Consumer Data Transfers Under New Privacy Laws: Contracting Requirements; Due Diligence; Vendor Management
Best Practices for Drafting and Modifying Documents to Ensure Continued Compliance With Ever-Evolving Privacy Laws
A live 90-minute CLE video webinar with interactive Q&A
This CLE course will guide business and technology counsel in managing transfers of U.S. consumer data in light of nearly a dozen new state privacy laws, including on conducting data practice assessments and drafting and updating technology vendor agreements, and data sales and license agreements, to meet the new and upcoming requirements of these laws. In addition, the new EU/U.S. personal data transfer mechanism, the Data Privacy Framework (DPF), which replaces Privacy Shield, and how to qualify under it will be explained. The panel will also discuss the evolving privacy landscape and provide practical advice to ensure that businesses abide by enhanced protections for consumers by reviewing requirements for compliance, differences in the scope of application with the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA), the EU General Data Protection Regulation, and other state privacy laws as well as due diligence tactics for evaluating personal data transfers.
Outline
- History of U.S. state consumer privacy laws
- What has changed under the new generation of U.S. consumer privacy laws
- Contracting requirements for personal data transfers under U.S. consumer privacy laws
- The benefits of DPF for EU-U.S. personal data transfers and how to qualify for DPF and leverage it for non-DPF transfers
- Performing due diligence on existing vendor agreements for compliance
- Drafting vendor and third-party transfer contracts or amending existing agreements
- Tips for implementing an effective vendor risk management program
Benefits
The panel will review these and other relevant topics:
- Data transfer contracting requirements under new U.S. consumer privacy laws:
- for service providers/processors
- for other transfers (sales and licenses)
- regarding sensitive data, targeted advertising, and other high risk data practices
- The role of assessments
- How DPF can be used to enable EU-U.S. personal data transfer
- Vendor management best practices
Faculty

Alan L. Friel
Partner
Squire Patton Boggs
Mr. Friel is co-Chair of the firm’s Global Data Privacy, Cybersecurity & Digital Assets Practice. BTI has... | Read More
Mr. Friel is co-Chair of the firm’s Global Data Privacy, Cybersecurity & Digital Assets Practice. BTI has named Alan to its Client Service All-Stars List, recognizing attorneys who stand above all the others in delivering the absolute best in client service. Prior to joining Squire Patton, he was a partner at another AmLaw 100 law firm, where he led the US Consumer Privacy practice (in which he counseled clients on compliance with the California Consumer Privacy Act (CCPA) and other data privacy regimes), and the retail, restaurant, and e-commerce industry initiative. Previously, he was Chair of the Global Technology, Media and Telcom (TMT) practice of another AmLaw 100 firm.
Close
Julia B. Jacobson
Partner
Squire Patton Boggs
Ms. Jacobson helps clients maximize the value of their strategic relationships by drafting and negotiating a wide range... | Read More
Ms. Jacobson helps clients maximize the value of their strategic relationships by drafting and negotiating a wide range of commercial contracts, particularly technology-centric agreements and the deployment of machine learning and artificial intelligence. For both product and service providers and users, she structures and negotiates contracts and develops customized template agreements and tools for vendor screening and assessments. Additionally, a significant portion of Ms. Jacobson’s practice is devoted to advising clients on an array of privacy, cybersecurity, data breach and data governance matters. She assists clients with the design and development of privacy-sensitive policies for the collection and use of personal data.
Close
Colleen Yushchak
Senior Managing Director
Ankura Consulting Group
Ms. Yushchak has over 20 years of experience in technology and litigation consulting, including compliance consulting... | Read More
Ms. Yushchak has over 20 years of experience in technology and litigation consulting, including compliance consulting relating to EU privacy and data protection laws (including, but not limited to, the GDPR), e-discovery and litigation support, cyber breach, change management, and information governance.
Close