Photo of Lauren Kitces

Lauren Kitces is a member of our Data Privacy & Cybersecurity Practice, where she provides business-oriented privacy and cybersecurity advice to a wide range of clients, leveraging her in-house experience to provide mindful guidance. She has strong international experience, which she uses to help translate pre-existing international efforts into US regulatory compliance. Lauren enjoys the nuance and complexities that come with being in a field that is still evolving and forming both nationally and internationally.

Lauren utilizes her analytical thought-process and over 10 years of legal and industry experience to provide clients with sound analysis of multifaceted privacy matters. She has an ability to efficiently address and manage substantive and procedural issues. She has skillful knowledge of subject matter in several areas of privacy, including the California Consumer Privacy Act (CCPA,) General Data Protection Regulation (GDPR) and cross-border data transfers.

Lauren has advised on and facilitated CCPA compliance programs and all facets of CCPA remediation across a range of industries, including for ad-tech, financial services, technology, automotive and retail. She regularly drafts and advises on privacy materials, such as externally and internally-facing privacy notices, corporate policies and training materials.

Lauren also addresses complex matters related to Privacy Shield applications and compliance, leveraging her cross-border knowledge and experience to provide clients with a holistic and informed perspective.

View full website bio.

Even in instances of the parties agreeing on jurisdiction, federal courts still have an obligation to conclude that jurisdiction is proper before moving ahead with assessing the merits of a case. This possibility was vividly displayed in Figueroa v. Kronos Inc., 2020 U.S. Dist. LEXIS 131093 (N.D. Ill. Jul. 24, 2020).

In yet another

The Court of Justice of the European Union invalidated the EU-US Privacy Shield in a profound decision on July 16. They also reminded both companies and the Data Protection Authorities of their respective responsibilities to assess the ability for transfers made under the commonly used Standard Contractual Clauses (SCCs) to be done so consistent with

Since the January 2020 New York Times exposé on Clearview AI’s (“Clearview”) data gathering and use practices, there have been nine class action cases filed against the company and several related parties. These cases have been raised in several different jurisdictions, and allege violations of a variety of laws. The alleged violations are not consistent

Neither Consumer Privacy World nor the court really knows what happened in this BIPA class action because the Plaintiff’s complaint was so factually bare.  In Kloss v. Acuant, 2020 U.S. Dist. LEXIS 89411 (N.D. Ill. May 21, 2020), Ms. Kloss alleged that Acuant captured, collected, and stored her facial geometry without her consent