- areas of expertise
Frankfurt Kurnit is a go-to firm for sophisticated representation in privacy and data security matters. Our Privacy & Data Security Group – top-ranked in Chambers Global – is known for providing practical advice on the rapidly evolving privacy and data security landscape as well as for negotiating complex technology deals involving data.
Our clients range from startups to multinational corporations across sectors, including technology, advertising, media, publishing, retail, finance, healthcare, and education.
Comprehensive US State Privacy Law Compliance
We are a leading voice on the interpretation and implementation of comprehensive US state privacy laws, and are actively preparing clients for the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Privacy Law, and the Utah Consumer Privacy Act (UCPA). Representative issues we help address include:
-Data subject requests
-Opt-out obligations (including responding to Do Not Sell or Share requests and GPC signals)
-Drafting privacy policies and disclosures
-Negotiating data processing agreements
-Conducting data privacy impact assessments
-Drafting comments in response to requests for written comments to proposed regulations
-Responding to regulatory inquiries regarding alleged violations of state privacy law
Federal and Sectoral US Privacy Law Compliance
Many of our clients process data that is considered sensitive or part of a highly regulated industry. We advise on issues relating to:
-FTC and Section 5 violations
-Children and minors (including COPPA and the new Age-Appropriate Design Code Act)
-Financial data (including FCRA and GLBA)
-Emails and texts (including CAN- SPAM and TCPA)
-Precise location data
-HR and employment data
-Health data (including HIPAA)
-Biometric data and facial recognition/detection (including BIPA)
-Student data (including FERPA and SOPIPA)
We have in-depth understanding of platform requirements around data processing, and advise on Apple’s App Tracking Transparency and other platform requirements.
International Law and Harmonization
Data protection laws impact companies across borders. We help clients address international data protection laws, including data transfer obligations. Where needed, we bring in local counsel and often serve as “quarterback” — overseeing their work and helping to harmonize compliance across jurisdictions.
We routinely negotiate complex technology deals involving data and cloud systems on behalf of our clients, many of whom need help with procurement overflow. Our team focuses on a practical approach, with a goal to close deals favorably for all parties involved.
We represent and work with organizations across the Ad Tech industry, including advertisers, agencies, publishers, ad exchanges, DMPs, DSPs, SSPs, social media platforms, data aggregators, and other stakeholders. We are highly involved with industry efforts to address opt-out obligations, including the Interactive Advertising Bureau’s (IAB) Framework.
We help clients comply with cybersecurity legal obligations and standards, including:
-FTC Safeguards compliance
-NY DFS Cybersecurity violations and compliance
-NY SHIELD compliance
-SEC Cybersecurity violations and compliance
-Utilization of Cybersecurity Frameworks (including NIST 800-53, ISO 27,000, SOC2)
-Emerging issues with new Consumer Financial Protection Bureau rules for digital marketing agencies
Security and Incident Response
We advise on security incident preparedness and response, working closely with business teams, law enforcement officials, forensics experts, and vendors to help remediate incidents. We regularly advise on investigations, insurance coverage and claims, reporting and notification, and post-breach penalties and audits.
We represent organizations in resolving and, where necessary, litigating disputes relating to sensitive information, including under COPPA and TCPA. We have successfully defended corporations against putative consumer class actions alleging false advertising, privacy, and other claims under state and federal consumer protection statutes.
S. Gregory Boyd, Daniel M. Goldberg, Jeremy Goldman, Rayna S. Lopyan, and Maria Nava are accredited by the International Association of Privacy Professionals as Certified Information Privacy Professionals with a focus in US private-sector privacy law.