David provides privacy and security guidance to technology-led companies, from start-ups to multinationals.
David drafts and negotiates data licenses and other commercial contracts in which privacy and security issues are a key concern. In addition, he regularly advises clients on privacy policies, website terms and conditions and data processing agreements. David also counsels clients on digital advertising, Internet law and consumer protection, with a particular focus on compliance with the California Consumer Privacy Act of 2018 (CCPA), the California Privacy Rights Act (CPRA), the EU General Data Protection Regulation (GDPR), restrictions on unfair and deceptive trade practices and app store privacy requirements. David helped develop Orrick’s CCPA Readiness Assessment Tool, which enables companies to test how ready they are to comply with the CCPA as a first step to constructing a strategic compliance roadmap.
Before joining Orrick, David was an associate at Ropes & Gray LLP and an adjunct professor at Harvard Law School, where he taught legal research, writing and analysis. David clerked for Justice Barbara Lenk of the Supreme Judicial Court of Massachusetts.
On January 21, 2019, the French data protection supervisory authority (“CNIL”) fined Google €50 million (approximately $57 million) for violating the European General Data Protection Regulation (“GDPR”). The fine penalizes Google for failing to comply with the GDPR’s transparency and notice requirements, and for failing to properly obtain consent from users for ads personalization. This is the largest GDPR fine imposed to date and the first action against a major global tech player. The CNIL’s decision sends an important message to companies that tough enforcement actions are not just a theoretical threat. Companies should look closer at data protection compliance and particularly work on their notices and consent forms. READ MORE