Thomas Nietsch is a Berlin based partner and Certified International Privacy Professional (CIPP/E). His focus is on IT, data protection and privacy, e-commerce and (open source) software law. This particularly encompasses the fields of big data, artificial intelligence, cloud computing and other digital economy business models.
Thomas advises clients on regular basis in technology M&A transactions, negotiation of complex IT and software licensing and cooperation agreements, IT security questions, GDPR compliance matters, including data use and sharing structures including their contractual implementation in domestic and cross-border scenarios, data subject access requests and data breach management. This includes advice regarding standard customer contracts and terms of use in the software, e-commerce and other digital economy sectors. Thomas also assists clients in connection with the implementation of new tech business models on the German market.
His clients range from IT-focused start-ups up to major international software and tech corporations and everything in between and stem from various industry sectors like automotive/logistics, e-commerce, e-health, digital content, cloud services, software, smart home and IoT, science and research, finance.
In addition to his lawyer activity, Thomas also serves as member of the Complaint Committee for the EU Cloud Code of Conduct, the first EU-wide privacy code of conduct for cloud service providers.
Thomas served as a research assistant at the chair of Prof. Dr. Spindler for telecommunications and multimedia law at the Georg-August-University of Göttingen from 2010 to 2011.
Professional Certification
- IAPP’s Certified Information Privacy Professional CIPP/E
- Leaders League
- IT & Outsourcing - Recommended
- Privacy - Recommended
Thomas is a founding member of the Göttingen Association for the Promotion of International and National Economic and Media Law (Göttinger Verein zur Förderung des internationalen und nationalen Wirtschafts- und Medienrechts e.V.).
- “Acquiring an AI Company,” Thomson Reuters Practical Law, January 2024
- “Smart Contracts in Insolvency Proceedings” (Smart Contracts in der Insolvenz), in: DSRITB 2018, 287
- “International Data Transfers in the Light of “Brexit” (Internationale Datentransfers im Lichte des “Brexit”), in: DSRITB 2017, 171 (in cooperation with Dr. Friederike Gräfin von Brühl, M.A.)
- “To ensure the compliance with data protection law by consumers‘ associations” (Zur Überprüfung der Einhaltung des Datenschutzes durch Verbraucherverbände), in: CR 2014, 272
- “Anonymity and enforcement of copyright claims on the Internet” (Anonymität und Durchsetzung urheberrechtlicher Ansprüche im Internet), published in 2014 Mohr Siebeck, Tübingen
- “Some notes on BGH, decision v. 19.4.2012 - I ZB 80/11”, in: CR 2012, 600
- “On the obligation under data poteciton law to issue dynamic IP addresses in IPv6” (Datenschutzrechtliches Gebot zur Vergabe dynamischer IP-Adressen im IPv6), in: CR 2011, 763
- “On the determination of dynamic IP addresses by third party providers” (Zur Ermittlung dynamischer IP-Adressen durch Drittunternehmen), in: K&R 2011, 101
