Catherine Di Lorenzo
Partner
Luxembourg
Catherine Di Lorenzo
Partner
Luxembourg
Contact Details
Catherine heads the IP, data and tech practice in Luxembourg and specializes in data protection, technology and transactional IP. She is one of the leading Luxembourg lawyers for strategic data protection matters. She advises clients across a wide range of business sectors (e-commerce, financial (including Fintech), insurance, asset managers, telecommunication, media and food sectors) with respect to their digital projects as well as with investigations by Luxembourg regulators.
An important part of Catherine’s practice involves helping clients in relation to all areas of data privacy, including incidents such as personal data breaches, international data transfers, marketing and online advertising (i.e. ad tech) and data protection authority investigations. She advises clients on technological developments like the Internet of Things, Artificial Intelligence and Big Data. Catherine has also extensive experience in assisting clients with their technology transactions, such as IT outsourcing (especially in the heavily regulated financial and insurance sectors), the creation of interactive platforms or joint software development projects. Catherine advises on evolving cyber-related regulations, helps clients respond to incidents, and regularly provides client training on these topics.
Catherine is recognised as a leading individual in her specialist areas, in both Chambers and Legal 500.
Qualifications
Professional
Admitted as avocat à la Cour, Luxembourg, 2010
Admitted to the Luxembourg bar under her professional home title, 2006
Admitted as Rechtsanwalt, Germany, 2006
Referendarin, Germany, 2003-2005
Academic
Doctorate in law, University of Trier, 2013
Second German Law Degree, Oberlandesgericht Koblenz, 2005
First German Law Degree, University of Trier, 2003
Related articles
Publications: 25 May 2023
Happy birthday, GDPR – five lessons from five years of EU data protection law
In the five years since the European Union’s General Data Protection Regulation came into force, what have been the main learnings for business, and what will the future hold?
Publications: 23 May 2023
Podcast: How to harness the power of generative AI for your business? Meet Harvey.
Publications: 24 April 2023
Increasing global cybersecurity regulation of private companies on the near horizon
Experience highlights
Strategic advisor to global technology company in relation to major GDPR and ePrivacy investigations, both during the investigation and the litigation phase.
Assisting a Fintech company with a cybersecurity incident caused by a defective third party software.
Advising an asset manager on the implementation of a robo-advisor tool for investors, including the drafting of the client-facing documents and the negotiation of agreements with third party software provider.
Assisting a major bank with the migration of its entire IT infrastructure to the cloud, which included negotiation with the cloud service providers, obtaining authorizations and liaising with the Luxembourg financial sector supervisory authority and drafting of intra-group service agreements.
Qualifications
Professional
Admitted as avocat à la Cour, Luxembourg, 2010
Admitted to the Luxembourg bar under her professional home title, 2006
Admitted as Rechtsanwalt, Germany, 2006
Referendarin, Germany, 2003-2005
Academic
Doctorate in law, University of Trier, 2013
Second German Law Degree, Oberlandesgericht Koblenz, 2005
First German Law Degree, University of Trier, 2003
Pro bono
- Assisting Médecins Sans Frontières Luxembourg on their compliance program in relation to the General Data Protection Regulation, including the data mapping, drafting records of processing and providing training to staff.
- Assisting Autisme Luxembourg in relation to the compliance of their website with data protection and ePrivacy requirements.
- Assisting Stëmm vun der Strooss, an organisation for homeless people in Luxembourg in relation to their compliance with the General Data Protection Regulation
Other noteworthy experience
Advising:
- Advising a European institution on the strategy for protecting its IP rights and the drafting of the contractual arrangements to be implemented in relation to the launch of a digital, collaborative platform.
- Assisting a U.S. investment advisor and private credit firm with their data protection compliance in connection with the establishment of several Luxembourg funds, including advice on contractual arrangements with service providers and investors as well as on data transfers.
- Assisting a major Luxembourg news website with the compliance of their cookie consent framework, including drafting a cookie policy and privacy notice to inform the data subjects about the processing of their personal data through the website and handling of complaints from data subjects.
- Assisting a virtual asset service provider in the setting up of an e-money institution in Luxembourg to deploy its strategy in Europe and further develop into a proper digital asset services provider. The advice covers banking regulatory, IT outsourcing, cybersecurity and data protection advice.
- Assisting a global tech company on the compliance of its connected devices (including virtual voice assistants) with data protection and medical devices regulations.
- Assisting an international provider of IT services in relation to the Digital Operational Resilience Act.
- Assisting on the negotiation of the transitional service agreement for the migration of IT systems and data in relation to the sale of the Luxembourg affiliate of a German Bank.
- Assisting the Luxembourg affiliate of a German bank in relation to the rules and limitations for transferring data in relation to the Panama Papers to German tax authorities.
Recognition
Catherine Di Lorenzo ‘is fully committed to her clients and has a deep knowledge of data protection regulation,’ reports one client. She maintains a broad caseload, encompassing GDPR compliance and IT outsourcing, as well as IP litigation and drafting licensing agreements.
Chambers and Partners, 2022
…Catherine Di Lorenzo is pivotal to the firm’s success in the [IP and data protection] area and as well as her formidable track record on the fee-earning side, is also highly visible in the wider Luxembourg market through her involvement in numerous technical working groups and associations.
Legal 500, 2022
Lauded for her ability to provide ‘business-focused and comprehensive advice’, Di Lorenzo has been pivotal to the firm's work in the data protection space and as well as regularly advising on compliance mandates.
Legal 500, 2021
Catherine Di Lorenzo is recognised as a ‘true expert of privacy related matters’ and has been at the forefront of the firm's GDPR related work.
Legal 500, 2020
Published work
- Di Lorenzo, C., Berger, T., Wagner, P. (2021) “Data Privacy & Transfer in Investigations (Luxembourg Chapter)”, Global Investigations Review
- Di Lorenzo, C., (co-author), (2020) “Arguments according to which it would not be mandatory for investment funds to appoint a data protection officer in the sole KYC/AML context”, Revue internationale de la propriété intellectuelle et du droit du numérique (LegiTech) - Pincode
- Di Lorenzo, C., Wagner, P. (2019) “Cookie consent – how to get it (right)”, Revue internationale de la propriété intellectuelle et du droit du numérique (LegiTech) - Pincode
- Di Lorenzo, C., (2017) “Employees' rights to use company IT vs employer's rights to monitor such use” in Connexion
- Di Lorenzo, C., (2017) “Privacy by design and privacy by default – New legal requirements under EU data protection law” in Silicon Magazine
- Di Lorenzo, C., (co-author), (2014) “ La sous-traitance informatique dans le secteur financier - cadre légal et implications pratiques” in Droit bancaire et financier au Luxembourg
- Di Lorenzo, C., (co-author), (2013), “Probleme der strafrechtlichen Produkthaftung von Vorstandsmitgliedern einer Aktiengesellschaft für das Zustandekommen eines rechtswidrigen Beschlusses - Haftung für vorsätzliches positives Tun bei Zustimmung, Enthaltung und Gegenstimme” (Europäische Hochschulschriften, (Peter Lang GmbH, Internationaler Verlag der Wissenschaften)
- Di Lorenzo, C., (2010) “VoIP: une activité réglementée ?” AGEFI
- “IT outsourcing in Luxembourg: impact of outsourcing in practice” (four-part article, AGEFI, September 2009, October 2009, November 2009 and December 2009)
