- areas of expertise
- Advertising Technology
- Advertising, Marketing & Public Relations
- Art Law
- Artificial Intelligence
- Blockchain Technology
- Branded Entertainment
- Cannabis Industry
- Celebrity Branding
- Charitable Organizations
- Content Review & Clearance
- Corporate & Finance
- Cross-Border Transactions & Global Media Clearance
- Employment Compliance, Training & Litigation
- Entertainment
- Estate Planning & Administration
- Executive Compensation & Employment
- Fashion
- Intellectual Property
- Interactive Entertainment
- IP Finance
- Legal Ethics & Professional Responsibility Litigation
- Litigation
- Privacy & Data Security
- Publishing
- Real Estate
- Restaurants
- Social Media
- Sports
- Tax
- Technology & Digital Media
- Trademark & Brand Management
- White Collar Defense & Investigations
Attorneys in Our Privacy & Data Security Group
Frankfurt Kurnit is a go-to firm for sophisticated representation in privacy and data security matters. Our Privacy & Data Security Group – top-ranked in Chambers Global – is known for providing practical advice on the rapidly evolving privacy and data security landscape as well as for negotiating complex technology deals involving data. To keep up with changes in privacy and data security law, please visit our Technology Law blog.
Our Clients
Our clients range from startups to multinational corporations across sectors, including technology, advertising, media, publishing, retail, finance, healthcare, and education.
Our Services
Comprehensive US State Privacy Law Compliance
We are a leading voice on the interpretation and implementation of comprehensive US state privacy laws, and are actively working with clients to address obligations under the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Privacy Law, the Utah Consumer Privacy Act (UCPA), and other state privacy laws. Representative issues we help address include:
-Data subject requests
-Opt-out obligations (including responding to Do Not Sell or Share requests and GPC signals)
-Drafting privacy policies and disclosures
-Negotiating data processing agreements
-Conducting data privacy impact assessments
-Dark patterns
-Training obligations
Federal and Sectoral US Privacy Law Compliance
Many of our clients process data that is considered sensitive or part of a highly regulated industry. We advise on issues relating to:
-FTC and Section 5 violations
- Artificial intelligence (AI), automated-decision making, profiling, and algorithmic bias
-Children and minors (including COPPA and the Age-Appropriate Design Code Act)
-Financial data (including FCRA and GLBA)
-Emails and texts (including CAN- SPAM and TCPA)
-Precise location data
-HR and employment data
-Health data (including HIPAA and the Washington My Health My Data Act)
-Biometric data and facial recognition/detection (including BIPA)
-Student data (including FERPA and SOPIPA)
Platform Requirements
We have in-depth understanding of platform requirements around data processing, and advise on Apple’s App Tracking Transparency, privacy manifests, and other platform requirements.
International Law and Harmonization
Data protection laws impact companies across borders. We help clients address international data protection laws, including data transfer obligations (such as Data Privacy Framework). Where needed, we bring in local counsel and often serve as “quarterback” — overseeing their work and helping to harmonize compliance across jurisdictions.
Technology Transactions
We routinely negotiate complex technology deals involving data and cloud systems on behalf of our clients, many of whom need help with procurement overflow. Our team focuses on a practical approach, with a goal to close deals favorably for all parties involved.
Ad Tech
We represent and work with clients across the ad tech industry, including advertisers, agencies, publishers, ad exchanges, DMPs, DSPs, SSPs, social media platforms, data aggregators, and other stakeholders. We often perform due diligence on SDKs and trackers, and negotiate agreements relating to ad tech (such as clean room agreements, data licensing/matching agreements, and media buy insertion orders). We are highly involved with industry initiatives, including through the Interactive Advertising Bureau.
Cybersecurity Compliance
We help clients comply with cybersecurity legal obligations and standards, including:
-FTC Safeguards compliance
-NY DFS Cybersecurity violations and compliance
-NY SHIELD compliance
-SEC Cybersecurity violations and compliance
-Utilization of Cybersecurity Frameworks (including NIST 800-53, ISO 27,000, SOC2)
-Emerging issues with new Consumer Financial Protection Bureau rules for digital marketing agencies
-
Security Incident Preparedness and Response
We advise on security incident preparedness and response, working closely with business teams, law enforcement officials, forensics experts, and vendors to help remediate incidents. We regularly advise on investigations, insurance coverage and claims, reporting and notification, and post-breach penalties and audits.
-
Regulatory Preparedness and Response
- We are familiar with the latest regulatory expectations and enforcement. At the request of clients, we have drafted comments in response to requests from regulators for written comments to proposed regulations. We have helped clients respond to inquiries from regulators, including letters of alleged noncompliance. We have also represented clients in substantial regulatory enforcement actions, including through investigation, due diligence, response, and settlement.
-
-
Resolve Disputes
- We represent clients in resolving and, where necessary, litigating privacy disputes. We have successfully defended clients against major putative consumer class actions involving alleged violations of wiretapping laws, COPPA, and other privacy-related claims.
-
-
Professional Associations
- Rick Borden, S. Gregory Boyd, Daniel M. Goldberg, Jeremy Goldman, Maria Nava, and Emma C. Smizer are accredited by the International Association of Privacy Professionals as Certified Information Privacy Professionals with a focus in US private-sector privacy law.