Carolina A. Alonso

Associate

New York
T +1.212.589.4671
F +1.212.589.4201

Overview

Carolina Alonso’s practice is focused on privacy and data protection. She has experience with children’s and student data, as well as biometric and genetic data. She is also skilled in a variety of coding languages, including Python and HTML. Innovative and forward-thinking, Carolina encourages companies to self-regulate and guides them in using best practices when creating privacy policies. Her experience includes positions related to policy-making, the government, and nonprofit and for-profit entities. She uses these perspectives to address issues from all sides and tailor the appropriate outcome for clients.

Carolina also has general experience in intellectual property issues, having advised companies and individuals on copyright infringement and fair use.

Before joining BakerHostetler, Carolina worked in law and policy at a number of technology-centric organizations, including the Future of Privacy Forum, Public Knowledge, Yahoo and Facebook. She also demonstrates basic reading and writing skills in Japanese.

Select Experience

Privacy and Data Security
  • Advises on general privacy-related compliance issues including the Federal Trade Commission Act’s enforcement against unfair and deceptive business practices and misrepresentations, drafting privacy policies (e.g., in line with privacy policy laws such as the California Shine the Light law and California Minor’s Privacy Right law), drafting online service terms of use, subscription terms, transaction terms, DMCA Agent registration and internal procedure, crowd privacy notices, and data service agreements for large, small, and emerging companies in various industries.

Media and Telecommunications
  • Represented a nonprofit organization focused on the rights of a group of disabled people in Federal Communications Commission (FCC) filings pertaining to media accessibility.

Advertising
  • For a large media company, provided insight into advertising regulations surrounding social media influencers.

More »

Experience

Privacy and Data Security
  • Advises on general privacy-related compliance issues including the Federal Trade Commission Act’s enforcement against unfair and deceptive business practices and misrepresentations, drafting privacy policies (e.g., in line with privacy policy laws such as the California Shine the Light law and California Minor’s Privacy Right law), drafting online service terms of use, subscription terms, transaction terms, DMCA Agent registration and internal procedure, crowd privacy notices, and data service agreements for large, small, and emerging companies in various industries.
  • Advises on, drafts documents related to, and conducts compliance project plans for the EU General Data Protection Regulation (GDPR) privacy projects, including but not limited to policy gap assessments, EU Privacy Notices, Fair Processing Notices for Employees, EU data breach hotline, EU data breach notices and seeking guidance from EU regulators, EU Personal Data Breach Plans, vendor management procedure materials, EU Personal Data of children issues analysis, International Data Transfer materials (Privacy Shield/Model Clauses), Data Protection Impact Assessments, GDPR-specific contract language, and procedures for data subject requests.
  • Drafts employee training materials on privacy laws, regulations, best practices, and practical impacts (e.g., power points, internal procedures).
  • Supports projects related to biometric personal information (e.g., Biometric Information Privacy Act), including drafting application and practical advice memos and privacy notices. Has spoken on a podcast specifically about genetic privacy laws.
  • Advises on, drafts documents related to, and conducts compliance project plans for the Children’s Online Privacy Protection Act (COPPA) including but not limited to practical application, enforcement risk, and best practice memos, implementation of parental verification, user interface recommendations, COPPA privacy policies, internal COPPA procedures, data flow assessments and recommendations, and participating in speaking events.
  • Advises on, drafts documents related to, and conducts compliance project plans for the California Consumer Privacy Act (CCPA) including but not limited to CCPA privacy policy language, data flow assessments, internal checklists (e.g., consumer request procedures), memos explaining why a businesses does not sell personal information, and vendor contract remediation and negotiation.
  • Advises on various privacy and data security related laws including analysis of application of and drafting protected health information notices related to the Health Insurance Portability and Accountability Act (HIPPA), analysis of application of and drafting of contract terms related to the Family Educational Rights and Privacy Act (FERPA), analysis of, tracking of, and drafting contract language related to, state and federal employee and student privacy laws, analysis of the Fair Credit Reporting Act, analysis of the Gramm–Leach–Bliley Act, drafting of privacy policies for compliance with self-regulatory systems such as the Student Privacy Pledge, application of Racketeer Influenced and Corrupt Organizations Act (RICO) for certain data practices, general privacy ethics analysis and public relations considerations, and social media laws and e-discovery social media issues.
  • Analyzes and advises on anti-discriminatory laws including the application, best practices, and practical solutions related to the Americans with Disabilities Act of 1990’s user interface requirements and litigation threats, the California Unruh Civil Rights Act, the Equal Credit Opportunity Act, and the Robinson-Patman Act.
  • Counsels on data security incident issues, including drafting responses to incidents or breaches to those affected and to local regulators (i.e., through BakerHostetler’s Data Breach Hotline), vendor management and contract language such as data breach indemnification, and drafting Incident Response Plans.
  • Drafting of amicus briefs in litigation related to privacy such as in certain Deferred Action for Childhood Arrivals lawsuits.
  • Counsels on privacy issues in business transactions (e.g., mergers and acquisitions) including drafting Due Diligence Reports, supplemental material requests, and business transition privacy consideration materials.
  • Advises on legal compliance and related privacy and cybersecurity risk issues relevant to various subject areas such as videogames, automated vehicles, connected devices, Internet of Things, interest-based advertising and other tailored advertising, and connected toys.
Media and Telecommunications
  • Represented a nonprofit organization focused on the rights of a group of disabled people in Federal Communications Commission (FCC) filings pertaining to media accessibility.
  • Co-authored filings with the United States International Trade Commission pertaining to the importation of mobile phone devices.
Advertising
  • For a large media company, provided insight into advertising regulations surrounding social media influencers.
  • Provided insight on false and misleading advertising in app stores to a non-profit focused on children’s advertising.
  • Advises on issues related to substantiation, sweepstakes and contest terms including drafting of such, interest-based advertising, and advertising to children.

Recognitions and Memberships

Memberships

  • American Bar Association

Community

  • Georgetown Gilbert & Sullivan Society
  • Lynbrook High School Mock Trial Team: Assistant Coach (2012 to 2015)
  • Commissioned Painter
  • Freelance Comic Artist, having published legal related comics in the Georgetown Law Weekly and an original story, The T.S. Skyline (no longer available online)

Pro Bono

  • Drafted portions of an amicus brief, in conjunction with LatinoJustice, with a focus on enjoining the government from using personal information collected from DACA applicants and recipients for immigration purposes, such as deportation, contradictory to its privacy policies.

  • Represented a medical educational device startup regarding its sales agreements with educational institutions. Advised the client not to sign a template contract from a school and wrote a new contract from scratch, including intellectual property provisions that were more favorable to the client.

  • Counseled a popular virtual marathon startup in copyright law and online terms of service.

  • Worked with a judge in the Superior Court of the District of Columbia on felon and juvenile cases by drafting opinions and doing legal research.

  • Worked with a non-profit law firm representing music artists and recording companies on copyright, tax and trademark issues at an international level.

  • Lead full EU General Data Privacy Regulation compliance plan for international nonprofit focused on young professional education through hands-on travel and culture experiences.

  • Advised Spanish-speaking DACA recipients on immigration laws.

Prior Positions

  • The Future of Privacy Forum: Privacy Fellow (2016 to 2017)
  • Georgetown Law Institute for Public Representation: Communications & Technology Law Clinic: Student Attorney (2016)
  • Public Knowledge: Legal Intern (2015)
  • Yahoo: Public Policy Intern (2015)
  • Alliance of Artists and Recording Companies (2015)
  • Facebook: Global Policy Extern (2014)
  • Claro y Cia.: International Intellectual Property Legal Intern (2014)

Admissions

  • California
  • [Not admitted in New York]

Education

  • J.D., Georgetown University Law Center, 2016; Georgetown Entertainment and Media Alliance Law Division: Media Law Committee (2013 to 2014)
  • B.S., Political Science, University of California, Davis, 2012; UC Davis Mock Trial Team: Founding Member, Captain, Attorney, Witness (2009 to 2012); All-Region Outstanding Witness Award (2010)

Languages

  • Spanish

Blog

In The Blogs

Previous Next
Data Counsel
Focus on Children's Privacy Intensifies as Daily Life Moves Online
By Carolina A. Alonso, Melinda L. McLellan
April 9, 2020
With physical schools closed indefinitely, classrooms have moved online, either introducing or significantly expanding children’s use of virtual education technology and highlighting certain privacy concerns. Responding to this evolving...
Read More ->
Data Counsel
Hoping for a New Year's Resolution: Clarity on the Sale of Personal Information of California Minors
By Carolina A. Alonso, Alan L. Friel
January 9, 2020
Those who keep an eye on privacy laws may be familiar with how monumental the Children’s Online Privacy Protection Act (COPPA) was when it first became effective in 1998. COPPA requires online services that directly target children under...
Read More ->
Data Counsel
Children's Privacy Law Updates: Tricks or Treats?
By Carolina A. Alonso
October 31, 2019
It’s finally here! Halloween, the day every kid dreams of for months. It’s a scary time in the world of children’s privacy law – what with the California Consumer Privacy Act (CCPA) lurking around the corner and the specter of FTC...
Read More ->
AD-ttorneys Law Blog
FTC Takes a Peek at Loot Box Regulation
By Carolina A. Alonso
October 11, 2019
How many times have you felt the thrill of buying a lottery ticket? What about the excitement before opening a sealed pack of baseball cards or the curiosity before diving for a mystery prize in a cereal box? Now imagine digitalized...
Read More ->
AD-ttorneys Law Blog
20 Years Young: The Maturing of COPPA in a Privacy-Conscious Age
By Carolina A. Alonso, Taylor A. Bloom, Alan L. Friel, Amy Ralph Mudge
April 30, 2019
We cover children’s privacy and advertising weekly. However, in light of COPPA’s recent 20th anniversary, and in the wake of CARU’s biggest-yet West Coast CARU conference, ADLaw has enlisted CARU super lawyer Katie Goldstein* to help us...
Read More ->