David Curtis is a member of Orrick's nationally-recognized Cyber, Privacy & Data Innovation practice.
David’s practice focuses on data
privacy, cybersecurity, digital advertising, Internet law and consumer
protection. David advises clients on data collection, storage, use, licensing
and transfer issues. He also provides guidance on issues relating to unfair and
deceptive trade practices, the Fair Credit Reporting Act (FCRA), the
Gramm-Leach-Bliley Act (GLBA), the California Consumer Privacy Act of 2018
(CCPA) and other state and federal laws and self-regulatory frameworks. In
addition, David has experience evaluating the applicability of European data
protection requirements, including the General Data Protection Regulation (GDPR),
to U.S. companies.
Before joining Orrick, David was an
associate at Ropes & Gray LLP and an adjunct professor at Harvard Law
School, where he taught legal research, writing and analysis. David clerked for
Justice Barbara Lenk of the Supreme Judicial Court of Massachusetts.
On January 21, 2019, the French data protection supervisory authority (“CNIL”) fined Google €50 million (approximately $57 million) for violating the European General Data Protection Regulation (“GDPR”). The fine penalizes Google for failing to comply with the GDPR’s transparency and notice requirements, and for failing to properly obtain consent from users for ads personalization. This is the largest GDPR fine imposed to date and the first action against a major global tech player. The CNIL’s decision sends an important message to companies that tough enforcement actions are not just a theoretical threat. Companies should look closer at data protection compliance and particularly work on their notices and consent forms. READ MORE