Isabell Conrad

Founding partner of CSW Attorneys at Law

2013 Member as “Lead Expert” of the German Bar Association in the “EU Expert Group on Cloud Computing Contracts” of the EU Commission

Since 2004 with SSW Lawyers Tax Consultants Financial Auditors, since 2008 as partner

Digitalization and IT law

Data protection and IT security law (public and non-public sector)

E-commerce and Internet law

IT contract law, licenses, open source software

Software copyright

IT-related antitrust law

IT-related labor law

Data protection and data transfer concepts in the context of industry 4.0 and digitalization in a wide range of industries (national and international), including public bodies, as well as data protection in corporate groups and on platforms

Social data protection, including without limitation the realization of the electronic patient file, and the implementation of the OZG (Online Access Act)

Anonymization and pseudonymization concepts, especially in the context of AI applications/neutral networks.

IT outsourcing contracts, IaaS/SaaS/PaaS, R&D contracts, project contracts (ERP/CRM/HR system implementation),

“Data protection by design and by default” in procurement and implementation

Open source compliance

Mobile and e-commerce terms and conditions, privacy-compliant customer journey, privacy information, etc.

IT security issues also for critical infrastructure, compatibility with data protection

Compliance (such as IT and data protection-related policies, company agreements, ethical guidelines, whistleblowing, anti-corruption, internal investigations, etc.).

Know-how-protection, digitization and AI (incl. copyright in computer programs, databases, parameter setting as well as IT-related antitrust law).

German

English

French

Editor of reference books

• Auer-Reinsdorff/Conrad (eds.), Handbook of IT and Data Protection Law, 3rd ed. 2019, C.H. Beck Publishing House (approx. 3,000 pages)
• Auer-Reinsdorff/Conrad (eds.), Handbook of IT and Data Protection Law, 2nd ed. 2016, C.H. Beck Publishing House (approx. 2,500 pages)
• Conrad/Grützmacher (eds.), Law of Data and Databases in the Company, 2014, Publishing House Dr. Otto Schmidt (1,216 pages).
• Auer-Reinsdorff/Conrad (eds.), Beck’s Mandate Handbook IT Law, 1st ed. 2011, C.H. Beck Publishing House (1,976 pages)
• Conrad (ed.), Islands of Reason, 2009, Publishing House Dr. Otto Schmidt (198 pages).

Book contributions (selection)

• Author of various chapters in the above-mentioned works, inter alia, on data protection law, data protection on the Internet, IT security law, IT contract law, software creation contracts, maintenance and support contracts, antitrust aspects of IT law, employment aspects of IT law, Processor BCR
• Scheja/Quae/Conrad/Hausen, Archiving and Disposal, in: Forgó/Helfrich/Schneider (eds.), Corporate Data Protection., 3rd ed. 2019, C.H. Beck Publishing House
• Conrad/Dovas, Data Disclosure to Trading Partners and Disclosure Obligations; in: Forgó/Helfrich/Schneider (eds.), Operational Data Protection., 3rd ed. 2019, C.H. Beck Publishing House
• Conrad, Country Report Germany, in: Briner/Funk (eds.), Yearbook 2017, series of publications of the German Society for Law and Informatics, 2018, Publishing House Dr. Otto Schmidt.
• Conrad, Employee Data Protection, in: Schneider (ed.), Handbook of Computer Law., 5th ed. 2017, Publishing House Dr. Otto Schmidt
• Antoine/Conrad, Employment Contract Law, in: Schneider (ed.), Handbook of Computer Law., 5th ed. 2017, Publishing House Dr. Otto Schmidt
• Conrad/Hausen, Archiving and Disposal, in: Forgó/Helfrich/Schneider (eds.), Corporate Data Protection., 2nd ed. 2017, C.H. Beck Publishing House
• Conrad/Dovas, Data Transfer to Trading Partners and Disclosure Obligations; in: Forgó/Helfrich/Schneider (eds.), Corporate Data Protection, 2nd ed. 2017, C.H. Beck Publishing House
• Conrad/Licht, Management Contract for External Corporate Data Protection Officers, Redeker (Ed.), Handbook of IT Contracts, Dr. Otto Schmidt Publishing House, Looseleaf
• Conrad/Klatte, Data Transfer to Trading Partners and Disclosure Obligations, in: Forgó/Helfrich/Schneider (eds.), Corporate Data Protection, 2014, C.H. Beck Publishing House., pages 711-741.
• Conrad/Schmittmann, Every Year Again: Current Developments in Licensing in Insolvency, in: Redeker/Hoppen (eds.), DGRI Yearbook, 2012, Dr. Otto Schmidt Publishing House., pp. 295-302.
• Conrad/Hausen, External Employees in Purchasing – Protection of Trade and Business Secrets and Data Protection Requirements, in: Redeker/Hoppen (eds.), DGRI Yearbook, 2012, Dr. Otto Schmidt Publishing House, pages 302-307.
• Conrad, Global Sourcing Asia – Advice on Drafting Contracts with Partners in “Unsafe Third Countries”, in: Redeker/Hoppen (eds.), DGRI Yearbook, 2012, Dr. Otto Schmidt Publishing House., pages 307-312.
• Conrad, How Does Legislation Protect Corporate Data, in: Schoepke/Stober (eds.), Corporate Security and Data Protection, 2012, Carl Heymanns Publishing House., pages 33-52.
• Conrad, DLP – Protection of Secrets, Protection of Competition, Data Protection, in: Schartner/Taeger (Eds.), DACH Security 2011, Publishing House, pp. 178-191.
• Conrad/Hausen/Schneider, Chapter 15 Data privacy, in: Schwarz/Peschel-Mehner (eds.), Internet law, loose-leaf collection, 2011 version, Recht und Wirtschaft Publishing House, pages 1-176.

Articles in Specialist Journals

• Conrad, Compliance requirements for the use of videoconferencing services, Berlin Attorneys’ Journal 7/2020, 284
• Conrad/Tabrizi, Digitalization and Data Pools – Where is the Journey Headed in Times of Corona?, Multimedia and Law (MMR) 2020, 205
• Tinnefeld/Conrad, Self-Determined Consent in European Law – Prerequisites and Problems, Journal for Data Protection (ZD) 2018, 391
• Conrad, Editorial: “Accountability by Design” – the new solution in data protection, Journal for Data Protection (ZD) 12/2016
• Conrad, Editorial: Data Trading and Corporate Acquisition, Journal for Data Protection (ZD) 1/2016
• Conrad, Editorial: Data Protection Control in the Law Firm, Journal for Data Protection (ZD) 4/2014, 165
• Conrad, Editorial: Incompatibilities between antitrust, data protection and software law, Multimedia and Law (MMR) 7/2013, 413
• Conrad, Big Data und ByoD (Bring your own Device) – Data Treasure and Data Protection, Informatik-Spektrum 4/2013, 407
• Conrad/Fechtner, IT outsourcing by law firms after the ECJ’s debt collection decision and the BGH ruling of 7.2.2013 – Data protection law requirements, Computer and Law (CR) 04/2013, 137
• Conrad/Schneider, Crossborder E-Commerce – Introduction to the Current Series, IT Legal Advisor (ITRB) 2013, 61
• Conrad/Hausen, Data Protection Risks with Messenger Apps, WEKA Data Protection Practice 1/2013, 12
• Conrad, New Wind in Data Protection through Foundation and Competition (Law)?, New Legal Weekly (NJW) 34/2012, 14
• Conrad, Smartphones – Mobile Data Protection, The Trade (Der Handel) 5/2012, 42
• Conrad, Use of Data Loss Prevention Systems in the Company, Computer and Law (CR) 12/2011, 797
• Conrad/Schneider, Use of “private IT” in the company – No private USB stick, but “bring your own device”?, Journal for Data Protection (ZD) 2011, 153
• Conrad/Hausen, German Federal Court for Labour Law (BAG): Decision for an Internal Data Protection Officer Hardly Changeable?, Journal for Data Protection (ZD) 1/2011, XIII
• Conrad/Hausen, Data Protection-compliant Deletion of Personal Data, Tightening by the Draft Law on Employee Data Protection?, IT Legal Advisor (ITRB) 2011, 35
• Conrad, Personnel Data Management in Corporate Groups, Wage+Salary (Lohn+Gehalt), 2006, 33
• Conrad/Antoine, Works Agreements on IT and Telecommunications Facilities, IT Legal Advisor (ITRB) 2006, 90
• Conrad/Witzel, RFID Tickets: A Balancing Act Between Market Potential and Privacy, JUVE German Commercial Law Firms 2005, 303
• Conrad, Transfer of Employee Data between Affiliated Companies, IT Legal Advisor (ITRB) 2005, 164
• Conrad, RFID Ticketing from a Data Protection Perspective, Computer and Law (CR) 2005, 536
• Conrad, Ways to the Source Code: On the Consequences of the Decision of the Federal Court of Justice (BGH) of 16.12.2003 – X ZR 129/01, IT Legal Advisor (ITRB) 2005, 12

Expert Opinion for the EU Commission within the EU Expert Group on Cloud Computing Contracts, for DGRI and for German Bar Association (DAV)

• Conrad/Dovas/Poggioli/Selk/Wolfgram, Cloud Computing Contracts – Discussion Paper on Subcontracting, 25.5.2014.
• Conrad, Data Location Restrictions according to German Law, Feb. 2015

Statements by the German Society for Law and Information Technology (DGRI) and the German Bar Association (DAV)

• Conrad/Grützmacher, Opinion 24/2017 of the German Lawyers’ Association on aspects of personal rights of § 63a StVG-E and § 32 para. 1 No. 8 StVG-E in the Draft Law amending the Road Traffic Act (“draft on highly or fully automated driving”).
• Conrad, Opinion 27/2016 of the German Bar Association on the draft bill of the Federal Ministry of the Interior dated 23.11.2016 for an Act on the Adaptation of Data Protection Law to Regulation (EU) 2016/679 (“GDPR”) and on the Implementation of Directive (EU) 2016/680 (Data Protection Adaptation and Implementation Act EU – DSAnpUG-EU)
• Conrad/Fechtner/Lejeune/Matthiesen/Stögmüller/Witzel, DGRI Opinion on Draft Regulation on the Application of Article 101(3) of the Treaty on the Functioning of the European Union to Categories of Technology Transfer Agreements and Guidelines on the Application of Article 101 of the Treaty on the Functioning of the European Union to Technology Transfer Agreements (no. 21625424990-18 of the Transparency Register of the European Commission), May 17, 2013, http://www.dgri.de/68n288/Stellungnahmen.htm, http://www.dgri.de/index.php/fuseaction/download/lrn_file/stellungnahme-zum-entwurf-der-technologietransfer-gvi.pdf
• Conrad/Mayen/Schneider, Opinion 8/2013 of the German Bar Association by the Information Law Committee on the relationship between the General Data Protection Regulation (COM(2012) 11 final) and the protection of the confidentiality of communications.
• Conrad/Redeker/Selk, Statement 2/2013 of the German Bar Association by the Information Law Committee on the Communication of the European Commission “Unleashing the Potential of Cloud Computing in Europe” COM(2012) 529 final

2007-2021 a total of 49 presentations at scientific conferences and symposia on topics of data protection and IT law, most recently (selection):

• “Modifications of Digital Content/Services and Digital Elements in Smart Products-how to Design the Contracts”, Münster Colloquia on EU Law and the Digital Economy, 10.6.2021
• “Is There Anything More Important Than Data Protection?”, German Lawyers’ Day, 11.6.2021
• “Implementation of Art. 25 GDPR: Description of Services, Warranty Rights, Liability” (Specification of services, warranty rights, liability), Cologne IT Law Days, 25.3.2021
• “Trends and Developments in IT and Data Protection Law 2020,” OSE Symposium, Jan. 29, 2021
• “Agile Work – Synthesis or Contradiction?
  Contract Drafting and Legal Claim Management”, Imbus QS Days, 25.1.2021
• “Digitalization in Law Firms and as a Mandate – Where Does the Journey Go in Data Protection in Times of Corona and Beyond?”, 80th Conference ARGE Labour Law in the German Bar Association, 11.12.20
• “FAQ on Data Protection in Law Firms,” German Lawyers Day, 6/18/2020
• “Trends and Developments in IT and Data Protection Law 2019,” OSE Symposium, Jan. 31, 2020
• “Employee Data Protection and Artificial Intelligence,” Annual Conference of the German Society for Law and Computer Science, Nov. 9, 2019
• “Joint Control – Contracts according to Art. 26GDPR”, Bavarian IT-Law Day, 18.10.2019
• “Digitalization as a Challenge for the Legal Profession”, PSP Round Table Digitalization, 19.7.2019
• Since 2006 lecturer in the specialist course for information technology law of the German Lawyers’ Academy (DAA) for IT contract law, data protection, IT security and antitrust law
• Since 2013, head of the “IT Law Summer Course” and the “IT Law Course” of the C.H.Beck Academy
• Since 2017, scientific conference director of the OSE symposium with focus on IT and data protection law
• Since winter semester 2018/2019 guest lecturer for the block lecture “Data Protection on the Internet and Cybersecurity” at the Karlsruhe Institute of Technology (KIT) in the computer science program
• Since 2019, together with Kerstin Benedikt, head of the JUC network “Data Protection and Data Security” in Munich