Photo of Peter Craddock

Peter Craddock helps companies innovate and use data better in the European Union (EU) and worldwide by providing strategic advice and legal assistance in the areas of privacy, data protection, data governance, AI governance, cybersecurity, e-commerce, digitalization, and software contracting. Peter’s practice covers advisory work, contract drafting, and negotiation, as well as representation of clients in litigation before data protection authorities or the courts.

He has recognized in-depth knowledge in complex matters such as online advertising and content personalization, data-intensive operations such as credit scoring and anti-fraud profiling, and digital marketing.

Peter’s legal experience and distinctive background as a software developer serve him well in advising global clients on new and existing technologies, from artificial intelligence (AI) to novel user identification techniques, and in analyzing data protection laws and regulations with a fresh perspective. He counsels clients through the intricacies of developing new initiatives in compliance with data protection and cybersecurity requirements and has developed smart compliance tools for clients to that end. Among the tools made available to a broader public, a data breach risk assessment tool that he built was awarded a “Highly Commended” label at the Financial Times Innovative Lawyers Awards 2019, and his General Data Protection Regulation (GDPR) fine calculation tool, DeFine, helps organizations better understand data protection financial risks.

Prior to joining Keller and Heckman, Peter was a partner at an international law firm in Brussels, where he focused on providing data protection advice under EU and local law.

Keller and Heckman has submitted comments to the European Data Protection Board (EDPB) in the context of a public consultation on their draft guidelines 2/2023 on the Technical Scope of Art. 5(3) of ePrivacy Directive, on behalf of various organisations that wished to contribute in a meaningful manner without drawing attention to their identity.

As the federal government continues to wrestle with the complex issue of regulating Artificial Intelligence (AI) in the wake of the release of President Biden’s Executive Order, states have already proposed or enacted AI regulation, and even more will attempt to tackle the issue in 2024. Two recent developments in AI regulation from California

So much for tackling consent fatigue. The short version: If unchanged, the new EDPB guidelines on what is known as the “cookie” rule would extend that rule to cover nearly every communication over the Internet and any use of software on a computer. Your business is probably more impacted than you might think, and it

Until now, fines by the Belgian Data Protection Authority (BDPA) had, compared to its neighbouring countries (France, Luxembourg, and the Netherlands), appeared on the low side in absolute numbers.

Last year we carried out an analysis of over 300 fines related to (alleged) infringements of the General Data Protection Regulation (GDPR), including the top 250

The Internet of Things (IoT) segment has grown, and with it have come many examples of vulnerable products, from babycams whose feeds could be viewed by strangers online to hackable implantable cardiac devices. There are also infamous examples of botnets (i.e., clusters of hacked devices) featuring millions of IoT devices with one common trait: weak

Since it started in May 2018, enforcement of the rules of the General Data Protection Regulation (GDPR) across the EU has revealed various national trends and differences in approach. Yet one difference seems to dwarf all others: the variation in the amount of the fines for GDPR violations. This has led the European Data Protection

On May 12, 2022, the European Data Protection Board published guidelines with a methodology for calculating fines for violations of the General Data Protection Regulation (GDPR). These guidelines were subject to a public consultation until June 27, 2022.

Because these guidelines are likely to have an influence on future decisions by data protection authorities in