Muhammed Demircan LL.M.

he/himLawyer
About

Muhammed Demircan is a data & AI lawyer. He practices in the area of privacy, data protection and technology-focused regulations. His expertise focuses on EU-level regulations, covering existing legal instruments such as the GDPR and the ePrivacy Directive, as well as other EU digital & data laws such as the Data Act, Data Governance Act, EU AI Act, Digital Markets Act and Digital Services Act. He advises companies on compliance both with data protection rules and other EU digital laws and supports contentious data protection matters in cooperation with Belgian-qualified lawyers.

His previous built-up experience includes assistance with GDPR compliance processes and advice for both SMEs and bigger companies, ranging from the performance of risk assessments such as DPIAs and LIAs, building RoPAs, cookie and tracking technologies compliance management, legality assessments for new technologies including cybersecurity tools, to third-party compliance management. He also regularly advises clients on the applicability of and compliance with the EU digital laws with a special focus on the Data Act, Data Governance Act and the EU AI Act.

Muhammed is the author of various academic articles, including awarded novel pieces on the intersection of different legal instruments such as GDPR and the Digital Markets Act. He is also an external member of the Brussels Privacy Hub in VUB, which is a Brussels-based academic research centre. He regularly publishes blogposts and articles on the next wave of EU digital laws. He also participates in relevant events as a speaker/presenter.

Muhammed is listed as an Individual Expert on EDPB’s Support Pool of Experts, under the category of expertise on “legal expertise in new technologies”.

EXPERIENCE

  • Advising a global retail company on the GDPR and the EU AI Act implications of deploying an automated and AI-enabled CV evaluation tool.
  • Advising multiple companies on the applicability of the Data Act, Data Governance Act, the EU AI Act, Digital Services Act and EU cybersecurity laws based on their product and service offerings.
  • Supporting the EU legal policy strategy of a major provider of general-purpose AI models.
  • Advising on generative AI usage rules for a global pharmaceutical company.
  • Drafting a detailed legitimate interest assessment and advising on the safeguards to be implemented for an internal investigation for a global manufacturer of automotive motors and related products.
  • Advising a health startup on conditions applicable to 'anonymisation' and 'pseudonymisation' under the GDPR, taking the latest CJEU jurisprudence into account.
  • Advising a global retail company on the GDPR implications of deploying a global data loss prevention tool.
  • Advising on the qualification of a (connected) product and compliance obligations under the Data Act for a global company active in the batteries & rechargeables sector.
  • Drafting data breach notifications towards the Belgian Data Protection Authority, drafting multiple article 34 notification letters to data subjects and analysing the risks and mitigations arising from data breaches for multiple major companies.
  • Conducting several data protection and privacy audits with different areas of focus such as cookie compliance, a “cookieless” marketing strategy and all-round GDPR compliance for various Belgian firms, such as an insurance firm and a monitored alarms firm.
  • Providing in-house training for a very large social media company on the upcoming “EU Strategy for Data” regulations, focusing on the Digital Markets Act and the GDPR, to an audience of engineers and policy officers.
  • Assisting an UK-based AI risk management company to navigate and orient activities in light of the EU AI Act, helping them develop an EU AI Act integrated approach to technical risk management of AI systems.
  • Advising a Belgian medical research company on the data access rules of the upcoming European Health Data Space regulation.
  • Advising a leading Belgian insurance company on international data transfers, with a focus on existing transfer schemes and the newly accepted EU-US Data Privacy Framework.
  • Assisting a multinational German company active in life sciences sector with defining the notions of the data controller and data processor in the context of an expected M&A deal.
  • Drafting and reviewing general and activity-specific privacy policies and cookie policies after various internal workshops and foresight for multiple companies, active in different sectors and countries.
Languages
  • English
  • French
  • Turkish
Education
  • Vrije Universiteit Brussel, PhD Researcher in Law, 2021-2023
  • College of Europe, Advanced Master in European Law (LL.M.), Mention Bien, 2021
  • Galatasaray University, LL.B., Honour Roll, 2019
  • Jagiellonian University, Erasmus Exchange, 2018
  • Jagiellonian University, Erasmus Exchange, 2018

Seminars

  • LAILEC 2024 – Beyond the Rules: Regulatory Frontiers of AI and Data, KU Leuven, "Data Contracts",
  • DLA Piper Webinar, "Data Protection Litigation in Belgium (2023)",
  • Brussels Privacy Symposium, “Vulnerability, Digital Markets Act and Digital Services Act”, November 2022, Brussels,
  • Guest Lecture at VUB within the scope of the “Legal Professions in the Digital Age” course – “Competition & Privacy and Digital Markets Act”, May 2022, Brussels
  • 17th IFIP Summer School on Privacy and Identity Management 2022, “Digital Markets Act and GDPR: Making Sense of the Data-Sharing Provisions”, August 2022, Germany,
  • IE Law School Lawtomation Days, “Background Check Companies: Vulnerable Employee vs Digital Footprints, A Pandora’s Box”, September 2022, Madrid, Spain

Prior Experience

Before joining DLA Piper, Muhammed worked first in an international law firm as a trainee associate, focusing on corporate law, competition law and data protection and privacy law(s) in Istanbul. He then joined a leading data protection and privacy research centre in Brussels, where he acted as the managing director of the research centre. He also worked in an international consultancy firm in Brussels, focusing on Data & Privacy compliance.

Additional Qualifications

  • Individual Expert on European Data Protection Board (EDPB) Support List of Experts.

Memberships and Affiliations

  • Istanbul Bar, 2020
  • Associated Member of the French-Speaking Brussels Bar (B-List, International List), 2023
  • International Association of Privacy Professionals
  • External Member of the Brussels Privacy Hub

Connect