European Data Protection and Information Security

European Union Regulatory Group

Key Contacts


  • Cross-Border Data Transfers and International Data Protection/Privacy Laws

    Our team is recognized for its understanding of international data protection regimes and for its ability to craft practical solutions to transborder data flow issues. We frequently advise on international e-commerce laws and cross-border data protection issues such as compliance with the data protection regime in the EU. Recent matters include:

    • Working with various multinational businesses to develop privacy and security programs to comply with cross-border EU data protection requirements for transfer of customer and employee data and to obtain Safe Harbor certifications.
    • Developing data security programs to support offshore outsourcing of various data processing activities and setting up appropriate legal regimes and data flows in domestic outsourcing arrangements.
    • Advising various clients on compliance with European data protection rules in connection with marketing strategies, licensing agreements, enforcement of corporate compliance rules (including cross-border whistle-blowing policies) and data retention issues.
    • Advising clients on compliance with EU privacy and data protection rules included in sector-specific regulation (e.g., in the telecommunications sector).
    • Dealing with EU restrictions on the transfer of personal data in the context of US pretrial discovery and advising clients on how to prepare for litigation in the US in general by setting up appropriate document retention policies, taking into account European data protection and employment law requirements.
  • Compliance, Data Protection/Privacy Policies and Data Security

    We are trusted advisors to a large number of clients on many novel and important questions concerning data protection and security issues. We have developed practical enterprise-wide privacy and security policies and programs for multinational corporations in the online services, financial services, IT, manufacturing, telecommunications, media and retail sectors. We regularly advise clients on developing security incident response plans and providing data breach crisis management. We counsel clients on compliance with the often slightly diverging national implementations of EU data protection rules in EU member countries, particularly in the context of implementation of a multi-jurisdictional business plan in Europe. Our work has included:

    Internet and Communications

    • Advising on compliance with privacy rules in the context of advertising and marketing campaigns, lotteries and loyalty programmes, sales and purchases of customer lists and unsolicited commercial communications.
    • Advising clients on privacy issues in connection with monitoring communications for purposes of network management and detecting unlawful activity.
    • Advising clients such as broadband service providers, online content companies and mobile operators concerning the privacy implications of offering targeted advertising using behavioral data from customers' Internet usage, location data and other demographic information.
    • Advising Internet service providers and online operators on compliance with data retention obligations.

    Financial Services

    • Crafting a network of corporate intra-group data protection and data security agreements worldwide to meet the stringent criteria of the EU's data protection laws.
    • Advising on privacy compliance and consent requirements in the context of the provision and marketing of consumer credit products.

    Human Resources/Employee Data

    • Advising multinational companies on data protection issues affecting centralization of global human resources information systems.
    • Counseling a global provider of outsourced human resources benefits management about compliance with international privacy and data transfer laws, including those applicable to sensitive (e.g., medical and financial) personal information; privacy and security obligations in connection with large-scale outsourcing; and security incident response and state and international breach notification obligations.
    • Advising clients on data protection and data transfer issues in the context of corporate reorganizations, mergers and acquisitions.

    Corporate Compliance and Investigations

    • Drafting corporate codes of conduct that respect data protection obligations and allow appropriate Sarbanes-Oxley oversight, including anonymous whistle-blowing.
    • Assisting clients on privacy issues in connection with electronic discovery.
    • Advising and assisting clients on privacy issues in connection with internal investigations in competition, anti-corruption and corporate governance matters.

European Data Protection and Information Security