Vincent has more than 15 years of experience in privacy, data protection, information technology, and e-commerce law. Being admitted to practice law in California, New York and Germany, he advises businesses around the world on questions pertaining to U.S. and EU law as well as cross-border regulations and transactions. His privacy and data protection practice involves helping clients design, structure and implement comprehensive compliance programs and find innovative solutions regarding the processing of personally identifiable information and personal data using cutting-edge technology. Vincent also regularly advises clients on the privacy implications of their IT projects and agreements such as IT outsourcing, transition service agreements, licensing arrangements, cloud computing, the Internet of Things, infrastructure projects as well as terms and conditions governing e-commerce services.
Vincent focuses on U.S. and EU privacy and data protection compliance (CCPA, CAN-SPAM, COPPA, GDPR, ePrivacy law, etc.), IT transactions, e-commerce and related questions of commercial law.
- Advised clients on measures to be taken for compliance with the California Consumer Privacy Act and the pertaining Regulations implemented by the California Attorney General.
- Served as primary outside counsel for U.S. multinationals designing and implementing comprehensive GDPR compliance programs, including the lawfulness of data processing operations, the adoption of corrective action, the rights of affected individuals, and compliance with transparency and accountability requirements.
- Analyzed the lawfulness of the processing of personally identifiable information (PII) and personal data in the context of innovative products and services and advised on necessary changes and privacy by design on behalf of internet and technology companies.
- Routinely provided guidance to clients on legal consent and opt-out requirements (COPPA, TCPA, CAN-SPAM Act, CCPA, EU Directive 95/46/EC, GDPR, ePrivacy Directive, etc.). Drafted related notices, consent forms and online templates.
- Advised clients on the prerequisites of cross-border data transfers from the EU to non-EU jurisdictions, including EU Standard Contractual Clauses and subprocessing agreements, self-certification under the EU/US Privacy Shield framework, Binding Corporate Rules and respective consent mechanisms.
- Counseled clients on the extensive rights of affected individuals regarding the processing of their PII and personal data and the adjustments to their IT systems necessary to accommodate such rights. Prepared responses on behalf of clients to comprehensive data access and portability requests.
- Frequently provided privacy training to client audiences of all kinds such as legal departments, product development, marketing, vendor management, etc.
- Frequently drafted and revised corporate privacy notices and policies, records of processing activities as well as privacy and data protection impact assessments.
- Advised IT and similar vendors and service providers on the obligations under the GDPR specifically to processors handling personal data on behalf of their customers. Developed compliance frameworks tailored to their needs and helped them address questions of their prospective and actual customers regarding privacy compliance.
- Regularly counseled clients on reasonable data security measures and appropriate technical and organizational measures to be implemented in order to protect PII and personal data. Provided guidance on notification obligations and procedures in case of data breaches.
- Managed, drafted and negotiated privacy-related clauses and addenda to IT agreements, including IT outsourcing transactions, TSIs, software/hardware development, service and maintenance contracts, service level agreements, etc.