Jarno Vanto, CIPP/E, CIPP/US

Partner

New York

jvanto@crowell.com
Phone: +1 212.803.4025
590 Madison Avenue
20th Floor
New York, NY 10022

Jarno Vanto (CIPP/E, CIPP/US) is a partner in the Privacy & Cybersecurity Group in Crowell & Moring’s New York office. With an extensive understanding of the complex international regulatory environment and cross-industry technologies, he provides a differentiated global perspective to clients on personal information privacy, cybersecurity, technology transactions, and corporate matters.

With a keen understanding of client risk level and risk tolerance, he partners with clients to help them achieve their business goals and provides a range of legal services, including privacy and cybersecurity compliance counseling, complex cross-border and domestic technology and data transactions, data and software licensing, other technology and data transfer agreements, as well as regulatory investigations involving personal information. Jarno frequently serves as counsel for foreign technology companies on the legal issues they encounter in the U.S. market, advising on their U.S. corporate presence and acting as outside general counsel. Additionally, he counsels cross-industry clients on global privacy and cybersecurity compliance programs for companies ranging from advertising to health technology to industrial machinery, as well as corporate restructuring for venture finance and IP management purposes.

Jarno has advised companies ranging from venture-backed startups to Fortune 50 companies on their compliance with personal information and information security laws such as the EU General Data Protection Regulation, the California Consumer Privacy Act, and emerging state laws. He provides privacy compliance counseling to companies that provide software-as-a-service, data-as-a-service, automotive and connected vehicle technologies, mobile applications, location-based technologies, financial services, server technologies, HR services, and health care technologies. Additionally, Jarno holds CIPP/E and CIPP/US information privacy professional certifications and has received a legal certification to evaluate information technology products and services with the intent of awarding companies with the EuroPrise European Privacy Seal.

He is fluent in Finnish, Swedish, and German. He has a working knowledge of Dutch.

Prior to joining the firm, he was a partner in the New York office of another AmLaw 100 firm.

Representative Matters

Privacy and Cybersecurity

Advised an HR-services vendor on the use of software-generated data for purposes of COVID-19 tracking and tracing tools for its customers.
Advised a data aggregator on the use of aggregated location data for purposes of COVID-19-related restriction measure compliance monitoring.
Advised a mobile app developer on compliance issues related to developing a COVID-19 tracking and tracing app and an associated data platform.
Advised an industrial conglomerate on privacy and labor & employment issues relating to deploying a COVID-19 tracking and tracing app, related vendor agreements.
Advised a hospital system on COVID-19 contact tracking and tracing application development.
Advised an online health information vendor on COVID-19-related product privacy issues.
Advised a provider-focused health information platform on COVID-19-related aggregate diagnostics data.
Advised a location technology company on their GDPR and CCPA compliance.
Advised a mobile advertising platform on their CCPA compliance.
Advised a clinical trial technology platform on their global privacy compliance.
Advised a field service management software company on their GDPR compliance.
Advised a mobile gaming company on their GDPR and CCPA compliance.
Advised a sensor technology company on GDPR compliance.
Advised a mobile advertising technology company on consent management platform development.
Advised a game streaming platform on privacy compliance.
Advised a fashion online retail technology company on GDPR and CCPA compliance.
Advised a product data platform company on GDPR compliance.
Advised an online and mobile fraud detection platform on GDPR and CCPA compliance.
Advised a globally operating fabric materials company on international transfers of personal data.
Advised a globally operating industrial conglomerate on international transfers of personal data.
Advised a location technology company on building a global privacy program.
Advised a health care app provider on HIPAA compliance.
Advised a communications app developer on privacy.
Advised an international mobile gaming company on international transfers of personal data.
Performed privacy due diligence of target companies for a European venture capital fund.

Technology Transactions

Advised an advertising technology company on demand and supply side data licensing agreements, SDK licensing and development.
Advised an industrial equipment manufacturer on machine-generated data rights and licensing.
Advised a sensor technology manufacturer on data rights and licensing.
Advised a global vehicle manufacturer on connected vehicle data rights and licensing.
Advised an indoor positioning company in its licensing and Platform-as-a-Service deals with Yahoo! Japan and a Korean technology conglomerate.
Advised a location data platform vendor on their Platform-as-a-Service agreement with a large European telecom.
Advised tens of companies on mobile app and website terms of use and privacy policies.
Advised an education technology platform on licensing and distribution agreements.
Advised a restaurant management platform on its master services agreement.
Advised an education media platform on service terms and conditions.

Corporate and Transactional

Acted as U.S. outside general counsel for manufacturers of non-woven fabrics, paper board, and wood products.
Advised a medical technology company on their Asian manufacturing agreements.
Acted as U.S. outside general counsel for a manufacturer of office meeting pods and phone booths.
Advised a mobile free-to-play social casino app developer in its $4 million Series A round of financing from Korea Investment Partners.
Advised a communications app developer on privacy and Series Seed and Series A financing.
Advised tens of foreign technology companies on structuring their U.S. presence.
Advised a Finland-based online retailer in their acquisition of a U.S. company’s assets.
Advised a human resources analytics startup in entity formation and SAFE note financing.
Represented a European venture capital fund in their seed-stage investment in a U.S. entity.
Advised a U.S. and Norway-based technology company in its $5 million Series A financing.
Advised a Korean entertainment company in its $4.5 million Series Seed investment in a Finnish e-sports company.

Affiliations

Admitted to practice: New York

Speeches & Presentations

"Global Cross-Border Data Transfers (Part 3)," Crowell & Moring Webinar (April 15, 2021). Presenters: Ambassador Robert Holleyman, Jarno Vanto, Maarten Stassen, and Laurence Winston.
"Global Cross-Border Data Transfers (Part 2)," Crowell & Moring Webinar (December 3, 2020). Presenters: Kate M. Growley, Ambassador Robert Holleyman, Maarten Stassen, Jarno Vanto, Robert Clifton Burns and Zhiwei Chen.
"Return Ready Virtual Summit: Data Protection in the Covid-19 era," Proxyclick Webinar, Brussels, Belgium (September 29, 2020). Speakers: Frederik Van Remoortel, Jarno Vanto, and Stefanie Tack.
"Global Cross-Border Data Transfers (Part 1)," Crowell & Moring Webinar (September 16, 2020). Moderator: Kristin J. Madigan; Presenters: Ambassador Robert Holleyman, Maarten Stassen, Jarno Vanto, and Laurence Winston.
"GDPR, CCPA, and other Hot Topics in Data Privacy," Silicon Legal Strategy, Santa Monica, CA (November 12, 2019). Presenters: Jeffrey L. Poston, Paul M. Rosen, Maarten Stassen, Jarno Vanto, and Heidi Waem.
"GDPR, CCPA, and other Hot Topics in Data Privacy," Silicon Legal Strategy, San Francisco, CA (November 11, 2019). Presenters: Jeffrey L. Poston, Maarten Stassen, Jarno Vanto, Kristin J. Madigan, and Heidi Waem.

Publications

"Privacy & Cybersecurity – New York Enacts the SHIELD Act," Crowell & Moring's International Trade Law (August 20, 2019). Authors: Jarno Vanto, Evan D.Wolff, Kate M. Growley, CIPP/G, CIPP/US and Brandon C. Ge.

Client Alerts & Newsletters

"The Colorado Privacy Act Signed," Privacy Law Alert (July 20, 2021). Contacts: Paul C. Mathis, Jarno Vanto, CIPP/E, CIPP/US, Michael Yaghi
"Biden Executive Order on Competition Includes Recommended Action on Internet Platform Industries and Privacy," Privacy Law Alert (July 13, 2021). Contacts: Kristin J. Madigan, CIPP/US, Jeane A. Thomas, CIPP/E, Jeffrey L. Poston, Jarno Vanto, CIPP/E, CIPP/US
"Just in Time - EU Adopts Adequacy Decisions for free flow of data with UK," International Dispute Resolution Alert (June 29, 2021). Contacts: Jeffrey L. Poston, Maarten Stassen, Frederik Van Remoortel, Jarno Vanto, CIPP/E, CIPP/US, Robert Weekes, Laurence Winston
"The New Standard Contractual Clauses for Transfers of Personal Data from the EU," Privacy Law Alert (June 7, 2021). Contacts: Jeffrey L. Poston, Maarten Stassen, Jeane A. Thomas, CIPP/E, Frederik Van Remoortel, Jarno Vanto, CIPP/E, CIPP/US, Laurence Winston
"Recent Cyber Incidents Likely to Expose Lacking Substance in Risk Assessments and Self-Certifications," Administrative Law Alert (March 11, 2021). Contacts: Jarno Vanto, CIPP/E, CIPP/US, Jacob Canter
"Virginia Consumer Data Protection Act (S.B. 1392)," Privacy Law Alert (March 3, 2021). Contacts: Kate M. Growley, CIPP/G, CIPP/US, Jeffrey L. Poston, Jarno Vanto, CIPP/E, CIPP/US, Evan D. Wolff, Maida Oringher Lerner
"Data Transfers from the EU: What Does "Good" Look Like?," Privacy Law Alert (November 17, 2020). Contacts: Maarten Stassen, Jeffrey L. Poston, Robert Holleyman, Jeane A. Thomas, CIPP/E, Frederik Van Remoortel, Jarno Vanto, CIPP/E, CIPP/US, Laurence Winston
"CCPA 2.0? California Adopts Sweeping New Data Privacy Protections," Privacy Law Alert (November 6, 2020). Contacts: Kristin J. Madigan, CIPP/US, Jeffrey L. Poston, Paul M. Rosen, Jarno Vanto, CIPP/E, CIPP/US
"California Approves Final CCPA Regulations," Privacy Law Alert (August 17, 2020). Contacts: Kristin J. Madigan, CIPP/US, Jeffrey L. Poston, Paul M. Rosen, Jarno Vanto, CIPP/E, CIPP/US, Maida Oringher Lerner
"Privacy Shield Invalidated: EU Data Transfers to the U.S. under Siege (again…)," Privacy Law Alert (July 16, 2020). Contacts: Robert Holleyman, Jeffrey L. Poston, Maarten Stassen, Jeane A. Thomas, CIPP/E, Frederik Van Remoortel, Jarno Vanto, CIPP/E, CIPP/US, Laurence Winston
"Mobile Applications For COVID Tracking & Tracing – Balancing the Need for Personal Information and Privacy Rights in the Time of Coronavirus," Privacy Law Alert (April 15, 2020). Contacts: Kristin J. Madigan, CIPP/US, Jeffrey L. Poston, Jarno Vanto, CIPP/E, CIPP/US, Evan D. Wolff, Brandon C. Ge, Matthew B. Welling, Michael G. Gruden, CIPP/G
"CCPA Enforcement on Track for July 1, 2020: Breaking Down the Latest Revisions to CCPA Proposed Regulations," Privacy Law Alert (April 1, 2020). Contacts: Jeffrey L. Poston, Kate M. Growley, CIPP/G, CIPP/US, Paul M. Rosen, Kristin J. Madigan, CIPP/US, Jarno Vanto, CIPP/E, CIPP/US
"March 21, 2020 Deadline Approaches for Businesses to Comply with New York Data Privacy Act Safeguards," Labor & Employment Law Alert - US (March 11, 2020). Contacts: Jarno Vanto, CIPP/E, CIPP/US, Eric Su, Ira M. Saxe, Jillian Ambrose
"California Attorney General Releases Proposed Updates to CCPA Regulations," Privacy Law Alert (February 11, 2020). Contacts: Kristin J. Madigan, CIPP/US, Jeffrey L. Poston, Paul M. Rosen, Jarno Vanto, CIPP/E, CIPP/US
"California’s Landmark Privacy Law Now in Effect," Privacy Law Alert (January 13, 2020). Contacts: Jeffrey L. Poston, Paul M. Rosen, Kristin J. Madigan, CIPP/US, Jarno Vanto, CIPP/E, CIPP/US, Brandon C. Ge
"The European Commission’s Standard Contractual Clauses: Good News from the Advocate General, but We’re Not Out of the Woods," Privacy Law Alert (January 8, 2020). Contacts: Jeffrey L. Poston, Maarten Stassen, Frederik Van Remoortel, Jarno Vanto, CIPP/E, CIPP/US
"UPDATE: California Governor Signs CCPA, Data Breach Amendments," Privacy Law Alert (October 17, 2019). Contacts: Kristin J. Madigan, CIPP/US, Paul M. Rosen, Jarno Vanto, CIPP/E, CIPP/US
"Proposed CCPA Regulations from California Attorney General Just Issued: Part I – An Analysis of Required Consumer Notice," Privacy Law Alert (October 15, 2019). Contacts: Kristin J. Madigan, CIPP/US, Jeffrey L. Poston, Paul M. Rosen, Jarno Vanto, CIPP/E, CIPP/US
"New York Enacts the SHIELD Act," Privacy Law Alert (August 20, 2019). Contacts: Kate M. Growley, CIPP/G, CIPP/US, Jarno Vanto, CIPP/E, CIPP/US, Evan D. Wolff, Brandon C. Ge
"The Swedish Data Protection Authority Investigates the Right to Access Under the GDPR," Privacy Law Alert (June 18, 2019). Contacts: Maarten Stassen, Jarno Vanto, CIPP/E, CIPP/US

Media Mentions

Essential for Privacy Compliance, Data Mapping Has a Tech—and Expense—Problem
September 23, 2021 — Law360
Even After Pandemic Disruptions, Law Firms' Tech Procurement Processes Remain Steady
August 23, 2021 — Legaltech News
Will Lower Bar Of Entry For Boutique Practices Lead To 'Brain Drain' At Big Law?
August 11, 2021 — Legaltech News
NYC's New Biometric Privacy Law 'An Indication of What Is to Come'
July 13, 2021 — Law.com
Why Cybersecurity Has Become Even More Challenging For Law Firms
July 6, 2021 — Legaltech New
In-House Likes A CISO, But Not More Than Good Law Firm Cybersecurity
May 17, 2021 — Legaltech News
Data Vendors Used To Have 'Unlimited Liability' For Breaches—But Not Anymore
April 30, 2021 — LegalTech News
5 Issues To Watch As Data Privacy Laws Sweep The U.S.
April 22, 2021 — Property Casualty 360
Clients See ALSPs As More Efficient. Law Firms See A ‘Frustrating’ Perception Problem
April 7, 2021 — Legaltech News
The Time To Hire Privacy Experts Was Yesterday
March 11, 2021 — Law.com
Privacy Compliance Is No Longer 'California Or Not California' With New Legislation Coming
February 24, 2021 — Law.com
Another Cyber Incident Headache: Forensic Breach Reports Can Be Discoverable
February 10, 2021 — Legaltech News
SolarWinds Hack Won't Hurt In-House's Prospects With Regulators—But Won't Help Either
January 21, 2021 — Corporate Counsel
Vendor Contracts Poised To Become 'Work Of Art' As Cybersecurity Dangers Grow
December 2, 2020 — Corporate Counsel
Post-Election Headache? Legal Departments on Possible Collision Course With Data Portability
November 12, 2020 — Corporate Counsel
This Is How Working In Silicon Valley During Korona: The Office Can Only Be Accessed On Request, Applications Follow The Movements Of Employees
October 11, 2020 — Helsingin Sanomat
Do Employers Need-Or Just Want-Extended CCPA Exemptions?
September 9, 2020 — Legaltech News
Privacy Shield Replacement Likely, But Not Long For This World
August 18, 2020 — Legaltech News
CCPA Wants To Know Value Of Consumer Data. So Do Businesses
June 30, 2020 — Legaltech News
As Traditional Firms Pull Back, Virtual Firms' Opportunities Could Be Growing
April 17, 2020 — Legaltech News
At Firms, In-Person Networking Still Trumps Tech In Assigning Legal Work
March 30, 2020 — Legaltech News
The Millennial March Into Leadership Positions May Already Be Changing Firms
March 19, 2020 — Legaltech News
Impending SCOTUS Trademark Decision Could Have Far-Reaching Cybersecurity Repercussions
February 25, 2020 — Legaltech News
No Turning Back: New Facial Recognition Database May Force Legal Reckoning
January 24, 2020 — Legaltech News
Why Is The Justice Department Knocking Harder At Apple's Backdoor?
January 22, 2020 — Legaltech
Lawmakers Finally Took Data Privacy Seriously-2019 Regulatory Roundup
January 12, 2020 — Cointelegraph
White House Al Guidelines Could Prove More Helpful For Developers Than Regulators
January 10, 2020 — Legaltech News
Is Singapore's Fake News Law A Global Headache For Facebook?
December 5, 2019 — Legaltech News
5 Harsh Truths About Ransomware Attacks
December 2, 2019 — Legaltech News
Courts Are Getting Geofenced In By Location Data Quandaries
November 26, 2019 — Legaltech News
Another Sign That Companies Aren't Ready For CCPA Yet: Data Privacy Trends
November 20, 2019 — CloudNine
CCPA Uncertainty May Put Cloud Agreements Up In The Air
November 18, 2019 — Legaltech News
Unfettered Employee Tracking May Be Approaching Its Twilight
October 21, 2019 — Legaltech News
Facing Legislation, Tech Companies Are Rolling the Dice with Self-Regulation
September 27, 2019 — ALM LegalTech News
Crowell Hires Tax Partner, Ex-DOJ Litigator From Covington
September 18, 2019 — Bloomberg Law
Is The GDPR Creating A Cat-And-Mouse Game Between Advertisers And Regulators?
September 11, 2019 — ALM LegalTech News
Will Social Media Platforms Get A Friend Request From The FCC?
August 21, 2019 — ALM LegalTech News
4 Signs The U.S. Government Is Becoming More Aggressive With Cybersecurity
July 31, 2019 — Legaltech News
Cyberattacks Increasing, Cities Push Risky Strategy Saying No To Hackers
July 17, 2019 — Legaltech News
States' Internet Privacy Fight With FCC Grows, With No End In Sight
June 12, 2019 — LegalTech News
Tech Companies Unite Against UK's Proposed Alternative To Encryption Backdoors
June 4, 2019 — LegalTech News
Mueller Report Keeps The Backdoor Encryption Debate Spinning
April 22, 2019 — Legaltech News

Firm News & Announcements

Apr.08.2019

Jarno J. Vanto Joins Crowell & Moring’s New York Office

Practices

Focus Areas –+

Industries

Education

Admissions

Languages