• Kramer Levin’s Cybersecurity, Privacy and Data Protection group is an interdisciplinary team of lawyers from the United States and Europe with extensive litigation, regulatory, technology and compliance experience. We represent clients ranging from startups to multinational Fortune 100 companies to corporate executives and boards of directors, and provide proactive, comprehensive advice on the most cutting-edge data management, security valuation and technology issues as digital law becomes more and more global, transcending the cybersecurity and privacy laws of any single nation.

    We regularly advise clients regarding:

    • Consumer protection and class action litigation defense
    • Government and internal investigations, including, in the United States, by the Department of Justice, FTC, SEC and other state and federal regulatory agencies, and in Europe, by EU data protection agencies
    • EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), privacy shield and EU data protection rules compliance, including cross-border data transfers, e-discovery and whistle blower compliance, and hotline compliance
    • Cyber transactions, e-commerce, advertising and internet marketing
    • Cyberinsurance coverage
    • Cybersecurity counseling and training
    • Data access, data sharing and licensing/terms-of-use arrangements as well as employee, independent contractor and vendor confidentiality agreements
    • Data breach management, readiness and prevention, incident response, law enforcement coordination and post-breach recovery
    • Data protection audits and assistance in national data protection agency audits
    • EU data counseling and privacy policies
    • EU business secrecy compliance
    • Industry-specific internal controls regarding data and consumer privacy

    In addition, our Paris office has deep familiarity with and advises regularly on cross-border and multinational data security and privacy issues, including:

    • Implementation of compliance programs, binding corporate rules, data protection audits and impact assessment for multinational corporations
    • Implementation of employee and third-party whistleblowing procedures and hotlines
    • Cross-border data transfers (privacy shield, contractual clauses and binding corporate rules)
    • Contractual agreements of data controllers with their subcontractors
    • Data protection, trade secrecy, breaches under EU privacy laws and notification to competent authorities (national data protection agencies and EU Network and Information Systems agencies)
    • National and international investigations related to data protection compliance pursuant to EU privacy and data protection laws
    • French Data Protection Authority (DPA) procedures, including recommendations, approvals, statements, investigations and sanctions
    • Litigation before European and national jurisdictions, including, for example, litigation related to the right of access to health data
    • Updating and ongoing counsel on U.S., EU and French data protection legislation and regulations
    • Advising on the “data protection” vs. “antitrust” issue
    • E-commerce and distribution law
    • Legal privilege and blocking statute (loi de blocage)
    • Presentation before the employee representative committees as regards changes associated with digitalization

    Many of our lawyers have served in senior positions in government, including as prosecutors, counsel for congressional committees and members of the judiciary. In Europe, our group includes a chief officer of the French DPA and a leading authority in developing EU law. Across the practice and around the globe, the group applies varied perspectives and draws on the extensive knowledge and experience of our Advertising, Antitrust, Corporate, Information Governance and E-Discovery, Insurance, Intellectual Property and Litigation lawyers, among others. We offer practical strategies to help our clients identify and manage legal and reputational risks associated with all data.