We counsel clients on the full alphabet soup of U.S. and international privacy laws. We frequently advise clients on compliance with laws such as the FTC Act, HIPAA, FCRA, GLBA, CAN-SPAM, COPPA, FERPA, VPPA, TCPA, BIPA, and state breach notification laws, as well as omnibus privacy legislation including the EU’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other emerging state privacy laws. Our nationally recognized Ad Tech practice advises companies across the ad tech ecosystem to address a wide range of challenges and compliance obligations in this space. We also work with leading global companies in traditional and generative AI, helping them navigate laws and anticipate how legislation may evolve as they bring new technologies to market. In addition, we help companies build trust and safety tools and policies that align with global standards for transparency, risk assessment, user notice, and content moderation.

We have worked with hundreds of clients to develop privacy programs that comply with global privacy laws. We are innovative in our approach and have launched various tools to help our clients build and manage their privacy and security programs, including the Privacy Starter Kit and Data Navigator. Learn more.

Our litigators represent and defend clients in class-action litigation related to privacy and security issues. We have defended privacy class actions across the country that cover the spectrum of claims—from alleged violations of federal and state privacy laws like the CCPA, Stored Communications Act (SCA), Wiretap Act, and Telephone Consumer Protection Act (TCPA), to more general claims involving consumers’ personal data, such as common law intrusion upon seclusion and violation of constitutional privacy rights.

Building on our extensive experience in wiretapping and other privacy-related claims, and years of experience representing the world’s largest technology companies, we have also emerged as the go-to firm for biometrics litigation. Using our successful defense of Google in its first biometrics class action, we have represented numerous companies in these cases. In addition to developing novel defenses, we regularly counsel clients on designing their products to mitigate risk in this area. Learn more.

We represent businesses from the largest multinationals to startups in some of the highest-profile privacy, data security, and consumer protection investigations and enforcement actions before the FTC, state attorneys general, and international data protection regulators. Our team, with experience as former officials of the FTC, state attorneys general offices, and other federal and state regulatory bodies, brings deep regulatory insight into representing clients through all phases of investigations, inquiries, negotiations, and litigation. Learn more.

Our data security and breach response team brings decades of experience in building robust security programs and effectively managing breach responses for clients across a wide range of sizes and industries. We provide practical experience and a deep understanding of data security in a business context to strengthen security documentation and training, minimize risks, and ensure compliance with evolving data protection regulations. We have successfully handled hundreds of data breaches and security incidents in the United States and globally, and we use our extensive experience to deliver an efficient, coordinated response to mitigate damages, manage communications with stakeholders, and navigate legal implications, helping to restore trust and maintain operational continuity. Learn more.

The firm’s premier online communications & free speech practice supports modern technology companies (including communications and storage providers, social media platforms, mobile app providers, online marketplaces, gaming companies, financial technology companies, and others) with the demands they receive from law enforcement, civil litigants, and others in the United States and abroad, seeking information about their customers—such as their online activity, private communications, location information, financial transactions, or other sensitive details. 

We help global technology leaders and emerging companies respond to, and where appropriate, object to and litigate, requests for their users’ data. Each year we help our clients handle thousands of matters concerning requests for user data and other legal processes from around the world. 

These matters run the gamut from helping clients establish policies and procedures for responding to legal process; negotiating with law enforcement officers and litigants over the validity or scope of legal process; and briefing and appearing in courts throughout the country every week on issues arising under the federal Stored Communications Act (SCA), Wiretap Act, Pen Register/Trap and Trace Statute, and All Writs Act; the First, Fourth, Fifth, and Sixth Amendments to the U.S. Constitution; the Foreign Intelligence Surveillance Act (FISA) and the FISA Amendments Act; and CalECPA and other state-specific laws.

In addition, our team regularly guides clients facing cross-border user data requests from governments, litigants, and intergovernmental agencies throughout the world, on matters raising complex issues involving conflicts of law, international comity, and international human rights. Our team has established relationships with lawyers and experts in more than 100 countries to assist our clients in responding to, objecting to, or litigating those requests. Our lawyers also actively represent clients who are participating in U.S. and international policy development regarding government and other requests for user information. Learn more.

Clients turn to us for assistance with complex commercial transactions in which data is a core part of the deal. Our team has deep experience drafting and negotiating data protection agreements and other commercial agreements and counseling clients on the impact of data protection provisions in these agreements, including insurance, indemnity, and liability clauses. We also have deep experience supporting M&A transactions for both buy-side and sell-side deals, which includes drafting privacy and security-related requests and disclosures, assessing potential compliance gaps and recommending mitigation measures, preparing privacy representations and disclosure schedules, and leading negotiations with counterparties on privacy and security issues. Learn more.