Colin Hinds

Managing Associate

London


Read full biography at www.orrick.com

Colin is a Managing Associate in our Cyber, Privacy and Data Innovation practice, based in London.

Working with clients particularly in the technology and data-rich sectors, Colin advises on data privacy and cybersecurity matters including cross-border transfers; data breach, cyber-incident response and regulatory investigations; privacy impact assessments and audits; global compliance strategies; and data governance matters.

In particular, Colin regularly advises clients with their commercial activities which involve utilizing and exploiting data, and personal data, on a large scale. This includes drafting and negotiating agreements, including data processing and data sharing agreements and identifying and advising on legal and regulatory risks.

Colin helps clients address their privacy and consumer protection obligations as they relate to direct marketing activities, profiling, online behavioural advertising and the use of cookies and similar technologies.

Colin also has experience in M&A and capital markets transactions, assisting deal teams by advising on privacy, data protection and other deal-related requirements.

Prior to joining Orrick, Colin worked for a U.S. regulatory consulting firm, supporting clients with regulatory issues relating to data privacy, cybersecurity and antifraud.

Posts by: Colin Hinds

Google to Pay $57 Million for GDPR Violations

 

On January 21, 2019, the French data protection supervisory authority (“CNIL”) fined Google €50 million (approximately $57 million) for violating the European General Data Protection Regulation (“GDPR”). The fine penalizes Google for failing to comply with the GDPR’s transparency and notice requirements, and for failing to properly obtain consent from users for ads personalization. This is the largest GDPR fine imposed to date and the first action against a major global tech player. The CNIL’s decision sends an important message to companies that tough enforcement actions are not just a theoretical threat. Companies should look closer at data protection compliance and particularly work on their notices and consent forms. READ MORE

EU Proposes Overhaul to Privacy and Electronic Communications

NIS Directive

January 10, 2017 marked another important step towards reform of the EU data protection framework, with the release of the EU Commission’s proposals for a new Regulation governing privacy and electronic communications.

The draft Regulation, which goes beyond the scope of the current e-Privacy Directive in significant ways, would apply directly without the need for Member States to implement local law in the same way as the General Data Protection Regulation (“GDPR”). Like the e-Privacy Directive, the Regulation sets out rules on, among others, the use and confidentiality of electronic communications and metadata, use of cookies and direct marketing by electronic means.

The main aims of the draft Regulation are to update the ePrivacy Directive to reflect new technologies and to better align it with GDPR. In addition to taking effect on the same day as the GDPR (25th May, 2018), penalties for non-compliance envisaged by the draft Regulation are the same as the GDPR, (i.e. potentially fines of €20m or 4% of annual global turnover, whichever is higher).

READ MORE