Debevoise Partners Publish Second Edition of the Privacy Law Answer Book

11 October 2017

The Cybersecurity & Data Privacy team at Debevoise & Plimpton LLP has authored the second edition of the Privacy Law Answer Book (Practising Law Institute, 2018), a user-friendly Q&A guide to the laws and regulations that govern how companies collect, use, store and transfer the personal information of their consumers and employees.

Edited by Debevoise partners Jeremy Feigelson, Jim Pastore and Jane Shvets, with contributions from other Debevoise partners and associates, the guide helps readers keep pace with the latest developments in data privacy. Topics for the 2018 edition include:

  • Privacy Policies: Private Actions. A case study examining a matter where users of an app alleged that the company used its app to upload users’ address book data from their phones without their consent.
  • State Regulation of Financial Privacy. A new cybersecurity regulation adopted by New York’s Department of Financial Services.
  • Mobile Privacy. In a 2017 Assurance of Discontinuance, New York’s attorney general has taken the position that where an app developer shares personally identifiable information (PII) with third parties, it must disclose in its privacy policy that PII is being transmitted to third parties.
  • Video Privacy Protection Act Enforcement. A case study examining a case in which plaintiffs alleged that the defendant violated the VPPA by offering a mobile app with video content that, every time a user viewed a video, automatically sent certain information to a third-party analytics service without the user’s consent.
  • Online Behavioral Advertising and Tracking. The Federal Trade Commission in 2017 published a report on cross-device tracking, offering recommendations for companies that collect data and/or advertise across multiple devices.
  • Standing in Privacy Cases. An assessment of how lower courts are interpreting the Supreme Court’s 2016 decision in Spokeo to either permit or preclude standing in privacy cases.
  • Global Privacy Laws. The upcoming effective date of the European Union’s General Data Protection Regulation (GDPR), Russia’s blocking of LinkedIn over data localization issues, and the implications of “Brexit” are a few of the latest developments in the global privacy landscape that are covered.

Debevoise’s Cybersecurity & Data Privacy practice is recognized for excellence in Cyber Law by The Legal 500 United States, which singles out the practice for its “thorough, client-friendly and very professionally managed team.” The practice works closely with clients to navigate their most critical privacy, data protection and data security issues. The cross-border, interdisciplinary team offers regulatory counseling, defends clients in government enforcement actions, litigates privacy-related class actions and other matters, and handles transactions where data privacy, data protection and data security issues arise.

The practice includes highly ranked civil litigators, transactional lawyers, white collar and enforcement attorneys and regulatory lawyers—including global co-chairs Luke Dembosky, the former highest-ranking official at the U.S. Department of Justice focused on cyber investigations and prosecutions, and Jeremy Feigelson, named a “Privacy MVP” by Law360 and a “Cybersecurity Trailblazer” by the National Law Journal; Jim Pastore, a former Assistant U.S. Attorney who helped to pioneer cybersecurity enforcement as a prosecutor; and Jane Shvets, a U.S.-trained international litigator based in the firm’s London office, who advises clients on UK, EU and cross-border privacy and cybersecurity matters. Information about the practice can be found at

Debevoise & Plimpton LLP is a premier law firm with market-leading practices, a global perspective and strong New York roots. We deliver effective solutions to our clients’ most important legal challenges, applying clear commercial judgment and a distinctively collaborative approach.