Consumer Data Transfers Under New Privacy Laws: Contracting Requirements; Due Diligence; Vendor Management
Best Practices for Drafting and Modifying Documents to Ensure Continued Compliance With Ever-Evolving Privacy Laws
Recording of a 90-minute CLE video webinar with Q&A
This CLE course will guide business and technology counsel in managing transfers of U.S. consumer data in light of nearly a dozen new state privacy laws, including on conducting data practice assessments and drafting and updating technology vendor agreements, and data sales and license agreements, to meet the new and upcoming requirements of these laws. In addition, the new EU/U.S. personal data transfer mechanism, the Data Privacy Framework (DPF), which replaces Privacy Shield, and how to qualify under it will be explained. The panel will also discuss the evolving privacy landscape and provide practical advice to ensure that businesses abide by enhanced protections for consumers by reviewing requirements for compliance, differences in the scope of application with the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA), the EU General Data Protection Regulation, and other state privacy laws as well as due diligence tactics for evaluating personal data transfers.
Outline
- History of U.S. state consumer privacy laws
- What has changed under the new generation of U.S. consumer privacy laws
- Contracting requirements for personal data transfers under U.S. consumer privacy laws
- The benefits of DPF for EU-U.S. personal data transfers and how to qualify for DPF and leverage it for non-DPF transfers
- Performing due diligence on existing vendor agreements for compliance
- Drafting vendor and third-party transfer contracts or amending existing agreements
- Tips for implementing an effective vendor risk management program
Benefits
The panel will review these and other relevant topics:
- Data transfer contracting requirements under new U.S. consumer privacy laws:
- for service providers/processors
- for other transfers (sales and licenses)
- regarding sensitive data, targeted advertising, and other high risk data practices
- The role of assessments
- How DPF can be used to enable EU-U.S. personal data transfer
- Vendor management best practices
Faculty
Alan L. Friel
Partner, Chair Data Privacy, Cybersecurity & Digital Assets Practice
Squire Patton Boggs
Mr. Friel is a thought leader in digital media, IP, data privacy and protection, and consumer protection law, with over... | Read More
Mr. Friel is a thought leader in digital media, IP, data privacy and protection, and consumer protection law, with over three decades of relevant experience to address the intersection of law and technology. Having served as a GC for several years in the late 1990s before returning to private practice, Mr. Friel has the necessary expertise to advise clients on making practical and informed business decisions, and help companies and entrepreneurs navigate the complex opportunities created by disruptive technology. With his in-house and private practice experience, he assists clients with creating data inventories, and information governance and data privacy and security programs; developing and implementing policies and procedures for providing consumer data privacy transparency, choice and access; drafting and negotiating privacy and data security provisions for commercial contracts; evaluating privacy impact assessments; addressing data privacy and security issues in merger and acquisitions transactions; structuring personal data transfer arrangements (including cross-border, intracompany, sales and licenses, and disclosures that are exempt from, and/or comply with, certain legal restrictions); drafting and revising external and internal privacy and data security policies and procedures; and addressing complex intellectual property and consumer protection issues related to digital media, advertising and commerce, such as in connection with the development and deployment of artificial intelligence, tailored and targeted advertising practices, and digital transformation and data commercialization strategies. Mr. Friel is a sought-after speaker and is affiliated with UCLA as an assistant professor in a multidisciplinary project at the Graduate School of TV, Film and Digital Media, and is an adjunct professor at Loyola Marymount School of Law.
Close
Julia B. Jacobson
Partner
Squire Patton Boggs
Ms. Jacobson is a partner in the Data Privacy, Cybersecurity & Digital Assets Practice. She offers practical and... | Read More
Ms. Jacobson is a partner in the Data Privacy, Cybersecurity & Digital Assets Practice. She offers practical and tactical counsel on privacy and cybersecurity compliance strategies, data breach response, technology transactions and marketing initiatives for national and multinational organizations. Ms. Jacobson assists clients with the design and development of privacy-sensitive policies for the collection and use of personal data. She regularly advises businesses on the privacy and cybersecurity aspects of environmental, social and governance (ESG) programs, ethical data use, machine learning and artificial intelligence, vendor contracting and management and business sales, combinations and acquisitions.
Close
Colleen M. Yushchak
Senior Managing Director
Ankura Consulting Group
Ms. Yushchak Senior Managing Director, at Ankura has over 25 years of experience in technology and litigation... | Read More
Ms. Yushchak Senior Managing Director, at Ankura has over 25 years of experience in technology and litigation consulting, including data privacy compliance consulting, eDiscovery and litigation support, cyber breach, change management and information governance. She specializes in providing expert services to organizations that are building, maturing, or operationalizing privacy compliance programs. Ms. Yushchak has implemented over 100 compliance programs that demonstrate compliance with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other active and emerging global privacy regulations. She provides support to organizations by conducting privacy maturity assessments, developing privacy program roadmaps, creating ROPAs and data inventories, implementing privacy technologies, consulting on workflows and process development for managing consumer rights processes and consent tracking, providing proactive readiness and litigation support, developing and operationalizing privacy policies and documentation, and providing long-term privacy office support through vDPO and privacy management services.
Close