TLS Interview Series Part 2: Marc Elshof, Co-Head of the European Technology, Media and Telecommunications Sector Group, Dentons
In part two of TLS Director of Business Development Dennis van de Schraaf's interview series, he speaks with Marc Elshof, Co-Head of the European Technology, Media and Telecommunications Sector Group at Dentons, about his career and the future of data privacy.
How have you experienced the road to becoming partner?
It has been a very interesting journey. I started my career on our corporate litigation and insolvency team. After five years, I got the opportunity to switch to the commercial team where the leading partner was looking for someone to grow the IT and data division. I thought it would be a nice opportunity to try something new, so I went for it. Eight months in, the partner moved to another firm. The entire team, including me, had the opportunity to move with her, but I did not feel the right connection with that other firm. Dentons (back then still Boekel) gave me the opportunity and trust to start building a new team from the ground up. We hired an associate and got to work building trust with clients and making connections with potential clients. We worked very hard, but also had a lot of fun. This was in April 2014. In February 2015, I was promoted to partner. Today, our small two-person team has grown into a fully fledged 12-person IP, data, and technology team.
What would be your main piece of advice to junior lawyers for becoming a successful partner at a big firm like Dentons?
Build relationships from day one, both internally and externally. Be eager to learn from your team, clients, peers, and more senior people in the firm. Be curious and look beyond the obvious answer. Be diligent in your work and meet and beat deadlines and client expectations.
In the end, our profession is about trust. Only if clients trust you will they be willing to let you work on their most sensitive and important matters, whether that is a bet-the-company litigation, a major acquisition, or a sensitive regulatory investigation. Build good personal relationships with (future) decision makers and work toward a long-term partnership that is beneficial for both the client and your firm.
An example is when we were working with a client in the hospitality sector. We were doing a significant amount of work and they were at that time one of the most important clients for my practice. Then COVID came and they had to stop all projects. As a result, the work dried up and for over a year we hardly did any work with them. However, I intensified my contact with the client’s general counsel. We called each other weekly, discussing non-legal issues like how they were weathering the storm and how to manage teams remotely, sharing experiences and challenges we both faced. We also shared personal stories about how we were dealing with the pandemic. My relationship with the general counsel grew stronger during that time. And, whenever work did come in, the team jumped on the opportunity and delivered promptly.
The result: this client is still one of my key clients and we have grown and strengthened our partnership. Not only that, the general counsel moved on to a new company, and, because of the strong relationship we had built during the pandemic, she called and asked if we could work together at her new company as well. For me, this is a good example of how sincerity and loyalty is rewarded in the long term.
I would also encourage people to be authentic and be themselves. We need diverse teams because they perform better. This is at the core of Dentons’ business strategy. There really is no need to change who you are to succeed at Dentons. If you work hard, are good at what you do, are eager to learn and develop yourself, and have a little patience, great things can be achieved.
Out of all projects you’ve worked on, what has been the most complex or challenging project? And what was it that made it so complex or challenging?
What comes to mind is supporting a global company on its data privacy compliance. It was a complex matter because of the sheer magnitude of the company, the thousands of IT systems involved, and the need for aligning compliance between more than 80 countries across the globe.
It was challenging because the company had just hired a new Chief Privacy Officer who wanted to make privacy an integral part of the business and an asset to the business rather than just see it as a compliance and cost centre. With the company’s digital transformation journey, that made perfect sense. However, the company was not used to handling data and privacy in that way. As a result, it was challenging to align stakeholders and find the right person who could take responsibility for certain actions. Also, because there was so much to do, the challenge was to prioritize and avoid drinking the ocean. It took a lot of hard work and a great number of meetings to get the result we sought.
What major development(s) do you expect to see in the Data Privacy & Security practice in the coming years?
Data transfers and data localization is a topic to watch for sure.
Unfortunately, there is a trend toward creating more obstacles for international data transfers. The EU started this with a very rigid (in my opinion too rigid) approach to data transfers. Other countries have responded in kind by creating legislation that makes it very hard to transfer personal data between countries. This is not yet data localization, but I see in my practice that companies move out of certain jurisdictions or containerize their data in that country. In a globalized world where data must be able to flow freely across borders to keep people connected, business operating, and economies afloat, this development concerns me. While the reasoning behind these laws is typically well-intended—to protect citizens’ data—the ironic consequence is that the opposite happens. Companies faced with rules that they simply cannot meet in practice, or problems that can only be resolved between governments (the prime example is transatlantic data flows between the EU and the US), increasingly and reluctantly choose not to comply because they need to run their business. This results in lower-level data protection that does not benefit the citizens of those countries with the strict data transfer rules.
The new legislation on artificial intelligence (AI)
There is new EU legislation on AI in the making. This will impose strict rules on putting AI on the EU market and using high-risk AI systems. Without going into the details of the new rules, I do want to emphasize that companies should plan and consider their AI strategy. Any AI strategy should start with the organization’s business priorities. Organizations should determine the business benefits they want to achieve with AI and what processes or parts of the business they are looking to automate. They should audit where the business has already adopted AI-driven processes and technologies.
The most common approach to implementing AI, according to a survey that Dentons conducted among more than 200 global business leaders (Dentons’ AI Survey), is to start small with a pilot project in a certain part or parts of the business. This can be an effective strategy, as it allows organizations to limit investment and risk and learn from pilot programs to help shape wider implementation.
When defining AI objectives, it is also a good time to define ethical principles for AI. Defining these principles upfront will enable organizations to implement an ethics-by-design approach to AI projects and also provide a benchmark for future use cases. Clearly defined ethical principles will also help discussions with customers, suppliers, regulators, and other stakeholders. Dentons has called for an algorethics system to ensure ethics are embedded in AI systems. We believe this is fundamental for sustainable AI use going forward.
How do you expect technological advances such as automated review, auto-redaction of PII, etc., to impact the Data Privacy & Security practice in the next couple of years?
I think that technological advances can help streamline processes like data access requests or data deletion requests. These are currently still quite manual processes that take a lot of resources from organizations. Similarly, technology can help review relatively standard documentation such as data processing agreements by flagging where a document deviates from a company’s standard or where it does not meet the relevant legal requirements. This helps free up resources to handle more complex tasks that require the kind of creative thinking we as humans are good at.
Are you also involved in pro bono work?
Yes. I am the pro bono partner for the Dentons Amsterdam office. In that role, I work closely with our internal pro bono team to allocate pro bono requests, enthuse our colleagues to work on pro bono matters, and seek opportunities for our commercial clients and pro bono clients to work together. I have noticed that young lawyers find it more important to be involved in pro bono matters to use their skills to give back to society. I think this is a great development. So far in 2022, lawyers in our Amsterdam office have spent over 600 hours on pro bono work. Across our European offices, this number increases to nearly 3,000 hours. Improving the societies in which we live and work is one of Dentons’ core values and it has been embedded in our purpose statement from the moment we came together to form Dentons.
In addition to coordinating pro bono work, I also work closely with a number of pro bono clients myself on their technology and privacy challenges. One client that is very close to my heart is 113 Suicide Prevention. I have been working with them for many years now and I never cease to be impressed by the important work they do. We have truly formed a partnership with them through which we hope to inspire other colleagues to take on pro bono work and help other NGOs achieve their goals or provide direct legal assistance to vulnerable individuals at times when they need it most.
If you weren’t doing what you are doing now, what WOULD you be doing?
When I was little, I wanted to become a marine biologist. But I get seasick and am not very adept in Beta subjects, so that was not really an option. I do still love being outdoors and enjoying nature. If I would not do what I am doing now, I would likely be doing something with languages, most likely the classical languages—combined with taking courses on wine.