Morrison Foerster is an international law firm with lawyers practicing throughout the United States, Asia, and Europe. Click to discover more.

mofo_share_image.jpg

Morrison Foerster

common-default.jpeg

Terms / Notices

Cookies

Privacy Policy

Attorney Advertising

Secure Login

Alumni

  Facebook

MoFo Facebook

  Linkedin

MoFo LinkedIN

Twitter

MoFo Twitter

YouTube

MoFo Youtube

Morrison Foerster - Footer

What happened to the one-stop shop?

You have not solved the recaptcha challenge yet or session expired, try again.

Email Disclaimer

Disclaimer

Unsolicited e-mails and information sent to Morrison Foerster will not be considered confidential, may be disclosed to others pursuant to our <a href="https://www.mofo.com/about/privacy-policy.html">Privacy Policy</a>, may not receive a response, and do not create an attorney-client relationship with Morrison Foerster. If you are not already a client of Morrison Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.

Feedback

mofo-logo-2022.svg

People

Capabilities

Resources

About

Culture

Offices

Careers

Stay Connected

At the time of the adoption of the EU General Data Protection Regulation, the European Commission touted as the benefit for companies that the GDPR would bring a one-stop-shop enforcement mechanism, whereby the supervisory authority of the "main establishment" of such controller or processor in the EU will serve as the "lead SA" in respect of its "cross-border processing" activities.

We are Morrison Foerster — a global firm of exceptional credentials. Our clients include some of the largest financial institutions, investment banks, and Fortune 100, technology, and life sciences companies. The Financial Times has named us to its list of most innovative law firms in North America every year that it has published its Innovative Lawyers Reports in the region,and Chambers Asia-Pacific has named us the Japan International Firm of the Year for the sixth year in a row. Our lawyers are committed to achieving innovative and business-minded results for our clients, while preserving the differences that make us stronger.Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Prior results do not guarantee a similar outcome.

About Morrison Foerster

people-default-header-desktop.jpg

people-default-header-mobile.jpg

Default Meta Data

At the time of the adoption of the EU General Data Protection Regulation, the European Commission touted as the benefit for companies that the GDPR would bring a one-stop-shop enforcement mechanism, whereby the supervisory authority of the "main establishment" of such controller or processor in the EU will serve as the "lead SA" in respect of its "cross-border processing" activities. In the first landmark enforcement decision under the GDPR, however, the French supervisory authority (CNIL) fined Google, despite the fact that the complaints concerned cross-border processing in the EU, which calls for one-stop-shop enforcement.In her op-ed for IAPP Privacy Perspectives, Morrison & Foerster Senior Of Counsel Lokke Moerel explores the merits of the CNIL’s decision against Google.  She argues that this decision undermines the essence of the one-stop-shop as provided by the GDPR, which may be a short-term benefit to the CNIL and its national enforcement powers against Google but will ultimately prove detrimental to effective EU-wide enforcement (including uniformity in application and legal certainty) in the longer term. The SAs further cannot have it both ways. The one-stop shop cannot be applied when it suits them. Either there is a one-stop shop enforcement option against Google (whereby the lead SA in one single decision ensures EU-wide enforcement) or we go back to the pre-GDPR days where each and every SA needs to act against Google to ensure enforcement in its own jurisdiction. The GDPR stands for the first option.<a target="_blank" href="https://iapp.org/news/a/perspective-what-happened-to-one-stop-shop/">Read Lokke’s op-ed</a>The op-ed is a summary version of a <a target="_blank" href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3337478">full article</a> published on SSRN.

What happened to the one-stop shop?

Sign Up

<div class="videoWrapper"><iframe class="sticky-video" title="Meet Lokke Moerel, Privacy and Data Security Senior Of Counsel" src="https://www.youtube-nocookie.com/embed/uk873cH6OuE?rel=0" frameborder="0" allow="autoplay; encrypted-media" allowfullscreen="1" title="iframe"></iframe></div>Among the world’s best-known privacy and cybersecurity advisers, Lokke Moerel is regularly called upon by some of the most sophisticated multinational organizations to confront their global privacy and ethical challenges. Lokke routinely offers guidance to clients when implementing new technologies and digital business models and assists them with their global cybersecurity incident response and regulatory investigations.An authority on Artificial Intelligence (AI), Big Data, and the Internet of Things, Lokke has a proven track record helping clients shape complex AI projects that combine global data assets of multinational companies in the healthcare, financial services, technology, and recruitment sectors, with the intricate technologies of tech giants to create next generation AI solutions. An industry thought leader, Lokke presented a review of the drafted AI Regulation to a closed session of European Commission and Members of Parliament on behalf of the World Employment Federation. Lokke is MoFo’s lead counsel on Binding Corpore Rules (BCR) and has unsurpassed experience advising multinational companies in obtaining their BCR approvals throughout the EU, having authored the leading textbook on BCR published by Oxford University.Lokke is also professor of global ICT law at Tilburg University and co-academic director of the Tilburg University professional learning programs “Big Data: AI & Law” (teaching Algorithmic Accountability) and “Advanced Cyber Security and Governance.” Lokke is a member of the Dutch Cyber Security Council (the independent advisory body of the Dutch cabinet on cybersecurity), member of the Monitoring Committee of the Dutch Corporate Governance Code, and non-executive board member of several nonprofit organizations.Lokke has practiced law in the Netherlands, London, and Berlin, and is now resident in MoFo’s Brussels office. She is also a member of MoFo’s global Environmental, Social, and Governance (ESG) steering committee.

Lokke Moerel

Senior Of Counsel

Privacy + Data Security