Jarno Vanto (CIPP/E, CIPP/US) is a partner in the Privacy & Cybersecurity Group in Crowell & Moring’s New York office. With an extensive understanding of the complex international regulatory environment and cross-industry technologies, he provides a differentiated global perspective to clients on personal information privacy, cybersecurity, technology transactions, and corporate matters.
With a keen understanding of client risk level and risk tolerance, he partners with clients to help them achieve their business goals and provides a range of legal services, including privacy and cybersecurity compliance counseling, complex cross-border and domestic technology and data transactions, data and software licensing, other technology and data transfer agreements, as well as regulatory investigations involving personal information. Jarno frequently serves as counsel for foreign technology companies on the legal issues they encounter in the U.S. market, advising on their U.S. corporate presence and acting as outside general counsel. Additionally, he counsels cross-industry clients on global privacy and cybersecurity compliance programs for companies ranging from advertising to health technology to industrial machinery, as well as corporate restructuring for venture finance and IP management purposes.
Jarno has advised companies ranging from venture-backed startups to Fortune 50 companies on their compliance with personal information and information security laws such as the EU General Data Protection Regulation, the California Consumer Privacy Act, and emerging state laws. He provides privacy compliance counseling to companies that provide software-as-a-service, data-as-a-service, automotive and connected vehicle technologies, mobile applications, location-based technologies, financial services, server technologies, HR services, and health care technologies. Additionally, Jarno holds CIPP/E and CIPP/US information privacy professional certifications and has received a legal certification to evaluate information technology products and services with the intent of awarding companies with the EuroPrise European Privacy Seal.
He is fluent in Finnish, Swedish, and German. He has a working knowledge of Dutch.
Prior to joining the firm, he was a partner in the New York office of another AmLaw 100 firm.
Representative Matters
Privacy and Cybersecurity
- Advised an HR-services vendor on the use of software-generated data for purposes of COVID-19 tracking and tracing tools for its customers.
- Advised a data aggregator on the use of aggregated location data for purposes of COVID-19-related restriction measure compliance monitoring.
- Advised a mobile app developer on compliance issues related to developing a COVID-19 tracking and tracing app and an associated data platform.
- Advised an industrial conglomerate on privacy and labor & employment issues relating to deploying a COVID-19 tracking and tracing app, related vendor agreements.
- Advised a hospital system on COVID-19 contact tracking and tracing application development.
- Advised an online health information vendor on COVID-19-related product privacy issues.
- Advised a provider-focused health information platform on COVID-19-related aggregate diagnostics data.
- Advised a location technology company on their GDPR and CCPA compliance.
- Advised a mobile advertising platform on their CCPA compliance.
- Advised a clinical trial technology platform on their global privacy compliance.
- Advised a field service management software company on their GDPR compliance.
- Advised a mobile gaming company on their GDPR and CCPA compliance.
- Advised a sensor technology company on GDPR compliance.
- Advised a mobile advertising technology company on consent management platform development.
- Advised a game streaming platform on privacy compliance.
- Advised a fashion online retail technology company on GDPR and CCPA compliance.
- Advised a product data platform company on GDPR compliance.
- Advised an online and mobile fraud detection platform on GDPR and CCPA compliance.
- Advised a globally operating fabric materials company on international transfers of personal data.
- Advised a globally operating industrial conglomerate on international transfers of personal data.
- Advised a location technology company on building a global privacy program.
- Advised a health care app provider on HIPAA compliance.
- Advised a communications app developer on privacy.
- Advised an international mobile gaming company on international transfers of personal data.
- Performed privacy due diligence of target companies for a European venture capital fund.
Technology Transactions
- Advised an advertising technology company on demand and supply side data licensing agreements, SDK licensing and development.
- Advised an industrial equipment manufacturer on machine-generated data rights and licensing.
- Advised a sensor technology manufacturer on data rights and licensing.
- Advised a global vehicle manufacturer on connected vehicle data rights and licensing.
- Advised an indoor positioning company in its licensing and Platform-as-a-Service deals with Yahoo! Japan and a Korean technology conglomerate.
- Advised a location data platform vendor on their Platform-as-a-Service agreement with a large European telecom.
- Advised tens of companies on mobile app and website terms of use and privacy policies.
- Advised an education technology platform on licensing and distribution agreements.
- Advised a restaurant management platform on its master services agreement.
- Advised an education media platform on service terms and conditions.
Corporate and Transactional
- Acted as U.S. outside general counsel for manufacturers of non-woven fabrics, paper board, and wood products.
- Advised a medical technology company on their Asian manufacturing agreements.
- Acted as U.S. outside general counsel for a manufacturer of office meeting pods and phone booths.
- Advised a mobile free-to-play social casino app developer in its $4 million Series A round of financing from Korea Investment Partners.
- Advised a communications app developer on privacy and Series Seed and Series A financing.
- Advised tens of foreign technology companies on structuring their U.S. presence.
- Advised a Finland-based online retailer in their acquisition of a U.S. company’s assets.
- Advised a human resources analytics startup in entity formation and SAFE note financing.
- Represented a European venture capital fund in their seed-stage investment in a U.S. entity.
- Advised a U.S. and Norway-based technology company in its $5 million Series A financing.
- Advised a Korean entertainment company in its $4.5 million Series Seed investment in a Finnish e-sports company.
Affiliations
Admitted to practice: New York
Speeches & Presentations
-
"Global Cross-Border Data Transfers (Part 3)," Crowell & Moring Webinar
(April 15, 2021).
Presenters: Ambassador Robert Holleyman, Jarno Vanto, Maarten Stassen, and Laurence Winston.
-
"Global Cross-Border Data Transfers (Part 2)," Crowell & Moring Webinar
(December 3, 2020).
Presenters: Kate M. Growley, Ambassador Robert Holleyman, Maarten Stassen, Jarno Vanto, Robert Clifton Burns and Zhiwei Chen.
-
"Return Ready Virtual Summit: Data Protection in the Covid-19 era," Proxyclick Webinar, Brussels, Belgium
(September 29, 2020).
Speakers: Frederik Van Remoortel, Jarno Vanto, and Stefanie Tack.
-
"Global Cross-Border Data Transfers (Part 1)," Crowell & Moring Webinar
(September 16, 2020).
Moderator: Kristin J. Madigan; Presenters: Ambassador Robert Holleyman, Maarten Stassen, Jarno Vanto, and Laurence Winston.
-
"GDPR, CCPA, and other Hot Topics in Data Privacy," Silicon Legal Strategy, Santa Monica, CA
(November 12, 2019).
Presenters: Jeffrey L. Poston, Paul M. Rosen, Maarten Stassen, Jarno Vanto, and Heidi Waem.
-
"GDPR, CCPA, and other Hot Topics in Data Privacy," Silicon Legal Strategy, San Francisco, CA
(November 11, 2019).
Presenters: Jeffrey L. Poston, Maarten Stassen, Jarno Vanto, Kristin J. Madigan, and Heidi Waem.
Publications
Client Alerts & Newsletters
-
"Recent Cyber Incidents Likely to Expose Lacking Substance in Risk Assessments and Self-Certifications,"
Privacy Law Alert
(March 11, 2021).
Contacts: Jarno Vanto, CIPP/E, CIPP/US, Jacob Canter
-
"Virginia Consumer Data Protection Act (S.B. 1392),"
Privacy Law Alert
(March 3, 2021).
Contacts: Kate M. Growley, CIPP/G, CIPP/US, Jeffrey L. Poston, Jarno Vanto, CIPP/E, CIPP/US, Evan D. Wolff, Maida Oringher Lerner
-
"Data Transfers from the EU: What Does "Good" Look Like?,"
Privacy Law Alert
(November 17, 2020).
Contacts: Maarten Stassen, Jeffrey L. Poston, Robert Holleyman, Jeane A. Thomas, CIPP/E, Frederik Van Remoortel, Jarno Vanto, CIPP/E, CIPP/US, Laurence Winston
-
"CCPA 2.0? California Adopts Sweeping New Data Privacy Protections,"
Privacy Law Alert
(November 6, 2020).
Contacts: Kristin J. Madigan, CIPP/US, Jeffrey L. Poston, Paul M. Rosen, Jarno Vanto, CIPP/E, CIPP/US
-
"California Approves Final CCPA Regulations,"
Privacy Law Alert
(August 17, 2020).
Contacts: Kristin J. Madigan, CIPP/US, Jeffrey L. Poston, Paul M. Rosen, Jarno Vanto, CIPP/E, CIPP/US, Maida Oringher Lerner
-
"Privacy Shield Invalidated: EU Data Transfers to the U.S. under Siege (again…),"
Privacy Law Alert
(July 16, 2020).
Contacts: Robert Holleyman, Jeffrey L. Poston, Maarten Stassen, Jeane A. Thomas, CIPP/E, Frederik Van Remoortel, Jarno Vanto, CIPP/E, CIPP/US, Laurence Winston
-
"Mobile Applications For COVID Tracking & Tracing – Balancing the Need for Personal Information and Privacy Rights in the Time of Coronavirus,"
Privacy Law Alert
(April 15, 2020).
Contacts: Kristin J. Madigan, CIPP/US, Jeffrey L. Poston, Jarno Vanto, CIPP/E, CIPP/US, Evan D. Wolff, Brandon C. Ge, Matthew B. Welling, Michael G. Gruden, CIPP/G
-
"CCPA Enforcement on Track for July 1, 2020: Breaking Down the Latest Revisions to CCPA Proposed Regulations,"
Privacy Law Alert
(April 1, 2020).
Contacts: Jeffrey L. Poston, Kate M. Growley, CIPP/G, CIPP/US, Paul M. Rosen, Kristin J. Madigan, CIPP/US, Jarno Vanto, CIPP/E, CIPP/US
-
"March 21, 2020 Deadline Approaches for Businesses to Comply with New York Data Privacy Act Safeguards,"
Labor & Employment Law Alert - US
(March 11, 2020).
Contacts: Jarno Vanto, CIPP/E, CIPP/US, Eric Su, Ira M. Saxe, Jillian Ambrose
-
"California Attorney General Releases Proposed Updates to CCPA Regulations,"
Privacy Law Alert
(February 11, 2020).
Contacts: Kristin J. Madigan, CIPP/US, Jeffrey L. Poston, Paul M. Rosen, Jarno Vanto, CIPP/E, CIPP/US
-
"California’s Landmark Privacy Law Now in Effect,"
Privacy Law Alert
(January 13, 2020).
Contacts: Jeffrey L. Poston, Paul M. Rosen, Kristin J. Madigan, CIPP/US, Jarno Vanto, CIPP/E, CIPP/US, Brandon C. Ge
-
"The European Commission’s Standard Contractual Clauses: Good News from the Advocate General, but We’re Not Out of the Woods,"
Privacy Law Alert
(January 8, 2020).
Contacts: Jeffrey L. Poston, Maarten Stassen, Frederik Van Remoortel, Jarno Vanto, CIPP/E, CIPP/US
-
"UPDATE: California Governor Signs CCPA, Data Breach Amendments,"
Privacy Law Alert
(October 17, 2019).
Contacts: Kristin J. Madigan, CIPP/US, Paul M. Rosen, Jarno Vanto, CIPP/E, CIPP/US
-
"Proposed CCPA Regulations from California Attorney General Just Issued: Part I – An Analysis of Required Consumer Notice,"
Privacy Law Alert
(October 15, 2019).
Contacts: Kristin J. Madigan, CIPP/US, Jeffrey L. Poston, Paul M. Rosen, Jarno Vanto, CIPP/E, CIPP/US
-
"New York Enacts the SHIELD Act,"
Privacy Law Alert
(August 20, 2019).
Contacts: Kate M. Growley, CIPP/G, CIPP/US, Jarno Vanto, CIPP/E, CIPP/US, Evan D. Wolff, Brandon C. Ge
-
"The Swedish Data Protection Authority Investigates the Right to Access Under the GDPR,"
Privacy Law Alert
(June 18, 2019).
Contacts: Maarten Stassen, Jarno Vanto, CIPP/E, CIPP/US
Media Mentions
-
Data Vendors Used To Have 'Unlimited Liability' For Breaches—But Not Anymore
April 30, 2021 — LegalTech News
-
5 Issues To Watch As Data Privacy Laws Sweep The U.S.
April 22, 2021 — Property Casualty 360
-
Clients See ALSPs As More Efficient. Law Firms See A ‘Frustrating’ Perception Problem
April 7, 2021 — Legaltech News
-
The Time To Hire Privacy Experts Was Yesterday
March 11, 2021 — Law.com
-
Privacy Compliance Is No Longer 'California Or Not California' With New Legislation Coming
February 24, 2021 — Law.com
-
Another Cyber Incident Headache: Forensic Breach Reports Can Be Discoverable
February 10, 2021 — Legaltech News
-
SolarWinds Hack Won't Hurt In-House's Prospects With Regulators—But Won't Help Either
January 21, 2021 — Corporate Counsel
-
Vendor Contracts Poised To Become 'Work Of Art' As Cybersecurity Dangers Grow
December 2, 2020 — Corporate Counsel
-
Post-Election Headache? Legal Departments on Possible Collision Course With Data Portability
November 12, 2020 — Corporate Counsel
-
This Is How Working In Silicon Valley During Korona: The Office Can Only Be Accessed On Request, Applications Follow The Movements Of Employees
October 11, 2020 — Helsingin Sanomat
-
Do Employers Need-Or Just Want-Extended CCPA Exemptions?
September 9, 2020 — Legaltech News
-
Privacy Shield Replacement Likely, But Not Long For This World
August 18, 2020 — Legaltech News
-
CCPA Wants To Know Value Of Consumer Data. So Do Businesses
June 30, 2020 — Legaltech News
-
As Traditional Firms Pull Back, Virtual Firms' Opportunities Could Be Growing
April 17, 2020 — Legaltech News
-
At Firms, In-Person Networking Still Trumps Tech In Assigning Legal Work
March 30, 2020 — Legaltech News
-
The Millennial March Into Leadership Positions May Already Be Changing Firms
March 19, 2020 — Legaltech News
-
Impending SCOTUS Trademark Decision Could Have Far-Reaching Cybersecurity Repercussions
February 25, 2020 — Legaltech News
-
No Turning Back: New Facial Recognition Database May Force Legal Reckoning
January 24, 2020 — Legaltech News
-
Why Is The Justice Department Knocking Harder At Apple's Backdoor?
January 22, 2020 — Legaltech
-
Lawmakers Finally Took Data Privacy Seriously-2019 Regulatory Roundup
January 12, 2020 — Cointelegraph
-
White House Al Guidelines Could Prove More Helpful For Developers Than Regulators
January 10, 2020 — Legaltech News
-
Is Singapore's Fake News Law A Global Headache For Facebook?
December 5, 2019 — Legaltech News
-
5 Harsh Truths About Ransomware Attacks
December 2, 2019 — Legaltech News
-
Courts Are Getting Geofenced In By Location Data Quandaries
November 26, 2019 — Legaltech News
-
Another Sign That Companies Aren't Ready For CCPA Yet: Data Privacy Trends
November 20, 2019 — CloudNine
-
CCPA Uncertainty May Put Cloud Agreements Up In The Air
November 18, 2019 — Legaltech News
-
Unfettered Employee Tracking May Be Approaching Its Twilight
October 21, 2019 — Legaltech News
-
Facing Legislation, Tech Companies Are Rolling the Dice with Self-Regulation
September 27, 2019 — ALM LegalTech News
-
Crowell Hires Tax Partner, Ex-DOJ Litigator From Covington
September 18, 2019 — Bloomberg Law
-
Is The GDPR Creating A Cat-And-Mouse Game Between Advertisers And Regulators?
September 11, 2019 — ALM LegalTech News
-
Will Social Media Platforms Get A Friend Request From The FCC?
August 21, 2019 — ALM LegalTech News
-
4 Signs The U.S. Government Is Becoming More Aggressive With Cybersecurity
July 31, 2019 — Legaltech News
-
Cyberattacks Increasing, Cities Push Risky Strategy Saying No To Hackers
July 17, 2019 — Legaltech News
-
States' Internet Privacy Fight With FCC Grows, With No End In Sight
June 12, 2019 — LegalTech News
-
Tech Companies Unite Against UK's Proposed Alternative To Encryption Backdoors
June 4, 2019 — LegalTech News
-
Mueller Report Keeps The Backdoor Encryption Debate Spinning
April 22, 2019 — Legaltech News
Firm News & Announcements