- areas of expertise
Frankfurt Kurnit is a go-to firm for sophisticated representation in privacy and data security matters. Our Privacy & Data Security Group – top-ranked in Chambers Global – is known for providing practical advice on the rapidly evolving privacy and data security landscape as well as for negotiating complex technology deals involving data. To keep up with changes in privacy and data security law, please visit our Technology Law blog.
Our clients range from startups to multinational corporations across sectors, including technology, advertising, media, publishing, retail, finance, healthcare, and education.
Comprehensive US State Privacy Law Compliance
We are a leading voice on the interpretation and implementation of comprehensive US state privacy laws, and are actively working with clients to address obligations under the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Privacy Law, the Utah Consumer Privacy Act (UCPA), and other state privacy laws. Representative issues we help address include:
-Data subject requests
-Opt-out obligations (including responding to Do Not Sell or Share requests and GPC signals)
-Drafting privacy policies and disclosures
-Negotiating data processing agreements
-Conducting data privacy impact assessments
Federal and Sectoral US Privacy Law Compliance
Many of our clients process data that is considered sensitive or part of a highly regulated industry. We advise on issues relating to:
-FTC and Section 5 violations
- Artificial intelligence (AI), automated-decision making, profiling, and algorithmic bias
-Children and minors (including COPPA and the Age-Appropriate Design Code Act)
-Financial data (including FCRA and GLBA)
-Emails and texts (including CAN- SPAM and TCPA)
-Precise location data
-HR and employment data
-Health data (including HIPAA and the Washington My Health My Data Act)
-Biometric data and facial recognition/detection (including BIPA)
-Student data (including FERPA and SOPIPA)
We have in-depth understanding of platform requirements around data processing, and advise on Apple’s App Tracking Transparency, privacy manifests, and other platform requirements.
International Law and Harmonization
Data protection laws impact companies across borders. We help clients address international data protection laws, including data transfer obligations (such as Data Privacy Framework). Where needed, we bring in local counsel and often serve as “quarterback” — overseeing their work and helping to harmonize compliance across jurisdictions.
We routinely negotiate complex technology deals involving data and cloud systems on behalf of our clients, many of whom need help with procurement overflow. Our team focuses on a practical approach, with a goal to close deals favorably for all parties involved.
We represent and work with clients across the ad tech industry, including advertisers, agencies, publishers, ad exchanges, DMPs, DSPs, SSPs, social media platforms, data aggregators, and other stakeholders. We often perform due diligence on SDKs and trackers, and negotiate agreements relating to ad tech (such as clean room agreements, data licensing/matching agreements, and media buy insertion orders). We are highly involved with industry initiatives, including through the Interactive Advertising Bureau.
We help clients comply with cybersecurity legal obligations and standards, including:
-FTC Safeguards compliance
-NY DFS Cybersecurity violations and compliance
-NY SHIELD compliance
-SEC Cybersecurity violations and compliance
-Utilization of Cybersecurity Frameworks (including NIST 800-53, ISO 27,000, SOC2)
-Emerging issues with new Consumer Financial Protection Bureau rules for digital marketing agencies
Security Incident Preparedness and Response
We advise on security incident preparedness and response, working closely with business teams, law enforcement officials, forensics experts, and vendors to help remediate incidents. We regularly advise on investigations, insurance coverage and claims, reporting and notification, and post-breach penalties and audits.
Regulatory Preparedness and Response
- We are familiar with the latest regulatory expectations and enforcement. At the request of clients, we have drafted comments in response to requests from regulators for written comments to proposed regulations. We have helped clients respond to inquiries from regulators, including letters of alleged noncompliance. We have also represented clients in substantial regulatory enforcement actions, including through investigation, due diligence, response, and settlement.
- We represent clients in resolving and, where necessary, litigating privacy disputes. We have successfully defended clients against major putative consumer class actions involving alleged violations of wiretapping laws, COPPA, and other privacy-related claims.
- Rick Borden, S. Gregory Boyd, Daniel M. Goldberg, Jeremy Goldman, Maria Nava, and Emma C. Smizer are accredited by the International Association of Privacy Professionals as Certified Information Privacy Professionals with a focus in US private-sector privacy law.