Carolina A. Alonso

Experience

• Regularly provides counsel for the use of tracking technologies, such as cookies, on online properties (i.e., websites and apps), including considerations related to domestic and international opt in and opt out requirements, statutory and contractual obligations for disclosure of such use, tracking technology vendor contract and Data Processing Agreement review and negotiation, and reducing risk of litigation.
• Participated in a part-time secondment at a global healthcare provider focusing on global and domestic privacy law compliance including foreign jurisdiction heat mapping considering the intersectionality of healthcare industry privacy laws and consumer privacy laws and data research and ingestion for improvement of services.
• Participated in a three-year part-time secondment at a multinational technology conglomerate, focusing on general domestic and international privacy compliance, privacy training, privacy risk mitigations for software and hardware product launches, and biometric legal analysis and internal policy and procedure drafting. Supported products that integrate emerging issues such as machine learning and artificial intelligence, XR technologies, cryptocurrency, multiverse online experiences and youth protection and verification.
• Participated in a six-month full-time secondment at a financial, software, data and media conglomerate, leading analysis and compliance with the CCPA, updated privacy policies and third-party agreements, assisted in launching mobile apps, assessed third-party data ingestion, implemented privacy-forward tracking technologies and conducted EU GDPR analysis.
• Advises on general privacy-related compliance issues including the Federal Trade Commission Act’s enforcement against unfair and deceptive business practices and misrepresentations, drafting privacy policies (e.g., in line with privacy policy laws such as the California Shine the Light law and California Minor’s Privacy Right law), assessing adtech tracking technology use, implementation and compliance, drafting online service terms of use, subscription/auto-renewal terms, transaction terms, DMCA Agent registration and internal procedure, crowd privacy notices, and data service agreements for large, small, and emerging companies in various industries.
• Advises on, drafts documents related to, and conducts compliance project plans for the EU General Data Protection Regulation (GDPR) privacy projects, including but not limited to policy gap assessments, EU Privacy Notices, Fair Processing Notices for Employees, EU data breach hotline, EU data breach notices and seeking guidance from EU regulators, EU Personal Data Breach Plans, vendor management procedure materials, EU Personal Data of children issues analysis, International Data Transfer materials (Privacy Shield/Model Clauses), Data Protection Impact Assessments, GDPR-specific contract language, and procedures for data subject requests.
• Drafts employee training materials on privacy laws, regulations, best practices, and practical impacts (e.g., power points, internal procedures).
• Supports projects related to biometric personal information (e.g., Biometric Information Privacy Act), including drafting application and practical advice memos and privacy notices. Has spoken on a podcast specifically about genetic privacy laws.
• Advises clients on video game-related issues such as loot boxes, in-game purchases, digital currency, community terms, e-sports, streaming, influencers, tournaments, NFTs, gamer data privacy and security, marketing and advertising, first-party and user-generated content, sponsorships and first-party and third-party platform compliance.
• Advises on, drafts documents related to, and conducts compliance project plans for collecting children’s personal information, the Children’s Online Privacy Protection Act (COPPA), and international children’s online service regulations (e.g., ICO’s design guidelines), including but not limited to practical application, enforcement risk and best practice memos, implementation of parental verification, user interface recommendations, COPPA privacy policies, internal COPPA procedures, data flow assessments and recommendations, and participating in speaking events. Also advises on children’s advertising issues, including enforcement by the FTC and CARU.
• Advises on, drafts documents related to, and conducts compliance project plans for the California Consumer Privacy Act (CCPA) including but not limited to CCPA privacy policy language, data flow assessments, internal checklists (e.g., consumer request procedures), memos explaining why a businesses does not sell personal information and vendor contract remediation and negotiation.
• Future proofs client’s policies and procedures by integrating practical advice on upcoming laws such as CPRA, VCDPA and CPA.
• Facilitates and works with local counsel to provide global approach to privacy compliance. For example, ensuring launch of internationally-accessed mobile apps contain appropriate language relating to international arbitration and language that is not unfair and deceptive to international regulators. Also advises on cross-border issues, general privacy compliance and how to address U.S. compliance related to the EU, UK, China and other APAC jurisdictions such as Japan and South Korea.
• Advises on various privacy and data security related laws including analysis of application of and drafting protected health information notices related to the Health Insurance Portability and Accountability Act (HIPAA), analysis of application of and drafting of contract terms related to the Family Educational Rights and Privacy Act (FERPA), analysis of, tracking of, and drafting contract language related to, state and federal employee and student privacy laws, analysis of the Fair Credit Reporting Act, analysis of the Gramm–Leach–Bliley Act, drafting of privacy policies for compliance with self-regulatory systems such as the Student Privacy Pledge, application of Racketeer Influenced and Corrupt Organizations Act (RICO) for certain data practices, general privacy ethics analysis and public relations considerations, and social media laws and e-discovery social media issues.
• Analyzes and advises on anti-discriminatory laws including the application, best practices, and practical solutions related to the Americans with Disabilities Act of 1990’s user interface requirements and litigation threats, the California Unruh Civil Rights Act, the Equal Credit Opportunity Act, and the Robinson-Patman Act.
• Counsels on data security incident issues, including drafting responses to incidents or breaches to those affected and to local regulators (i.e., through BakerHostetler’s Data Breach Hotline), vendor management and contract language such as data breach indemnification, and drafting Incident Response Plans.
• Counsels on privacy issues in business transactions (e.g., mergers and acquisitions) including drafting Due Diligence Reports, supplemental material requests, and business transition privacy consideration materials.
• Advises on employee privacy issues,, including internal product testing through employee participation and COVID tracing and recordkeeping requirements.
• Advises on legal compliance and related privacy and cybersecurity risk issues relevant to various subject areas such as video games, cryptocurrency, NFTs, automated vehicles, connected devices, Internet of Things, interest-based advertising and other tailored advertising, and connected toys.

• Represented a nonprofit organization focused on the rights of a group of disabled people in Federal Communications Commission (FCC) filings pertaining to media accessibility.
• Co-authored filings with the United States International Trade Commission pertaining to the importation of mobile phone devices.

• Regularly provides counsel on domestic and international marketing issues including considerations as to blurring content, children’s advertising and COPPA, CAADC, dark patterns, subscription services, loot boxes and other user interface, service or game design.
• For a large media company, provided insight into advertising regulations surrounding social media influencers.
• Provided insight on false and misleading advertising in app stores to a non-profit focused on children’s advertising.
• Advises on issues related to substantiation, sweepstakes and contest terms including drafting of such, interest-based advertising, and advertising to children.

Memberships

• American Bar Association
• Video Game Bar Association

Community

• Columbia University Shotokan Karate Club
• Georgetown Gilbert & Sullivan Society
• Lynbrook High School Mock Trial Team: Assistant Coach (2012 to 2015)
• Commissioned Painter
• Freelance Comic Artist, having published legal related comics in the Georgetown Law Weekly and an original story, The T.S. Skyline (no longer available online)

Pro Bono

• Assisted industry-leader behavioral advertising organization and self-regulation body in developing international privacy opt out signal, including in South Korea and Japan.
• Assisted organization in developing privacy strategy for building an evidence locker database to track and provide proof of human rights violations.
• Drafted portions of an amicus brief, in conjunction with LatinoJustice, with a focus on enjoining the government from using personal information collected from DACA applicants and recipients for immigration purposes, such as deportation, contradictory to its privacy policies. In addition, worked with LatinoJustice to develop privacy policies and terms for mobile app supporting the fight against voter intimidation.
• Drafted privacy policies and documents for online services providing New York City renters a platform to share experiences and guidance on how to request COVID rent reductions or pauses.
• Represented a medical educational device startup regarding its sales agreements with educational institutions. Advised the client not to sign a template contract from a school and wrote a new contract from scratch, including intellectual property provisions that were more favorable to the client.
• Worked with a judge in the Superior Court of the District of Columbia on felon and juvenile cases by drafting opinions and doing legal research.
• Worked with a nonprofit law firm representing music artists and recording companies on copyright, tax and trademark issues at an international level.
• Lead full EU General Data Privacy Regulation compliance plan for Humanity In Action, an international nonprofit focused on young professional education through hands-on travel and culture experiences.
• Lead youth-driven project on development of youth and vulnerable people policies as well as privacy documents for Ashoka, an organization focused on empowering young people to build programs for their communities.
• Advised Spanish-speaking DACA recipients on immigration laws.