The increasingly intertwined concerns of privacy and data security continue to cast a long shadow over the business models of companies in nearly every industry. Both concerns carry considerable risk — legal, financial and reputational — but with proper attention to the statutory and contractual requirements that underlie and inform the risk, they can be turned to competitive advantage.

Our attorneys represent data-driven businesses of all kinds, with particular strengths in the areas of digital media, marketing, ad tech and e-commerce. We work with clients from many industries — including retail, media, healthcare, finance and a broad array of technology businesses — to identify and address the compliance risks associated with data flowing in and out of their organizations. Given our deep understanding of these industries, we advise clients regarding best practices, assess their associated contracts, prevent and respond to data breaches, and defend them in litigation and enforcement actions.

Avoiding Privacy Risk

It is now a given that privacy laws in most jurisdictions will undergo perpetual change, and that ad tech and e-commerce, in particular, will be constant targets of new regulation. Our clients look to us to advise them regarding their privacy practices — how they interact with consumers, how they collect and use data, how they build new services, when and how they make disclosures — while keeping a sharp focus on their ongoing regulatory obligations. As they enter into new agreements with vendors and customers, we advise them on the likely effects of these arrangements and how to minimize their risk. In areas where the laws are not fully evolved, we keep them apprised of best practices and any self-regulatory guidelines imposed by their industry.

Monitoring Data Security

As the alarming frequency of data breaches has become an inevitable cost of doing business, our clients count on us to guide their prevention of, and their response to, data security incidents. We help establish their data security protocols, updating policies and controls as needed, in order to maintain both compliance and vigilance. Should a breach occur, we manage the response team, investigate the incident, notify the required authorities and conduct any post-breach remediation.

Forging Technology Contracts

Clients are constantly entering into contractual arrangements addressing a broad array of evolving technologies. Accordingly, we regularly draft contracts for ad tech transactions, whether our clients are media buying agencies, advertisers, publishers, demand-side platforms (DSPs), supply-side platforms (SSPs), other real-time bidding (RTB) technologies, or virtually any other entity in the ad tech ecosystem. We also advise on any number of software-as-a-service (SaaS) agreements, data licensing arrangements, e-commerce setup and licensing matters, and all manner of custom software and technology development agreements.

Children’s Privacy and Other Special Data Categories

The firm’s long history of leadership in the legal aspects of children’s advertising has been seamlessly adapted to the digital age. We are thoroughly versed in the special concerns afforded children in the collection and uses of personal data, including our broad experience with the Children’s Online Privacy Protection Act (COPPA), as well as with the advertising industry’s self-regulatory body — the Children’s Advertising Review Unit (CARU). We are also deeply knowledgeable in the privacy laws governing other regulated industries. These include the financial services industry, under the Gramm-Leach-Bliley Act (GLBA), and the healthcare industry’s Health Insurance Portability and Accountability Act (HIPAA).

Litigation, Incident Response, Audits

Despite an organization’s best efforts, privacy and data security issues are inevitable. We offer a comprehensive suite of services, taking a cross-disciplinary approach to any matter. Our litigation team handles privacy disputes, such as TCPA claims and liability due to security breaches. Our incident response team can be mobilized quickly in the event of a breach. We also work with clients on preventive and mandated security compliance audits.

Representative Experience

  • Represented an ad tech company in connection with multiple third-party subpoenas and DOJ investigations into the practices of other industry players. Advised on sensitive issues over sharing confidential business strategies and critiquing the practices of other industry participants.

  • Counseled one of the largest media companies in Europe on privacy issues connected with launching a new service in the U.S. Helped the client synchronize requirements under EU and U.S. privacy laws and advised on best practices in the U.S.

  • Advised a social media analytics agency in connection with privacy and data security, including GDPR and CCPA, for both internal and client-facing policies, protocols and data processing form agreements. This ensured the media platform was legally compliant and protected while also remaining customer-friendly.

  • Represented one of the world’s largest media buyers in the negotiation of agency-wide agreements with DSPs and other critical media buying platforms and updated templates to address novel content production issues.

  • Advised a large agency regarding a security breach that involved the exposure of thousands of employee W-2 records. Coordinated with law enforcement and the IRS regarding hundreds of unauthorized requests for tax refunds.

  • Advised an international clothing brand on privacy issues connected with launching its e-commerce service for the U.S. market. Helped the client synchronize requirements under EU and U.S. privacy laws and advised on best practices in the U.S.

Key Contacts

Meet The Team