David's practice focuses on serving as go-to outside compliance and litigation counsel to technology-focused, data-driven companies. He provides strategic guidance to companies on the full range of regulatory, product, and risk management issues that impact the collection, use, and sharing of personal data. David also defends complex privacy and technology class action disputes, with a track record of defeating class claims at the initial pleading stage of litigation.
Class Action Defense
David represents companies in high-stakes, high-exposure privacy and technology class action litigation, with deep experience in defending claims alleging noncompliance with the Electronic Communications Privacy Act (ECPA), California Invasion of Privacy Act (CIPA), and similar state wiretapping laws; Video Privacy Protection Act (VPPA); Telephone Consumer Protection Act (TCPA); Illinois Biometric Information Privacy Act (BIPA); and California Consumer Privacy Act (CCPA), among others.
He possesses an intricate, comprehensive understanding of the core strategies on which plaintiffs' attorneys commonly rely in privacy and technology class actions, the range of potential defenses that may be available to defeat or limit these claims, and what arguments to expect from plaintiffs in their attempts to oppose dismissal of these types of high-exposure lawsuits. Drawing upon this knowledge, David is adept at formulating innovative, winning litigation strategies that effectively posture privacy and technology class actions for dispositive dismissals or, alternatively, negotiated settlements on favorable terms to his clients.
His command of the complexities of cutting-edge technologies and associated data flows, the nuances of class action procedure and strategy, and the rapidly changing nature of the law in this space – combined with the innovative and creative approaches he brings to every dispute – enables David to consistently produce exemplary results and outcomes when companies need it the most and makes him a go-to litigator for high-stakes privacy and technology class action litigation matters.
As David's representative matters show, he excels not just at defending privacy and technology class actions but also at achieving decisive victories in these suits – often at the very outset of litigation. And when necessary, David effectively litigates class actions from start to finish in a manner that positions clients for favorable outcomes, whether through dismissal on summary judgment, or client-favorable individual or class settlements.
Compliance
David provides strategic guidance to companies across all industries – including technology, automotive, retail, financial services, and professional sports, among others – on the full range of legal, regulatory, and risk management issues that arise at the intersection of technology, business, and the law. He excels in helping companies navigate the complexities and nuances of today's growing global patchwork of consumer privacy, consumer protection, marketing and advertising, biometrics, children's and student privacy, and similar laws and regulations, while also managing associated risks.
David provides guidance and advice to companies on the use of web analytics tools and online/mobile tracking technologies; processing of precise location data and other types of sensitive data; targeted advertising; data monetization; profiling and automated decision-making; and other practices that seek to leverage personal data in commercial operations. In particular, David advises companies on practical strategies for achieving and maintaining compliance with the ECPA, CIPA and similar state wiretapping laws, VPPA, and TCPA, and similar state marketing laws.
He frequently partners with companies to operationalize compliance through the development and implementation of bespoke, enterprise-wide privacy programs. David conducts compliance audits, gap assessments, and risk analyses of current organizational privacy compliance programs to identify, address, and remediate compliance gaps, and he advises on strategic measures to manage and minimize associated legal risk and potential liability exposure. In this role, David also regularly:
- Advises on profiling and sensitive data processing activities and how to apply new opt-in and opt-out rights to those activities.
- Develops privacy policies, notices, consents, data retention guidelines and schedules, and online terms and conditions (and similar online agreements).
- Develops clickwraps and other online mechanisms for supplying notice, obtaining consent, and ensuring the enforceability of online agreements.
- Assists companies in conducting due diligence and managing vendors and other data recipients.
- Drafts, reviews, and revises service provider agreements to address privacy-critical issues.
- Advises companies with operations spanning multiple jurisdictions on how to address and satisfy vague and oftentimes conflicting compliance obligations.
- Advises on privacy legislation that could potentially impact companies' future legal and regulatory compliance obligations.
Transactions
David represents and advises companies involved in transactions relating to the collection, use, and sharing of personal data. In this role, he drafts and negotiates multiparty contracts for companies involved in technology deals, including software license agreements; end user license agreements (EULAs); software as a service (SaaS), platform as a service (PaaS), and other cloud service agreements; data processing addenda (DPAs); and negotiation playbooks. He also drafts and negotiates ancillary technology-related agreements, such as data sharing agreements, confidentiality and nondisclosure agreements, and media releases. In addition, David advises companies on key legal and commercial issues that arise in complex technology transactions.
Thought Leader
David is a recognized thought leader in the privacy and technology space, including as a recipient of JD Supra's Readers' Choice Award for his writing on privacy and technology matters. He is also the author of LexisNexis's Biometric Data Privacy Compliance & Best Practices – a full-length, comprehensive compendium on biometrics law.