Global Data Protection

For U.S. companies operating and expanding globally, data protection compliance is a critical foundation for sustainable growth. Navigating diverse regulatory landscapes – from the GDPR in Europe to emerging laws in Asia and Latin America – international expansion requires a strategic approach that not only mitigates legal risk but also strengthens customer trust and operational resilience across borders.

Counseled multinational media and advertising brands on the compliant use of tracking technologies, including data sharing, adtech vendor contracting and development of cookie banners and notices.
Counseled a major Chinese mobile app developer on privacy issues associated with global rollout, including development of an internal data protection program and advice on jurisdictional concerns related to data storage and access.
Advised a global food manufacturer and retailer on AI policy and procedures in conjunction with planned third-party AI use and internal AI development, supporting relevant contract negotiations and partnership planning.
Developed and coordinated data protection impact assessment (DPIA) program for a multinational retailer, working with business stakeholders and the in-house legal team on risk analysis conclusions and mitigation measures.
Worked with a multinational sporting goods company and a large multinational technology company to update data subject request procedures after regulatory inquiries, aiming to streamline intake, fulfillment and response processes and to implement enhanced options for self-service deletion and access (DSAR) requests.
Advised an international manufacturing conglomerate on the revision of a global employee privacy policy covering dozens of countries, including engaging with foreign local counsel to address labor law issues and emerging data protection legislation.
Conducted a comprehensive evaluation of an energy technology company’s global compliance program, engaging in employee interviews and analyzing business practices, to develop detailed assessment of privacy compliance gaps and prioritized plan to advance compliance program maturity.
Aided a private-sector government cybersecurity contractor with assessing potential exposure to foreign data protection laws and associated compliance requirements, including with respect to personal data acquired from foreign governments.
Advised a multinational consultancy on developing data protection provisions for client service agreements, including risk-specific security measures tailored to address varying data risk profiles.
Crafted DOJ Data Security Program compliance plan for a global retailer to facilitate compliance with bulk sensitive data transfers to vendors in China and Hong Kong.
Created situation-specific versions of data processing and transfer agreements along with drafting instructions and negotiation guidance for a Fortune 20 healthcare services company, allowing in-house management of complex vendor contracting.
Worked with several global insurance companies to develop and execute strategic data sharing and licensing initiatives.
Negotiated complex services agreements with a large financial services firm and a global consultancy to enable ongoing use of AI initiatives in service offerings.
Counseled a global hospitality company on subcontractor risk, due diligence and onward data transfer agreements.
Advised a multinational data broker on personal data transfer safeguards to protect data produced in U.S. litigation and in response to regulatory inquiries.
Evaluated and documented a global insurance company’s cross-border data transfer assessments and created policies for responding to public authority requests.
Managed simultaneous regulatory notifications across every EU Member State following a personal data breach involving an e-commerce website.
Handled global notification and regulatory response efforts worldwide for a vendor incident involving a cryptocurrency exchange.
Advised a global data analytics company on European lead supervisory authority designation and responded to inquiries challenging the designation.
Determined no notification was required for a worldwide security incident following a comprehensive assessment of international data protection laws, including a review of applicability, personal data breach notification triggers and data elements involved.
Assisted a food delivery platform in its data breach response, including addressing repeated foreign regulatory inquiries.
Supported several popular websites regarding regulatory response in the UK during the data protection authority’s cookie compliance sweeps.
Coordinated with foreign local counsel to plan and execute a global data breach notification strategy for a multinational hospitality company.