updated 2:28 PM CEST, May 24, 2023

Steptoe & Johnson boosts privacy, cybersecurity expertise in Brussels

Brussels, Belgium, with the Paul-Henry Spaak European Parliament building in the foreground Brussels, Belgium, with the Paul-Henry Spaak European Parliament building in the foreground

Steptoe & Johnson LLP, the Washington, DC-based international law firm, has named two privacy and cybersecurity experts to its Brussels office, as it ramps up its expertise in the area of privacy and cybersecurity.

Charles Albert Helleputte headshotCharles-Albert Helleputte, a well-known privacy and cybersecurity lawyer, has been named a Steptoe Brussels office partner, while Diletta De Cicco – also a privacy/cybersecurity specialist – joins him there as an asssociate.

Helleputte, pictured left, comes to Steptoe from Mayer Brown's Brussels offices, where he had also been a partner specializing in global cybersecurity and data privacy. De Cicco also joins from Mayer Brown.

In a statement announcing his appointment, Steptoe & Johnson said Helleputte "advises clients on compliance with existing EU and national cybersecurity, data and privacy laws, such as the directive on security of network and information systems (the NIS Directive), the General Data Protection Regulation (GDPR) and the Cybersecurity Act, along with upcoming developments such as the ePrivacy Regulation and the Digital Services Act."

It noted that he has experience working with clients "in a range of sectors, including hospitality, financial, insurance, travel, aviation, and infrastructure", helping them to respond to the increasing security, accountability and transparency requirements and demands they are confronting, while also helping them to implement data governance programs, and to develop global data transfer mechanisms.

Data privacy in EU spotlight

Steptoe's appointments to its Brussels office come at a time when cyber-attacks and data breaches around the world have been on the increase, and European courts in particular have been wrestling with existing regulations governing the way personal data is handled. 

A recent European  Court of Justice (ECJ) ruling, for example, which struck down the main mechanism used by the EU to protect the personal data of EU citizens when it's transferred to the U.S., was described as representing a potential "game changer" for those institutions that routinely handle such data. 

As reported, the so-called "Schrems II" ruling was seen as potentially likely to force Europe's courts to revisit the way FATCA compels Europe's banks and financial institutions to pass information on their U.S. citizen and Green Card-holding account-holders to the U.S.

Among those commenting on the ECJ's Schrems II ruling in its immediate aftermath, and its potential implications for social media companies like Facebook, were three Steptoe experts – Philip Woolfson, Maury Shenk and Paul Hughes – who wrote in a post-ruling analysis that Schrems II "threatens to disrupt the flow of data between the EU and the United States (and possibly other countries), in a manner similar to and possibly more durable than the [original 2015 Schrems decision].

"Any entity that transfers personal data from the EU to the United States should pay careful attention to the implications of the [latest] decision."

Meanwhile, they added, even as "European residents, governments, authorities, and courts" face a continuing struggle to engage with such non-European entities within the boundaries circumscribed by the GDPR provisions, these same provisions – the ones "at issue in Schrems II" – will continue to "restrict transfers of personal data to countries outside the EEA that do not confer an equivalent level of protection to GDPR".

Helleputte, who is known to colleagues as "Charles", is "well-known in the Brussels market for his in-depth knowledge of EU privacy, data and cybersecurity laws and regulations", in addition to being a "prolific wDiletta De Cicco Steptoe Johnson croppedriter" who also regularly speaks on industry panels on data privacy and cybersecurity issues, Steptoe chairman Phil West said.

He’s also described as being a member of the International Association of Privacy Professionals (IAPP), holds a CIPP/E certification, and serves as co-chair of the Brussels KnowledgeNet Chapter.

He’s fluent in English and Dutch, in addition to his native French, Steptoe’s announcement of his appointment says.

He received his B.A. from the Université Saint-Louis, Brussels, and earned his J.D., cum laude, from Université Catholique de Louvain, Louvain-la-Neuve, and an executive master degree, also cum laude, from Solvay Business School, according ot Steptoe.

De Cicco, pictured left, also comes to Steptoe from Mayer Brown's Brussels offices. In 2016 she received a Master of Laws degree from Belgium's College of Europe, where the subject of her thesis was "General Data Protection Regulation and its twofold impact on data subjects' rights and business activities".  

Steptoe & Johnson was founded in 1913 in Clarksburg, West Virginia. Today it employs more than 500 lawyers and other professionals in offices around the world, including – in addition to Washington DC and Brussels – Beijing, Chicago, Hong Kong, London, Los Angeles, New York and San Francisco.


Click here  to sign up to receive the American Expat Financial News Journal's free weekly news bulletin, and occasional breaking news bulletins