Privacy and Data Protection


Cédric Burton is the managing partner of Wilson Sonsini Goodrich & Rosati's Brussels office, where he co-chairs the firm's global privacy and cybersecurity practice and leads the EU data protection team. He assists clients of all sizes with regard to privacy and data protection, information technology, data security, advertising and marketing, and e-commerce laws.

Cédric has developed substantial experience in advising companies on all facets of global, European, and Belgian privacy and data protection law. His privacy and data protection practice covers all sectors and includes a wide range of activities, such as:

  • Defining global and pan-European strategies for compliance, advising on complex data flows and international data transfer requirements, implementing multifaceted compliance programs, and preparing data breach response schemes;
  • Developing creative and practical advice on unsettled topics such as online profiling and behavioral advertising, big data, data analytics, cloud computing, social networking, mobile devices and location-based services, facial recognition, RFID, smart grids, employee monitoring, whistleblowing hotlines, CCTV, and data security;
  • Counseling clients on how to resolve or mitigate risks related to conflicts between EU data protection law and foreign requirements such as e-discovery procedure, SOX and OFAC requirements, data requests from foreign governments, law enforcement, and intelligence units;
  • Assisting clients with the review of the European data protection legal framework, including preparing strategic advice and impact analysis, and drafting language in the context of the review of Directive 95/46 and Directive 2002/58 EC;
  • Representing clients in their dealings with the European Commission, the Article 29 Working Party, and the data protection authorities, including the Belgian Privacy Commission; and
  • Handling notification procedures, joining the EU-U.S. Privacy Shield Program, and implementing Binding Corporate Rules and Standard Contractual Clauses.

Cédric was recognized as a "Leader in his Field – Associate to Watch" by Chambers Europe in 2012 and 2013. He has authored many articles relating to privacy and data protection law and speaks regularly on data protection-related topics.

Prior to joining the firm, Cédric was an associate in the Brussels office of Hunton & Williams. Earlier in his career, he worked as a research fellow in privacy and data protection law at the Research Center on IT and Law (CRID) of the University of Namur (Belgium) and at the Center on Law and Information Policy (CLIP) at Fordham University (New York). Cédric is fluent in French and English.

  • Advised a major credit card company on all aspects of its European data protection complaisance scheme, in particular its strategy for compliance in all EU member states, self-certification to the U.S. Safe Harbor Program, marketing and data analytics legal requirements, implementation of online rewards and loyalty programs, registration with local data protection authorities, and review of privacy policies, terms and conditions, and service provider agreements
  • Advised a multinational company on its strategy for international data transfers in 50+ countries
  • Assisted a major U.S.-based company with the conflict between European data protection law and foreign legal obligations requiring the disclosure of consumers' personal data to intelligence units
  • Advised a major Belgian company in connection with the migration of its email server to a cloud computing platform
  • Assisted a U.S. company in responding to a request for information from the Belgian data protection authority regarding its privacy notice and consent language
  • Attended Council of Europe sessions on profiling on behalf of the ICC
  • Advised an online career and recruitment company regarding its data protection compliance strategy, including its privacy notice, terms of use, DPA registrations, and international data transfers
  • Advised a European company on how to comply with European data protection requirements in the context of an SEC investigation
  • Prepared two studies for the European Commission on the interaction between online copyright enforcement and data protection in 11 selected member states
  • LL.M., Intellectual Property and Information Technology Law, Fordham University School of Law, 2007
  • LL.M., IT Laws and Management, University of Namur, Belgium, 2005
    Magna Cum Laude; Recipient, "Best Interdisciplinary Student Award," 2005; Recipient, "Best Brief Prize" as winner of International Moot Cyber-Tribunal Contest, 2005
  • J.D., University of Liège, Belgium, 2004
    Cum Laude
  • Member, International Association of Privacy Professional (IAPP) European Advisory Board, 2015-present
  • Contributor, DataGuidance
  • Member, International Association of Privacy Professionals (IAPP), 2007-present
  • Member, International Technology Law Association (ITechLaw), 2007-present
  • Selected for inclusion in Law360’s 2019 list of "Top Attorneys Under 40" in the cybersecurity and privacy category
  • Recognized as one of the "Best Privacy and Data Security Law Lawyers in Belgium" by Best Lawyers, 2019
  • Selected for inclusion in the 2015 edition of The Legal 500 Europe, Belgium, Privacy & Data Protection
  • Selected for inclusion in The Who's Who Legal Telecommunications Media & Technology, Information Technology, 2014-2015
  • Recognized as a "leading talent" in privacy and data protection law in The International Who's Who of Information Technology Lawyers, 2013
  • Recognized as a leader in his field and ranked as an "Associate to Watch" in the 2012 and 2013 editions of Chambers Europe – TMT, Information Technology, Belgium
  • Presenter, "WSGR Getting Ready for the GDPR Series - Session 5: Regulatory Aspects of the GDPR," WSGR Privacy & Data Protection Webcast, November 17, 2016
  • Presenter, "WSGR Getting Ready for the GDPR Series - Session 4: The GDPR, Privacy Shield, and EU-U.S. DataTransfers - What to Do Now?," WSGR Privacy & Data Protection Webcast, September 13, 2016
  • Presenter, "WSGR Getting Ready for the GDPR Series - Session 3: The GDPR for Service Providers," WSGR Privacy & Data Protection Webcast, July 12, 2016
  • Presenter, "WSGR Getting Ready for the GDPR Series - Session 2: Enhanced Individuals Rights," WSGR Privacy & Data Protection Webcast, June 8, 2016
  • Presenter, "Getting Ready for the GDPR," WSGR Privacy & Data Protection Webcast, May 2016
  • Presenter, "The EU-U.S. Privacy Shield: A New Tool for Data Transfers to the U.S.?" WSGR Privacy & Data Protection Webcast, March 2016
  • Panelist, "Transferts de données à caractère personnel intra-groupe et à l'international, quels risques encourus ? Comment être conforme ?" CREO Business Information & Seminars, Brussels, Belgium, February 2016
  • Panelist, "General Data Protection Regulation," Brussels European Employee Relations Group (BEERG), Brussels, Belgium, February 2016
  • Presenter, "Update on the EU-U.S. Safe Harbor Program," WSGR Privacy & Data Protection Webcast, October 2015
  • Presenter, "An Update on the EU Data Protection Regulation," WSGR Privacy & Data Protection Webcast, July 2015
  • Panelist, "EU Data Protection Reform and Data Localization Initiatives: Impacts and Strategies for Global Data Transfers," IAPP Europe Data Protection Congress 2014, Brussels, Belgium, November 2014
  • Panelist, "Data-Driven Economy – How Can We Use the Full Potential of the Data-Driven Revolution?" TechAmerica Europe's Annual Plenary, November 2014
  • Panelist, "Ethics, Fundamental Rights and Big Data," 36th International Conference of Data Protection and Privacy Commissioners, Balaclava, Mauritius, October 2014
  • Panelist, "Privacy in mobility and location data" panel, 7th International Conference, Computers, Privacy & Data Protection, Reforming Data Protection: The Global Perspective, Brussels, Belgium, January 2014
  • Panelist, "Transitioning between Data Transfer Mechanisms: Challenges and Opportunities," IAPP Data Protection Congress 2013, Brussels, Belgium, December 2013
  • Presenter, "The Challenges of Data Protection in Cloud Computing," ERA Annual Conference on European Data Protection Law 2013, Trier, Germany, November 2013
  • Moderator, "Mobile Devices and Applications: Risks, Challenges, Opportunities, and Future Trends" panel, 6th International Conference, Computers, Privacy & Data Protection, Reloading Data Protection, Brussels, Belgium, January 2013
  • Presenter, "How to Regulate Corporate Social Media in Compliance with European Privacy and Data Protection Law," FEDISA Belgium, Social Media, Law and Ethics, Brussels, Belgium, June 2012
  • Presenter, "Update on Electronic Archiving, e-Discovery and Data Protection: Electronic Archiving Between the Rock and the Hard Place," CRID, JURITIC, Namur, Belgium, May 2011
  • Presenter, "Location Based Services, Mobile Devices, Location Technologies & Shifting Values, Evolving Values Regarding Vocational Privacy - the European Legal Framework," Fifth Fordham Annual Law & Information Society Symposium, New York, New York, March 2011
  • Presenter, "Update on European Data Protection," ABA Privacy Information & Security Law, ABA Antitrust Section/Privacy & Security Committee Webinar, October 2009
  • Brussels Bar

Contact Information

Rue Montoyer 47
1000 Brussels, Belgium 
Phone | +32 2 274 57 22

Email | Cedric Burtoncburton@wsgr.com

Areas of Expertise

Print to PDF