We counsel clients on the full alphabet soup of U.S. and international privacy laws. We frequently advise clients on compliance with laws such as the FTC Act, HIPAA, FCRA, GLBA, CAN-SPAM, COPPA, FERPA, VPPA, TCPA, BIPA, state breach notification laws and omnibus privacy legislation such as the EU’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and other emerging state privacy laws. More than a dozen states have enacted similar privacy laws, each with variations that create unique compliance challenges. Our team has extensive experience in global privacy law compliance and understands the complexities of state-specific consumer privacy laws. We assist clients in evaluating their data handling practices, ensuring compliance through updates to privacy policies, user interfaces, and vendor contracts, and we actively monitor and respond to regulatory changes, litigation, and enforcement actions to minimize risk and defend against privacy-related legal challenges.  

We are innovative in our approach and have launched various tools to help our clients build and manage their privacy and security programs, including the Privacy Starter Kit, and Data Navigator. 

Perkins Coie’s Privacy & Security practice litigates cutting-edge legal issues for some of the world’s leading technology companies. 

Our clients trust us with their sensitive and bet-the-company disputes, whether they are facing issues related to data collection, use, security, or disclosure or claims involving constitutional privacy, tort invasion of privacy, statutes with private rights of action, or consumer protection. 

Building on our knowledge in wiretapping and other privacy-related claims, and years of experience representing the world’s biggest technology companies, we have emerged as a go-to firm for biometrics litigation. Leveraging our successful defense of Google in its first biometrics class action, we have represented numerous companies in these cases. In addition to developing novel defenses, we regularly counsel clients on designing their products to mitigate risk in this area. 

We have also successfully defended privacy class actions for the world's most innovative companies and industry leaders. Companies that must coordinate defense of both regulatory and class action litigation from the same occurrence must observe different timelines and discovery requirements. Our litigators represent and defend clients in class action litigation related to privacy and security issues. We have defended privacy class actions across the country that cover the spectrum of claims—from alleged violations of federal and state privacy laws like the California Consumer Privacy Act (CCPA), Stored Communications Act (SCA), Wiretap Act, and Telephone Consumer Protection Act (TCPA), to more general claims involving consumers’ personal data, such as common law intrusion upon seclusion and violation of constitutional privacy rights. 

Our data security and breach response team advises clients on the development of robust security programs and effectively managing breach responses. We have successfully handled hundreds of matters related to data breaches and security incidents across the United States and globally, and provide strategic guidance to strengthen preventative measures, minimize risks, and ensure compliance with evolving data protection regulations. Additionally, in the event of a security breach, we offer immediate, coordinated response services to mitigate damages, manage communication with stakeholders, and navigate legal implications, helping to restore trust and maintain operational continuity.

Our team helps you manage state privacy law compliance and provide defense in related litigation. We specialize in guiding clients through state-specific privacy regulations, ensuring thorough compliance through strategic policy updates, user interface modifications, and revisions to vendor contracts. Our team not only assists clients in developing comprehensive data maps and inventory systems to meticulously manage personal information, but also provides comprehensive counsel on securing, retaining, and properly disposing of data. Moreover, we are vigilant in monitoring regulatory changes, rulemaking, and enforcement trends, enabling us to effectively defend our clients in privacy-related enforcement actions and private litigation, while minimizing legal risks. 

Companies subject to the GDPR are required to institutionalize privacy, and the way they ensure and demonstrate compliance will be scrutinized. The GDPR provides explicit requirements for the type of notice companies must provide to EU data subjects before processing their personal data. It also grants data subjects broad rights regarding the treatment of their personal data, including the right to be forgotten, the right to access and correct data, the right to restrict certain processing, and the right to object to automated decision-making processes, among others.  

Data controllers and processors and other companies doing business in the EU must have clear guidance to meet GDPR requirements. Our lawyers act as global strategic quarterbacks for many clients, making the most of our deep understanding of GDPR requirements and our ability to keep their businesses compliant. 

We work closely with companies as they address the issues posed by the advertising technology ecosystem. Companies marketing to consumers rely on our lawyers to help them comply with legal requirements, self-regulatory rules adopted by industry bodies, and best practices. We represent companies in actions asserting violations of consumer protection laws and counsel them on establishing marketing programs and campaigns to minimize risk of claims under those laws. Our knowledge spans such regulations as the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM), Telephone Consumer Protection Act (TCPA), wiretapping laws, and email marketing laws.  

Our clients, including advertisers, publishers, and ad tech and communications providers, rely on our knowledge and relationships with self-regulatory groups such as the Network Advertising Initiative to help address a range of ad tech challenges. We assist them in drafting meaningful and accurate disclosures of ad tech practices. Additionally, we foster an understanding of how, and under what circumstances, to offer choices with respect to data collection and use practices, as well as how to respond to any such choices, including those communicated via global privacy controls and do-not-track signals.  

The firm’s premier Electronic Communications Privacy Act (ECPA) practice helps global technology leaders and rising startups respond to, and where appropriate, object to and litigate, requests for user data. Our lawyers counsel on and litigate cutting-edge issues at the intersection of user privacy and online communications, governmental surveillance and criminal investigations, and free speech and expression. 

Clients turn to us for assistance with complex commercial transactions in which data is a core part of the deal. Our team drafts and negotiates data protection agreements and other commercial agreements and counsels clients on the impact of data protection provisions in these agreements, including insurance, indemnity, and liability clauses. We also support mergers and acquisitions transactions for both buy-side and sell-side deals, which includes drafting privacy and security-related requests and disclosures, assessing potential compliance gaps and recommending mitigation measures, preparing privacy representations and disclosure schedules, and leading negotiations with counterparties on privacy and security issues. 

The European Union’s Digital Services Act builds on the e-Commerce Directive and regulates the obligations of digital services that act as online intermediaries connecting consumers with third-party goods, services, or content. It contains notice-and-takedown requirements related to government orders, as well as novel and extensive obligations related to global content moderation, advertising, data access, and product design practices. The DSA is complemented by the Digital Markets Act, which tackles economic concerns related to large online platforms that control access to digital markets for other businesses. 

We counsel companies doing business in the European Union to help them develop tailored DSA compliance strategies informed by business priorities and operational constraints. We partner with clients to identify gaps in compliance with the DSA and industry best practices; provide recommendations to remediate those gaps; and design and implement enhanced practices, policies, and products that comply with the DSA. 

With a team bolstered by former in-house, government, and United Nations (UN) lawyers—as well as world-class privacy, data security, and litigation lawyers—we ably counsel clients regarding all aspects of the DSA. 

Perkins Coie’s Digital Safety & Human Rights lawyers serve as trusted advisors for online intermediaries subject to the proliferation of obligations and liability risks in this space. In addition to regulatory counseling, our lawyers have extensive experience advising on the safety and privacy dimensions of policy and product development. Our counsel to online service providers includes all aspects of their child safety, privacy, and anti-child exploitation programs. We also provide guidance in regulatory investigations and litigation. We counsel clients on their obligations and disputes arising under online safety laws around the world. Advising on a broad range of human rights concerns, we assist clients on transactional, risk management, due diligence, litigation, and compliance matters that affect environmental, social, and governance (ESG) factors.