2016 EU Privacy Roundtable

Seminar | February.29.2016

Orrick San Francisco (405 Howard Street, San Francisco, CA)

In December, the European Union published the final text of the long awaited General Data Protection Regulation (GDPR) "to make Europe fit for the digital age." The GDPR transforms EU privacy laws and strengthens EU citizens' rights imposing significant burdens on businesses who collect and use personal information originating from the EU. During this roundtable, our EU privacy experts Kolvin Stone and Dr. Christian Schröder will address what to expect from the new law and how to start preparing. US privacy/cybersecurity lawyer Aravind Swaminathan will address the US perspective of these changes.

CLE Credits Available: N

13276_740x360

Practice:

  • Technology Companies Group
  • Cyber, Privacy & Data Innovation
  • M&A and Private Equity
  • IP Counseling & Due Diligence

Kolvin Stone Partner Technology Companies Group, Cyber, Privacy & Data Innovation

London; Brussels

Kolvin is ranked by Legal 500 and known for being “excellent” and “extremely responsive and client focused, succeeding at meeting the needs of both in-house counsel and tech-savvy business clients.” Kolvin earned particular praise from Legal 500 for “providing sensible, balanced advice” and combining "strategic thinking with a proactive approach".

Kolvin is Global Co-Chair of the Cyber, Privacy and Data Innovation, and the Technology Transactions practices. He operates at the intersection of technology, intellectual property and data for leading public and private companies in high growth innovation driven markets. Kolvin is recognised for his technology focused cross-border expertise and assists fast-growing companies and multinational corporations on their most important, strategic transactions. His work regularly involves complex, cross-border matters that raise multi-faceted intellectual property, data privacy, consumer protection, and Internet regulatory issues.

Kolvin has significant experience advising on the legal issues related to the internalization of technology and internet enabled services including e-commerce, social media, big data, digital marketing and advertising. He has worked extensively with clients who are both providers and users of cloud software, data analytics platforms, IT infrastructure services, and mobile applications, in Europe, Asia and in the United States.

Clients praise the team as ‘genuinely excellent due to its strong business acumen and approach to matters from a practical perspective’; it provides ‘responsive and customer-focused advice’.

On data privacy matters, Kolvin regularly partners with multi-national clients on the design, development and implementation of enterprise wide global compliance programs and risk mitigation strategies in relation to the use or deployment of privacy impacting technology. He has extensive expertise in all areas relevant to the European data protection regime, including applied practices pursuant to the new General Data Protection Regulation (GDPR):

  • Privacy readiness and assessment audits and projects

  • Third party vendor assessments and agreements

  • Preparation of employee and consumer-facing data protection policies and procedures, and implementation of global data privacy governance frameworks

  • Privacy diligence and counseling in the context of mergers and acquisitions, joint ventures and other strategic transactions

  • International and cross-border data transfer mechanisms, including global framework agreements, Model Contracts, safe harbor regimes and binding corporate rules (BCRs)

  • Cookie and tracking technology rules and compliance methodologies

  • “Big Data” analytics and applications

  • Privacy by design (PbD) and privacy impact assessment (PIAs) design and implementation in connection with B2C and B2B products and services

  • Security incident response planning and data breach response

  • Regulatory investigations and enforcement actions

  • Records retention and information management

To make the law more accessible, Kolvin developed Orrick's GDPR Readiness Assessment Tool.  The tool provides companies an opportunity to stress test their compliance with the GDPR as a first step to constructing their strategic GDPR roadmap.

Representative clients that Kolvin has assisted include leading players such as Baidu, NVIDIA, Facebook, Instagram, Levi’s, Neiman Marcus, Intuit, Made.com, WNS, Skimlinks, Qubit, 23andMe and Zoosk, Telenor and W.W. Grainger, Thread.com and Depop.


16512_740x360

Practice:

  • Cyber, Privacy & Data Innovation
  • Intellectual Property
  • Technology Companies Group
  • Copyright, Trademark & False Advertising
  • White Collar
  • Corporate
  • Internet of Things
  • Automotive Technology & Mobility

Dr. Christian Schröder Partner Cyber, Privacy & Data Innovation, Intellectual Property

Düsseldorf

Dr. Christian Schröder heads Orrick's IP/IT & Data Privacy Practice Group in Germany in Orrick’s Düsseldorf Office. Christian advises medium sized (Mittelstand) companies to large multinationals on IP, Unfair and Deceptive Trade Practices, E-Commerce, IT and Data Privacy/Data Protection.

He is listed in Germany's leading lawyer ranking magazine JUVE as frequently recommended data privacy expert and clients recommend him to JUVE for his "reliable and actionable advice". Christian and his practice are also ranked by The Legal 500 Germany and The Legal 500 EMEA as well as Germany’s business journals WiWo and Handelsblatt for being among the leading German and European IT and data privacy practices (2019 and 2020), clients referred to him and his team as "Top data privacy expert", "extremely knowledgeable", and "able to explain complex legal issues in an easily understandable way so that both legal and economic decisions can be made". Christian Schröder is recommended for his "data protection expertise and quick comprehension as well as his entrepreneurial acumen."

Christian provides IP/IT advice in M&A transactions and advises on IP focused joint ventures. He supports companies on the set-up of webshops, outsourcings, license agreements, in cases of trademark or unfair and deceptive trade practice issues as well as on hard and software license and IT project agreements.

As a core member of Orrick's global Cyber, Privacy & Data Innovation practice, Christian has a special focus on data privacy/data protection matters. In particular, Christian advises on privacy compliance programs, a risk-based approach to privacy, on implementing databases and new software applications, in particular, cloud based solutions. He advises on IT and data privacy contracts, internal data privacy policies, binding corporate rules, user agreements on BYOD, whistleblowing schemes, e-discovery, security breaches, and intra-group data sharing on a national and international basis. Christian regularly represents market leading clients in IT and data privacy contract negotiations and regularly defends companies against unfair access to their know-how by competitors and against unfair poaching of customers and employees.

16816_740x360

Practice:

  • Cyber, Privacy & Data Innovation
  • Class Action Defense
  • White Collar, Investigations, Securities Litigation & Compliance
  • Government Investigations and Enforcement Actions
  • Trials
  • Fintech
  • Automotive Technology & Mobility

Aravind Swaminathan Partner Cyber, Privacy & Data Innovation, Class Action Defense

Seattle; Boston

Data is igniting a global, technological revolution. Increased collection, use, storage, and transfer of data has shifted the paradigm of innovation – and created a global security problem. Fortune 500 companies with large quantities of data, cities with vulnerable infrastructure, and every institution in between must manage that risk, without encumbering progress or technological advancement. To do so, they turn to Aravind Swaminathan, Global Co-chair of Orrick’s internationally recognized Cyber, Privacy & Data Innovation team.  Aravind is one of four lawyers ranked nationally by Chambers USA (Band 2) in the category of Privacy and Cybersecurity Litigation, which described him as "extremely skilled in the field of cybersecurity[.]  He's always well prepared and consistently has the answer [clients] need."

As a strategic cybersecurity advisor, Aravind partners with clients to proactively plan for a crisis and develop strategies to improve resiliency, respond efficiently and effectively,  protect their business and brand, and defend them in the onslaught of litigation and enforcement actions that follow. He guides organizations from large public company financial institutions to start-up technology companies to critical infrastructure providers through incidents, and develops business- and brand-centric tactics to mitigate and manage risk. He has directed more than 150 cybersecurity incident and data breach investigations, including enterprise-wide network intrusions to cyberattacks with national security implications. With extensive trial, litigation and appellate experience, he also defends his clients when cyber, privacy, and payments issues lead to regulatory investigations by the SEC, DOJ, FTC, and State Attorneys General and other civil litigation, including securities and consumer class action litigation and shareholder derivative suits. 

Aravind’s background as an Assistant United States Attorney and Computer Hacking and Intellectual Property Section attorney gives him first-hand understanding of federal agencies that allows him to swiftly navigate the system, partner with investigators and find creative solutions for his clients. As a federal cybercrime prosecutor, Aravind investigated and prosecuted a broad array of cybercrime cases, including hacking, phishing, trade secrets theft, click fraud, cyber threats, and identity theft. Aravind also led the cybercrime outreach program, where he worked with members of the Department of Justice, state and federal regulators, law enforcement and other organizations on cybersecurity and related privacy issues.

Aravind is a sought-after speaker by Boards of Directors and industry professionals on cybersecurity issues, including threat landscapes, incident response plans, compliance, and brand/reputational risk management.