GDR 100 2024 profile: K&L Gates

K&L Gates’s expertise in data and tech work has recently seen it advise on matters as diverse as AI and machine learning projects’ impact on personal data retention and transparency and the implications of augmented reality make-up applications and smart fragrances. While the firm has some significant tech companies on board, the client base skews more heavily towards advising more traditional industries through digital transformation.
The data protection, privacy and security practice has multiple leaders, reflecting its wide geographic spread.
Claude-Étienne Armingaud in Paris, who is a dual-qualified French and New York lawyer, is a stand-out name: besides GDPR and privacy compliance, he also has extensive experience advising on tech transactions, for example relating to software, blockchain, connected cars and more. Other partners leading the practice are Cameron Abbott in Melbourne; Shannan Frisbie, Whitney McCollum, David Bateman and Carley Andrews in the firm’s Seattle headquarters; Bruce Heiman in Washington, DC; Limo Cherian in Chicago; Gina Bertolini and Leah Richardson in the Research Triangle Park office in North Carolina; and Sarah Turpin in London.

The K&L Gates practice’s senior ranks grew with the addition of San Francisco partner Michael Stortz, who was formerly at Akin Gump. Thomas Nietsch was promoted to the partnership in Berlin. The firm also hired counsel Veronica Muratori in Milan from Withersworldwide; Avril Love in Los Angeles from Tucker Ellis; and Ulrike Elteste in Frankfurt from Covington & Burling.

Client references

“K&L Gates has deep expertise and knowledge in this area and is always responsive. Advice is always timely and well-considered.”

“Collaboration with K&L Gates is always seamless. The team have deep knowledge of privacy laws and regulations, but they also understand the business impact of their advice. This sets them apart from other firms in the market.”

First publication: Lexology GDR100

Gateway to Privacy: Privacy Regulations Are Built on Hope – A Deep Dive Into India’s Digital Personal Data Protection Act

October 27th, 2023 | Posted by Claude-Etienne Armingaud in Non classé | Privacy | World - (0 Comments)

A bit of Jyn Erso to wrap up the week!

New episode of K&L Gates Gateway to Privacy is out, and this time with our first external guest — our dear friend Arya Tripathy joins us with Whitney McCollum and Camille Scarparo for a deep dive into India’s new data protection law, the Digital Personal Data Protection Bill, 2023.

What’s to know, what’s to expect? Listen and find out!

🇫🇷 OneTrust TrustWeek Paris: Charting GDPR – Navigating the EU and global data laws

Post-Brexit EU businesses have needed to rethink how they approach showing compliance with a host of regulations, managing international data transfers and building trust with data subjects. Having to comply with the GDPR, prepare for other data protection bills, all while continuing to comply with the EU-GDPR as well as a host of global regulations means businesses might look to certification as a common system for adequacy as a one-stop shop, when addressing the overlaps and more crucially closing the gaps on their privacy compliance programs.

Featured speakers:

Noshin Khan, Senior Compliance Counsel, Ethics Center of Excellence, OneTrust
Claude-Étienne Armingaud, Partner, K&L Gates

conference, data protection, europe, GDPR

UK Government Approves Adequacy of UK-US Data Bridge

October 4th, 2023 | Posted by Claude-Etienne Armingaud in Data Transfer | Europe | Privacy | World - (0 Comments)

The UK Government has laid adequacy regulations before Parliament that, once in force from 12 October 2023, will permit use of the UK – US “Data Bridge” as a safeguard for personal data transfers from the UK to the US under Article 44 UK GDPR.

The UK – US “Data Bridge,” AKA the UK Extension to the EU – US Data Privacy Framework (Framework), allows UK organisations to transfer personal data to organisations located in the United States that have self-certified their compliance with certain data protection principles and appear on the Data Privacy Framework List. This scheme, administered by the US Department of Commerce, provides a redress mechanism for data subjects in the European Union to enforce their rights under the EU General Data Protection Regulation, in relation to a participating US organisation’s compliance with the Framework, and to US national security agencies’ access to personal data. This new redress mechanism attempts to prevent a challenge to the Framework similar to the Schrems II case, which invalidated the Framework’s predecessor EU – US Privacy Shield. Despite this, the Framework has already been the subject of a short-lived case at the Court of Justice of the EU, and there may be more legal challenges.

Alongside the adequacy regulations, the UK government published an analysis of the US laws relating to US national security agencies’ access to the personal data of European data subjects. This analysis effectively completes the international data transfer risk assessment (TRA), which UK organisations have been required to carry out before transferring personal data to the US. It is likely that UK organisations relying on the other Article 44 UK GDPR safeguards, such as the International Data Transfer Agreement, may also rely on this analysis in place of completing a TRA.

First publication: K&L Gate Cyber Law Watch Blog in collaboration with Noirin McFadden

🇺🇸 Generative AI Legal, Policy and Ethical Considerations

In this webinar, our lawyers discuss generative artificial intelligence (AI). Fast paced growth in generative AI is changing the way we work and live. With such changes come complex issues and uncertainty. We will address the legal, policy and ethical risks, mitigation, and best practices to consider as you develop generative AI products and services, or use generative AI in the operation of your business.

With Annette Becker, Guillermo Christensen, Whitney McCollum, Jilie Rizzo, and Mark Wittow

If you were not able to join last Tuesday, you can watch the replay below:

Source: K&L Gates Hub

🇺🇸 Safeguarding the World’s Trust – The Privacy Collective

June 14th, 2023 | Posted by Claude-Etienne Armingaud in Conference | Europe | Privacy | World - (0 Comments)

Speakers:

Zelda Olentia, Senior Product Manager, RadarFirst
Claude-Étienne Armingaud, CIPP/E, Partner, Data Protection Privacy and Security Practice Group Coordinator, K&L Gates LLP

Air Date: Wednesday 14 June at 1 pm ET / 10 am PT. Replay on demand available here!

Description

Gartner predicts that by the end of 2024, 75% of the world’s population will have its personal data covered under modern privacy regulations. This exponential increase from only 10% global coverage in 2020 raises the stakes for global organizations. The challenge will be to ensure compliance, while safeguarding trust for an unprecedented volume of regulated data.

Join the upcoming live Q&A to learn what’s driving this expansion and how to prepare. You’ll hear from Zelda Olentia, Senior Product Manager at RadarFirst, and special guest, Claude-Etienne Armingaud who is a partner at K&L Gates LLP and a coordinator for the Firm’s Data Protection, Privacy, and Security practice group.

In this session we will cover:

→ What is driving the expansion of privacy regulation?

→ Where are we on this path towards 65% global coverage?

→ How do you scale privacy operations for international privacy laws quickly and effectively before year-end 2024?

Register Now >>

🇺🇸 IAPP DPI France – Codes of Conduct — GDPR’s Prodigal Son Finally Arriving?

Claude-Étienne Armingaud, CIPP/E, Partner, Data Protection Privacy and Security Practice Group Coordinator, K&L Gates

Gabriela Mercuri, Managing Director, SCOPE Europe

Jörn Wittmann, Director Privacy Legislative Strategy and Public Policy, Volkswagen AG

Codes of conduct overseen by accredited monitoring bodies are one of the breakthrough innovations introduced by EU General Data Protection Regulation. As part of its accountability framework, GDPR not only shifted the onus of demonstrative compliance, but also created the possibility for stakeholders to engage in co-regulatory practices. The goal was to allow the industry to support regulatory implementation by developing workable guidance to concretize the GDPR’s provisions. More flexible than other previously adopted compliance tools, CoCs generated high expectations, particularly in the wake of Schrems II, as a possible solution to address international data transfers and enable legal foreseeability. CoCs have not yet reached their full potential, with only a handful of national CoCs deployed and even less at the pan-European level. However, as the cloud ecosystem leads the way, this panel will explore the background of this sectoral success while highlighting CoC’s benefits, as well as their limitations.

What you will learn:

• How to understand the relevancy of CoCs in a post-GDPR, post-Schrems II era.

• What CoCs can bring to an ecosystem, as well as what they should not be pursued for.

• The future of international data transfers amid emerging data protection systems at global levels.

More information.

Gateway to Privacy – Our K&L Gates Data Protection Podcast

February 22nd, 2023 | Posted by Claude-Etienne Armingaud in Europe | Podcast | Privacy | World - (0 Comments)

This program provides timely updates, best practices, and emerging developments in today’s data protection, privacy, and security industry.

United Arab Emirates – Federal Decree-Law No.(45) of 2021 on Personal Data Protection

January 2nd, 2022 | Posted by Claude-Etienne Armingaud in Legislation | World - (0 Comments)

FEDERAL DECREE-LAW NO. (45) OF 2021 ON PERSONAL DATA PROTECTION

Read the full text.

(more…)

official text

🇺🇸 GDPR developments under focus on day one of PrivSec Global

On a first day packed with fascinating insight at PrivSec Global, experts explored lessons that enterprise organisations have learned from the first three years of the GDPR.