Carolina A. Alonso

She | Them | Theirs

Associate

New York
T +1.212.589.4671
F +1.212.589.4201

Overview

Creative and innovative, Carolina Alonso uses her cross-contextual experiences (from in-house, for-profit, and industry-pacing to nonprofit, regulatory, policy-making and academic) to address issues from all sides and tailor the appropriate practical and forward-looking outcome for domestic and international clients.

Carolina Alonso’s practice is focused on privacy, data protection and advertising. She has a range of experience, from international privacy and advertising compliance to data security issue spotting to business deals, including acquisition due diligence and contract drafting and negotiation. She is also skilled in a variety of coding languages, including Python and HTML. Carolina encourages companies to self-regulate and guides them in using best practices to facilitate future privacy trends.

Carolina is the founder and leader of the video game law working group at the firm, which connects clients to the firm’s team of attorneys with video game experience, including those who are gamers themselves. She is also a member of the Video Game Bar Association. In addition to counseling business leaders in the video game and mobile app game industries, Carolina’s passion for gaming translates to an in-depth understanding of the challenges associated with XR technologies and multiverse platforms.

While at BakerHostetler, Carolina participated in a six-month full-time secondment at a financial, software, data and media conglomerate, where she led analysis and compliance with the CCPA, updated privacy policies and third-party agreements, assisted in launching mobile apps, assessed third-party data ingestion, implemented privacy-forward tracking technologies and conducted EU GDPR analysis.

Since July 2020, Carolina has participated in a part-time secondment at a multinational technology conglomerate, focusing on general domestic and international privacy compliance, privacy training, privacy risk mitigations for software and hardware product launches, and biometric legal analysis and internal policy and procedure drafting. She supports products that integrate emerging issues such as machine learning and artificial intelligence, XR technologies, cryptocurrency, multiverse online experiences and youth protection and verification.

Carolina has experience with children’s and student data, including COPPA compliance and FERPA application, as well as biometric and genetic data, including BIPA and CUBI analysis. She also advises clients on certain advertising issues, including children’s advertising and CARU enforcement. Additionally, she has general experience in intellectual property issues, having advised companies and individuals on copyright infringement and fair use.

Before joining BakerHostetler, Carolina worked in law and policy at a number of technology-centric organizations, including the Future of Privacy Forum, Public Knowledge, Yahoo and Facebook. She also has basic reading and writing skills in Japanese.

Select Experience

Privacy and Data Security
  • Advises on general privacy-related compliance issues including the Federal Trade Commission Act’s enforcement against unfair and deceptive business practices and misrepresentations, drafting privacy policies (e.g., in line with privacy policy laws such as the California Shine the Light law and California Minor’s Privacy Right law), assessing adtech tracking technology use, implementation and compliance, drafting online service terms of use, subscription/auto-renewal terms, transaction terms, DMCA Agent registration and internal procedure, crowd privacy notices, and data service agreements for large, small, and emerging companies in various industries.

Media and Telecommunications
  • Represented a nonprofit organization focused on the rights of a group of disabled people in Federal Communications Commission (FCC) filings pertaining to media accessibility.

Advertising
  • For a large media company, provided insight into advertising regulations surrounding social media influencers.

More »

Experience

Privacy and Data Security
  • Advises on general privacy-related compliance issues including the Federal Trade Commission Act’s enforcement against unfair and deceptive business practices and misrepresentations, drafting privacy policies (e.g., in line with privacy policy laws such as the California Shine the Light law and California Minor’s Privacy Right law), assessing adtech tracking technology use, implementation and compliance, drafting online service terms of use, subscription/auto-renewal terms, transaction terms, DMCA Agent registration and internal procedure, crowd privacy notices, and data service agreements for large, small, and emerging companies in various industries.
  • Advises on, drafts documents related to, and conducts compliance project plans for the EU General Data Protection Regulation (GDPR) privacy projects, including but not limited to policy gap assessments, EU Privacy Notices, Fair Processing Notices for Employees, EU data breach hotline, EU data breach notices and seeking guidance from EU regulators, EU Personal Data Breach Plans, vendor management procedure materials, EU Personal Data of children issues analysis, International Data Transfer materials (Privacy Shield/Model Clauses), Data Protection Impact Assessments, GDPR-specific contract language, and procedures for data subject requests.
  • Drafts employee training materials on privacy laws, regulations, best practices, and practical impacts (e.g., power points, internal procedures).
  • Supports projects related to biometric personal information (e.g., Biometric Information Privacy Act), including drafting application and practical advice memos and privacy notices. Has spoken on a podcast specifically about genetic privacy laws.
  • Advises clients on video game-related issues such as loot boxes, in-game purchases, digital currency, community terms, e-sports, streaming, influencers, tournaments, NFTs, gamer data privacy and security, marketing and advertising, first-party and user-generated content, sponsorships and first-party and third-party platform compliance.
  • Advises on, drafts documents related to, and conducts compliance project plans for collecting children’s personal information, the Children’s Online Privacy Protection Act (COPPA), and international children’s online service regulations (e.g., ICO’s design guidelines), including but not limited to practical application, enforcement risk and best practice memos, implementation of parental verification, user interface recommendations, COPPA privacy policies, internal COPPA procedures, data flow assessments and recommendations, and participating in speaking events. Also advises on children’s advertising issues, including enforcement by the FTC and CARU.  Advises on, drafts documents related to, and conducts compliance project plans for the California Consumer Privacy Act (CCPA) including but not limited to CCPA privacy policy language, data flow assessments, internal checklists (e.g., consumer request procedures), memos explaining why a businesses does not sell personal information and vendor contract remediation and negotiation.
  • Future proofs client’s policies and procedures by integrating practical advice on upcoming laws such as CPRA, VCDPA and CPA.
  • Facilitates and works with local counsel to provide global approach to privacy compliance. For example, ensuring launch of internationally-accessed mobile apps contain appropriate language relating to international arbitration and language that is not unfair and deceptive to international regulators. Also advises on cross-border issues, general privacy compliance and how to address U.S. compliance related to the EU, UK, China and other APAC jurisdictions such as Japan and South Korea.
  • Advises on various privacy and data security related laws including analysis of application of and drafting protected health information notices related to the Health Insurance Portability and Accountability Act (HIPAA), analysis of application of and drafting of contract terms related to the Family Educational Rights and Privacy Act (FERPA), analysis of, tracking of, and drafting contract language related to, state and federal employee and student privacy laws, analysis of the Fair Credit Reporting Act, analysis of the Gramm–Leach–Bliley Act, drafting of privacy policies for compliance with self-regulatory systems such as the Student Privacy Pledge, application of Racketeer Influenced and Corrupt Organizations Act (RICO) for certain data practices, general privacy ethics analysis and public relations considerations, and social media laws and e-discovery social media issues.
  • Analyzes and advises on anti-discriminatory laws including the application, best practices, and practical solutions related to the Americans with Disabilities Act of 1990’s user interface requirements and litigation threats, the California Unruh Civil Rights Act, the Equal Credit Opportunity Act, and the Robinson-Patman Act.
  • Counsels on data security incident issues, including drafting responses to incidents or breaches to those affected and to local regulators (i.e., through BakerHostetler’s Data Breach Hotline), vendor management and contract language such as data breach indemnification, and drafting Incident Response Plans.
  • Counsels on privacy issues in business transactions (e.g., mergers and acquisitions) including drafting Due Diligence Reports, supplemental material requests, and business transition privacy consideration materials.
  • Advises on employee privacy issues,, including internal product testing through employee participation and COVID tracing and recordkeeping requirements.
  • Advises on legal compliance and related privacy and cybersecurity risk issues relevant to various subject areas such as video games, cryptocurrency, NFTs, automated vehicles, connected devices, Internet of Things, interest-based advertising and other tailored advertising, and connected toys.
Media and Telecommunications
  • Represented a nonprofit organization focused on the rights of a group of disabled people in Federal Communications Commission (FCC) filings pertaining to media accessibility.
  • Co-authored filings with the United States International Trade Commission pertaining to the importation of mobile phone devices.
Advertising
  • For a large media company, provided insight into advertising regulations surrounding social media influencers.
  • Provided insight on false and misleading advertising in app stores to a non-profit focused on children’s advertising.
  • Advises on issues related to substantiation, sweepstakes and contest terms including drafting of such, interest-based advertising, and advertising to children.

Recognitions and Memberships

Memberships

  • American Bar Association
  • Video Game Bar Association

Community

  • Columbia University Shotokan Karate Club
  • Georgetown Gilbert & Sullivan Society
  • Lynbrook High School Mock Trial Team: Assistant Coach (2012 to 2015)
  • Commissioned Painter
  • Freelance Comic Artist, having published legal related comics in the Georgetown Law Weekly and an original story, The T.S. Skyline (no longer available online)

Pro Bono

  • Assisted industry-leader behavioral advertising organization and self-regulation body in developing international privacy opt out signal, including in South Korea and Japan.
  • Assisted organization in developing privacy strategy for building an evidence locker database to track and provide proof of human rights violations.
  • Drafted portions of an amicus brief, in conjunction with LatinoJustice, with a focus on enjoining the government from using personal information collected from DACA applicants and recipients for immigration purposes, such as deportation, contradictory to its privacy policies. In addition, worked with LatinoJustice to develop privacy policies and terms for mobile app supporting the fight against voter intimidation.
  • Drafted privacy policies and documents for online services providing New York City renters a platform to share experiences and guidance on how to request COVID rent reductions or pauses.
  • Represented a medical educational device startup regarding its sales agreements with educational institutions. Advised the client not to sign a template contract from a school and wrote a new contract from scratch, including intellectual property provisions that were more favorable to the client.
  • Worked with a judge in the Superior Court of the District of Columbia on felon and juvenile cases by drafting opinions and doing legal research.
  • Worked with a nonprofit law firm representing music artists and recording companies on copyright, tax and trademark issues at an international level.
  • Lead full EU General Data Privacy Regulation compliance plan for Humanity In Action, an international nonprofit focused on young professional education through hands-on travel and culture experiences.
  • Lead youth-driven project on development of youth and vulnerable people policies as well as privacy documents for Ashoka, an organization focused on empowering young people to build programs for their communities.
  • Advised Spanish-speaking DACA recipients on immigration laws.

Prior Positions

  • The Future of Privacy Forum: Privacy Fellow (2016 to 2017)
  • Georgetown Law Institute for Public Representation: Communications & Technology Law Clinic: Student Attorney (2016)
  • Public Knowledge: Legal Intern (2015)
  • Yahoo: Public Policy Intern (2015)
  • Alliance of Artists and Recording Companies (2015)
  • Facebook: Global Policy Extern (2014)
  • Claro y Cia.: International Intellectual Property Legal Intern (2014)

Admissions

  • California
  • [Not admitted in New York]

Education

  • J.D., Georgetown University Law Center, 2016; Georgetown Entertainment and Media Alliance Law Division: Media Law Committee (2013 to 2014)
  • B.S., Political Science, University of California, Davis, 2012; UC Davis Mock Trial Team: Founding Member, Captain, Attorney, Witness (2009 to 2012); All-Region Outstanding Witness Award (2010)

Languages

  • Spanish

Blog

In The Blogs

Previous Next
Data Counsel
Leveling Up: Advertising to Children Through Video Games
By Carolina A. Alonso, Michael C. Ingram, Amy Ralph Mudge
March 7, 2022
Video games have come a long way from the days of Atari’s Pong; today’s games can contain fully immersive worlds complete with brand partnerships. Video game platforms, such as Roblox, which boasts over 100 million active users in its...
Read More ->
AD-ttorneys Law Blog
Leveling Up: Advertising to Children Through Video Games March 7, 2022
By Carolina A. Alonso, Michael C. Ingram, Amy Ralph Mudge
March 7, 2022
Video games have come a long way from the days of Atari’s Pong; today’s games can contain fully immersive worlds complete with brand partnerships. Video game platforms, such as Roblox, which boasts over 100 million active users in its...
Read More ->
AD-ttorneys Law Blog
CARU's Revised Guidelines Are Not Kid-ding Around
By Carolina A. Alonso, Michael C. Ingram, Amy Ralph Mudge
October 15, 2021
By: Amy Mudge, Mike Ingram and Carolina Alonso The Children’s Advertising Review Unit (CARU) recently held their “Kidvertising” workshop to discuss the revised CARU Advertising Guidelines, which are set to take effect on January 1, 2022...
Read More ->
AD-ttorneys Law Blog
COPPA Compliance Back in Congressional Crosshairs
By Carolina A. Alonso, Michael C. Ingram
May 7, 2021
With more children getting online, the Federal Trade Commission (FTC) is not the only stakeholder concerned about reevaluating regulations related to children’s online privacy. Certain members of Congress are also seeking to review the...
Read More ->
Data Counsel
Privacy and Product Counseling: 2020 in Review
By Carolina A. Alonso, Orga Cadet, Gerald J. Ferguson, Barbara D. Linney, Melinda L. McLellan, Veronica Reynolds, Nichole L. Sterling
December 17, 2020
Advising our clients on compliance with laws and regulations is, hands down, the most important aspect of our role as attorneys. In addition to seeking counsel on their obligations under laws and regulations, however – motivated by...
Read More ->