Shannon Yavorsky


San Francisco

Read full biography at

Shannon K. Yavorsky is a leading authority on United States (U.S.) and European data privacy and security issues. She is uniquely qualified in California, England and Wales and Ireland and helps clients navigate the increasingly complex global privacy and data security regulatory landscape.

Shannon Yavorsky is the head of Orrick's global Cyber, Privacy & Data Innovation Group. Shannon advises clients on a broad range of United States (U.S.) and European data privacy and cybersecurity issues, including emerging issues surrounding the California Privacy Rights Act (CPRA), the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR) and the e-Privacy Directive. She helps clients undertake comprehensive privacy and cybersecurity assessments worldwide, evaluates privacy and security risks in corporate transactions and drafts and negotiate data-related vendor and arrangement contracts. She also counsels clients on cross-border data transfers, data breaches and developing global privacy compliance programs. She has significant experience with model contract clauses, privacy policies, website terms and conditions, data processing agreements and privacy and security issues in corporate transactions.

In addition to the GDPR, CPRA and CCPA, Shannon advises on an array of privacy and security laws and regulations, including:

  • Controlling the Assault of Non-Solicited Pornography And Marketing Act (CAN-SPAM)
  • Electronic Communications Privacy Act (ECPA)
  • Fair Credit Reporting Act (FCRA)
  • Gramm–Leach–Bliley Act (GLBA)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Telephone Consumer Protection Act (TCPA)
  • State breach notification laws
  • Advertising and payment card processing self-regulatory frameworks

Shannon also has an active general consumer protection practice and counsels clients on interest-based advertising, sweepstakes and marketing promotions, retail sales and e-commerce platforms. Her clients are multinational clients across diverse industry sectors, with an emphasis on technology, financial services, retail, staffing, advertising, healthcare, and automotive.

Posts by: Shannon Yavorsky

Privacy Shield Sunk – SCCs Treading Water: What Can Companies Do to Keep Their Head Above Water

Today the European Court of Justice (CJEU) published its highly anticipated judgement in the case of Data Protection Commissioner Ireland v Facebook Ireland Limited, Maximillian Schrems, colloquially known as “Schrems 2.0”. There were three key elements to the decision: READ MORE

Schrems 2.0 – The Next Big Blow for EU-US Data Flows? – What to Expect on Thursday, July 16th

Whatever the outcome of Schrems 2.0, the key takeaway is, don’t panic.

Tomorrow, July 16, 2020, the European Court of Justice (CJEU) is expected to rule in the case of Data Protection Commissioner Ireland v Facebook Ireland Limited, Maximillian Schrems, colloquially known as “Schrems 2.0”.

The main ingredients haven’t changed much for this long-awaited sequel to the decision that invalidated the Safe Harbor regime in 2015: Austrian data protection activist Max Schrems, Facebook Ireland, Ltd, and another commonly used international personal data transfer mechanism on the chopping block for invalidation.

This time around the court is considering the validity of the Standard Contractual Clauses (SCC) adopted by the European Commission, which goes beyond EU-U.S. transfers and could affect most agreements governing data sharing between the EU and the rest of the world. Regardless of the outcome, tomorrow’s decision is going to have a profound impact on the way international data transfers are treated for years to come – but the key takeaway is not to panic. In this blog post, we have set out the three potential rulings open to the CJEU and what steps you can take to following such a ruling. READ MORE