorial Scope of the GDPR (Art. 3) and on Representatives (Art. 27) – Now adopted after public consultation", Baker McKenzie InsightPlus, December 2019
Co-author, "How are German Data Protection Authorities going to determine a fine? High fines imposed in Germany", Baker McKenzie Kompass, November 2019
Author, "The ECJ's decision on Cookies," Baker McKenzie Kompass, October 2019
Author, "One year of GDPR: What companies should observe," Baker McKenzie Kompass, June 2019
Author, "Free Flow of Data," IT-Rechtsberater, 5/2019, p. 113-115
Author, "Nine Months EU General Data Protection Regulation," Business Law Magazine 1/2019, p. 7-10
Author, Commentary on parts of the German Genetic Diagnostics Act, in: Dornbusch/Fischermeier/Löwisch (eds.), Kommentar zum gesamten Arbeitsrecht, 9th edition 2018
Co-author, "Drones and data protection," Baker McKenzie Kompass, August 2018
Co-author, "U.S. Cloud Act - clouds gathering over the General Data Protection Regulation?," Computer und Recht, June 2018, p. 408-412
Author, "New guidance from the data protection conference - Joint Controllers," Baker McKenzie Kompass, April 2018
Co-author, "The EU General Data Protection Regulation (GDPR): A Commentary," February 2018
Author, "Data Retention 2.0: More security for less freedom?," Wirtschaftsführer für junge Juristen, October 2017, p. 58
Author, "What you should know regarding the new Federal Data Protection Act," Baker McKenzie Kompass, August 2017
Citations regarding the draft ePrivacy Regulation in "Brussels increases requirements for digital offers," Lebensmittel-Zeitung, August 2017, p. 18
Author, "Data retention (Vorratsdatenspeicherung) 2.0," Baker McKenzie Kompass, August 2017
Co-author, "EU-U.S. Privacy Shield and Alternatives for International Data Transfers," Europäische Zeitschrift für Wirtschaftsrecht, November 2016, p. 811-816
Co-author, "The EU-U.S. Privacy Shield Versus Other EU Data Transfer Compliance Options," BNA, World Data Protection Report, Vo. 16 No. 8, August 2016
Author, "The EU General Data Protection Regulation’s Impact on Website Operators and eCommerce," Computer Law Review International, August 2016, p. 102-108
Co-author, "Germany: Official Guidance on Monitoring Emails and Internet Use of Employees," Computer Law Review International, June 2016, p. 93-95
Co-author, "Alternatives for Alternative Dispute Resolution in EU E-Commerce," Bloomberg BNA, Commerce & Law Report, June 2016
Author, "New EU Information Requirements Regarding Online Dispute Resolution for Online Retailers," BakerInform, March 2016
Co-author, "Data Residency Requirements Creeping into German Law," Bloomberg BNA, Privacy and Security Law Report, March 2016
Co-author, "Consequences of Russian data residency laws for cloud services and Internet service providers," Computer und Recht, August 2015, p. 510-515
Co-author, "Going Global Online - Basic E-Commerce and Data Privacy Considerations," Bloomberg BNA, Privacy and Security Law Report, January 2015, p. 1-7
Co-author, "Second Generation IT Outsourcing," Computer und Recht, October 2014, p. 629634
Co-author, "Unified Communications as a Service – Legal Challenges," Computer und Recht, February 2014, p. 85-93
Co-author, "Recent German Telecommunications Act: Amendments affecting data protection and data security breaches," World Data Protection Report, June 2013, p. 15-18
Co-author, "Damage claims for failure of Internet access," Kommunikation & Recht, April 2013, p. 251-253
Author, "Bring Your Own Device – Legal Challenges with private devices at work," Justament, April 2013, p. 12
Co-author, "Monitoring of Internet use of employees – Webtracking and Webfiltering Tools," Computer und Recht, December 2012, p. 787-792
Co-author, "E-Mail Services in the Cloud: Privacy and other Legal Considerations in 12 EU Member States," World Data Protection Report, August 2012, p. 37-40
Author, "The protection of privacy against media," in: Gräf/Halft/Schmöller (eds.), Privatheit Formen und Funktionen, April 2011, p. 109-133
Co-author, "Ownership Unbundling – A wrong track from an EU law perspective?," Europarecht 2009, p. 348-368

Events

TMT Podcast Episode 59: “Privacy 2022 Predictions and What to Prepare For”, July 21, 2022
Moderated the Frankfurt KnowledgeNet Chapter event of the International Association for Privacy Professionals (IAPP) on May 24, 2022 on “U.S. Privacy Law Update for German Companies – California, Virginia, Colorado, Utah and what is next?”
Speaker in Washington D.C. at the IAPP Global Privacy Summit regarding "Privacy on the Blockchain – Challenges and Solutions" together with Monica Ortel (Protocol Labs) and Lothar Determann (BM Palo Alto) on April 12, 2022
Speaker at TÜV Nord in Hamburg on March 31, 2022 regarding "Die neuen Standardvertragsklauseln der EU: Auswirkungen auf die Praxis"
Co-presenter at the online seminar "Aktuelle Entwicklungen im Datenrecht" on March 29, 2022 together with Holger Lutz and Lothar Determann; presented on the draft Act on Artificial Intelligence
Speaker at the “Cross-Border Remote Working Compliance Talk” on March 1, 2022 together with Ludmilla Maurer (PG Tax, Frankfurt), Geoffrey Poras (PG Tax, Paris), Pamela Mafuz (PG Employment, Madrid), Julia Wilson (PG Employment, London) und Tony Haque (Immigration, London)
Speaker at the "Central Asia in focus webinar series together with Azamat Kuatbekov and Gulnur Bekmukhanbetova (Baker McKenzie Almaty) on "Data protection and Covid-19: Trends, insights and comparison with the General Data Protection Regulation", February 23, 2022
Moderator of online session of the Frankfurt IAPP KnowledgeNet Chapters regarding "International data transfers" with Marie Lange from HBDI on January 28, 2021
Moderator of online session of the Frankfurt IAPP KnowledgeNet Chapters regarding “employee data protection in times of Covid19 from the regulators perspective”, with Katja Horlbeck from HBDI on November 23, 2021
Moderator of virtual “Tech Talk Germany” and presenter on topics "Data Disputes" and "International Data Transfers", November 9, 2021
Gave keynote speech “Data Protection - Looking ahead to 2022" at Data Privacy Summit, Baker McKenzie Istanbul und Harvard Business Review, Webinar, September 30, 2021
Moderator of online conference of the International Federation of Computer Associations, September 30, 2021 for panel regarding “Trans-border Commerce – Present Challenges”
Co-presenter on “Privacy – Top 10 Hot Topics: What You Need to Know” at Tech Talk Silicon Valley on September 23, 2021
Presenter at webinar with Lothar Determann, Helena Engfeldt, Flavia Rebello und Kensaku Takase on "Standardizing Data Processing Agreements Globally", Baker McKenzie Webinar, August 10, 2021
Speaker (with Michael Kaiser (HBDI), Michael Schmidl and Florian Tannen), "Update Data Protection", Baker McKenzie Online Seminar, 13 July 2021
Speaker (with Francesca Gaudino and Julia Wilson), "Managing Workforce", Baker McKenzie Online Seminar, 8 July 2021
Speaker (with Domenico Romanazzi and Matthias Artzt, Deutsche Bank AG), "The Draft Version of the new Standard Contractual Clauses", IAPP KnowledgeNet Frankfurt, 22 April 2021
Speaker, "International data transfers after Schrems II", 9. GDD Winter-Workshop, 25 January 2021
Speaker (with Ralf Winter (Willis Towers Watson GmbH), "Deletion Concept", IAPP KnowledgeNet Frankfurt, 05 November 2020
Co-presenter (with Stefan Brink (state commissioner for data protection and freedom of information Baden-Wuerttemberg (Landesbeauftragter für den Datenschutz und die Informationsfreiheit in Baden-Württemberg)), Holger Lutz, Michael Schmidl, Julia Kaufmann), "Q&A - Schrems II - Your Questions - Our Responses", Baker McKenzie Online-Seminar, 02 November 2020
Moderator (panelists: Lothar Determann, Stephanie Magnus, Carolina Pardo, Matthias Artzt (Deutsche Bank AG) and Dave Hirsch (SEC), "TMT Blockchain ", Baker McKenzie Webinar, 29 October 2020
Co-presenter (with Julia Kaufmann, Nadine Neumeier), " Trends and challenges in the production and distribution of goods and services in the current legal environment: Online trade in the EU: What can companies expect?", Baker McKenzie Online-Seminar, 14 October 2020
Speaker, "Current developments regarding third country transfers", TÜV NORD Academy: Data Protection Conference, Hamburg, 08 -09 October 2020
Speaker, "International data transfers in the light of Schrems II and Brexit", Data Protection Conference VAB, Frankfurt, 15 September 2020
Co-presenter (with Lothar Determann, Brian Hengesbaugh, Amy de la Lama), " Data Transfers - Survival Strategies after CCPA, CPRA and Schrems II ", Tech Talk Silicon Valley 2020, 14 September 2020
Co-presenter (with Stefan Brink (state commissioner for data protection and freedom of information Baden-Wuerttemberg (Landesbeauftragter für den Datenschutz und die Informationsfreiheit in Baden-Württemberg)), Holger Lutz, Michael Schmidl, Julia Kaufmann), "US data transfers in the light of the Schrems II decision of the ECJ dated 16 July 2020", Baker McKenzie Online-Seminar, 07 August 2020
Co-presenter (with Julia Kaufmann, Ingmar Oltmanns), " New risks and developments in e-commerce in the EU", Baker McKenzie Webinar, 29 July 2020
Co-presenter (with Holger Lutz und Lothar Determann), „Data Protection International - Current developments in international data transfers“, Baker McKenzie Online-Seminar, 22 July 2020
Co-presenter (with Florian Tannen, Lukas Feiler, Elisabeth Dehareng, Joanna de Fonseka, Francesca Gaudino, Brian Hengesbaugh, Wouter Seinen), "Virtual Roundtable on Schrems II," Baker McKenzie Webinar 16 July 2020
Co-presenter (with Julia Kaufmann, Magdalena Kogut-Czarkowska, Lothar Determann), „EU Consumer Protection Law Developments – Impact on the TMT Industry”, Baker McKenzie Live Webinar, 15 June 2020
Presenter (Speaker was Lothar Determann), “CCPA and other U.S. privacy developments - update on what German companies need to be aware of”, IAPP KnowledgeNet Frankfurt, 05 May 2020
Speaker, "Data protection issues when using cookies and similar technologies," Baker McKenzie Breakfast Briefing and Expert Committee Internet and eCommerce of the German Association of Law and Informatics ("Deutsche Gesellschaft für Recht und Informatik"), Frankfurt, December 2019
Panelist, "Data Protection Roundtable - Keeping up with privacy compliance: GDPR, CCPA and other data protection regulations", Brussels, November 2019
Speaker (with Stefan Plier (Siemens)), "Vendors: contracting and auditing in practice," IAPP Data Protection Intensive Deutschland 2019, Munich, September 2019
Speaker, "Practical problems with the right of access," IAPP KnowledgeNet Frankfurt, June 2019
Panelist, "A year of GDPR: Enforcement in the limelight," Brussels, June 2019
Speaker, "Free Flow of Data," Deutscher IT-Rechtstag, Berlin, April 2019
Panelist, "Ahead of Privacy," Amsterdam, April 2019Speaker, "8 Months Post-GDPR - Best Practices," Frankfurt, January 2019
Speaker, "International data transfers pursuant to the GDPR," seminar at the Association of Foreign Banks in Germany e.V., November 2018
Speaker, "Data Monetization, Ownership and Privacy," Frankfurt, September 2018
Panelist, "Global Privacy Updates," Tech Talk, Santa Clara, September 2018
Speaker, "EU GDPR - Observations and Practical Guidance for the final 7 weeks," webinar, April 2018
Speaker (with Domenico Romanazzi (Deutsche Bank AG)), "The GDPR - like the sword of Damocles - act now?," 17th Compliance Talk in Frankfurt/Main, March 2018
Speaker, "Data Protection: What challenges companies have to face under the GDPR," Inhouse Under 40, Frankfurt, January 2018
Panelist, "Deep-Dive into the Evolving Landscape of European Data Privacy and its Relationship to the United States," Data Privacy Summit for Life Sciences, Philadelphia, October 2017
Speaker, "Draft ePrivacy Regulation: Impact on Internet and eCommerce," Expert Committee Internet and eCommerce of the German Association of Law and Informatics ("Deutsche Gesellschaft für Recht und Informatik"), Darmstadt, September 2017
Panelist, "GDPR Update", "Internet Service Provider / Platform Liability," Tech Talk, Santa Clara, September 2017
Speaker, "Data Protection Challenges: What companies have to do to prepare for the GDPR," Inhouse Under 40, Munich, March 2017
Speaker, "Update General Data Protection Regulation - draft ePrivacy Regulation, Art. 29 Working Party Guidance and draft German Federal Data Protection Act Supplementing the GDPR," Baker McKenzie Breakfast Briefing, Frankfurt/Main, March 2017
Panelist, "European Privacy Update," Tech Talk, Santa Clara, September 2016
Speaker, "EU General Data Protection Regulation - Impact on Internet and eCommerce," Expert Committee Internet and eCommerce of the German Association of Law and Informatics ("Deutsche Gesellschaft für Recht und Informatik"), Frankfurt/Main, June 2016
Speaker, "The Safe Harbor decision of the Court of Justice of the European Union of October 6, 2015," Baker McKenzie Breakfast Briefing, Frankfurt, October 2015
Panelist, "The Cloud and Data Residency," Tech Talk, Santa Clara, September 2015
Speaker, "EU Web and Mobile Compliance: Focus on European Marketing and Privacy Laws - Cookies, Opt-in Requirements, E-Commerce Laws," B&M Webinar, April 2015
Panelist, "EU Web and Mobile Compliance: Focus on European Marketing and Privacy Laws - Cookies, Opt-in Requirements, E-Commerce Laws," Association of Corporate Counsel, Santa Clara and San Francisco, March/April 2015
Speaker, "How to expand internationally, Part 9: Going Global Online," Bloomberg BNA Technology Business Webinar, November 2014
Panelist, "Data Protection/Privacy: Where Next Global Data Protection/Privacy Compliance," "Enforcement and Disputes: Data Privacy and Consumer Protection Highlights" and "Contracting Across Geographies: Localization and Negotiation Strategies," Doing Business Globally - Tech Talk, Santa Clara, November 2014
Speaker, "The UsedSoft Decision of the European Court of Justice," 1. Treffen zum deutsch-französischen IT-Recht, Deutsche Gesellschaft für Recht und Informatik, Frankfurt/Main, October 2012

Firm Committee Memberships

Head of Industry Group TMT GER

Geschäftsführer: Dr. Matthias Scholz, Dr. Thomas Schänzle, Dr. Christian Vocke
Baker McKenzie Rechtsanwaltsgesellschaft mbH von Rechtsanwälten und Steuerberatern is registered with the Local Court of Frankfurt/Main (registered seat) HRB 123975. It is associated with Baker & McKenzie International, a Verein organized under the laws of Switzerland.