Daniel B. Rosenzweig
Senior Associate
Norton Rose Fulbright US LLP
Related services and key industries
Biography
Daniel B. Rosenzweig is a lawyer in Norton Rose Fulbright's Information Governance, Privacy and Cybersecurity practice group. He advises clients on legal and technical compliance with data protection and privacy laws, including the CCPA/CPRA and other state privacy laws, CAN-SPAM Act, COPPA, GDPR, FTC Act, GLBA, HIPAA, TCPA, and VPPA, as well as provides counsel on Artificial Intelligence (AI) and Large Language Models (LLMs), industry mobile app store requirements, the use of adtech and privacy-enhancing technologies (PETs), and applicable data breach notification laws. He also codes and develops in-house technical solutions to assist clients with their legal compliance efforts.
Daniel assists clients across many different sectors, including, among others: media, retail, telecommunications, healthcare, financial services, and hospitality. With Daniel's legal and technical expertise, he translates complex legal and technical concepts into digestible action items for an organization's legal, development, and marketing teams.
Daniel advises clients on the building and implementation of legal and technical data protection/privacy compliance programs across all stages of the development lifecycle. This includes, among other things: (i) drafting applicable disclosures, privacy policies, operational controls, consent flows, opt-outs, and contracts; (ii) performing technical testing and validation of data protection/privacy preference signals (e.g., GPC) and controls across websites, mobile apps, and IoT devices; (iii) advising on data protection and privacy portals/webforms; (iv) conducting data mapping exercises and risk assessments, including Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs); and (v) assisting clients with onboarding vendors. He also counsels clients on their own and third party application programming interfaces (APIs) and software development kits (SDKs).
Daniel is part of the core team that oversees the firm's privacy compliance tool suite, NT Analyzer, to help clients navigate the complex data protection and privacy landscape. NT Analyzer is a practical tool suite for managing privacy compliance in mobile apps, websites, and IoT. The tool detects and tracks the full range of data, including personally identifiable information, that is collected and shared, and then generates actionable reports through the lens of applicable privacy requirements. NT Analyzer also analyzes code associated with the "fingerprinting" of browsers as well as data used for "fingerprinting" mobile devices.
Daniel also focuses on matters related to advertising, marketing, autonomous and connected vehicles, and regulatory investigations.
Daniel was a law clerk at the United States Senate Committee on Homeland Security and Governmental Affairs, where he worked on homeland security and cybersecurity issues, while attending the Georgetown University Law Center. He was also a Legal Intern in FTC Commissioner Julie Brill's office, focusing on online privacy, data security, and consumer protection law.
Daniel is an active Big Brother in the Big Brothers Big Sisters mentorship program.
Professional experience
Collapse all- JD, Georgetown University Law Center, 2017
- BA, University of Delaware, magna cum laude, Phi Beta Kappa, Political Science, 2013
- District of Columbia Bar
- New York State Bar
Technical and specialized engagements:
- Develops and codes in-house technical solutions.
- Conducts mobile app privacy testing on Android, iOS, and Kindle devices.
- Conducts website privacy testing and analysis.
- Drafts Data Lake privacy controls.
- Conducts Privacy control validation and testing (e.g., CCPA Do Not Sale/Share opt-out signals and requests).
- Hard-codes legal decision making into privacy control platforms.
- Provides privacy and security training.
- Provides online ad ecosystem training.
- Drafts operational controls for technical implementation of data protection and privacy compliance requirements.
- Conducts API and SDK testing.
- Conducts IoT privacy and feature testing.
General Compliance and Corporate Governance:
- Developed data protection and privacy compliance programs, including, among other things: drafting applicable disclosures, contracts, privacy policies, operational controls, consent flows, and opt-outs; advising on implementation of data protection and privacy portals/webforms; and onboarding vendors.
- Assisted large media companies with respect to the use of video and online streaming information, as well as implementing legal and technical configuration options for VPPA compliance.
- Provided advice to large retailers with respect to geo-fencing projects.
- Provided strategic advice and counsel on local, national, and international privacy and data protection and data transfer laws for numerous companies
- Assisted numerous companies in drafting, designing, and implementation of internal company policies, including information security, data and records management and retention, data classification and handling, device management and "Bring Your Own Device" policies, codes of conduct, white papers, marketing materials, vendor white lists and internal policies on Internet tracking.
- Provided counseling for large communication provider, software companies, and mobile app developers with respect to issues pertaining to security, encryption, and authentication.
- Provided advice to numerous companies with respect to the use of geo-location information.
- Assisted numerous companies on compliance with the mobile app store requirements and guidelines.
- Developed privacy training programs.
Privacy-related class action litigation defense and regulatory defense:
- Represented companies in litigation resulting from use of social network widgets.
- Represented companies in relation to state attorneys general inquiries, Civil Investigative Demands (CIDs), subpoenas and investigations.
- Represented several companies in class action litigation related to the use of cookies and flash cookies.
- Co-author, "Biden restricts U.S. government use of commercial spyware," Norton Rose Fulbright Data Protection Report, April 20, 2023
- Co-author, "Validating State Privacy Law Opt-Out Signals," Norton Rose Fulbright Data Protection Report, March 29, 2023
- Co-author, "Privacy law is becoming more technically sophisticated. So should you.," NT Analyzer Insights, March 21, 2023
- Co-author, "HHS: Online trackers without prior authorization and BAAs can violate HIPAA," Norton Rose Fulbright Data Protection Report, December 5, 2022
- Co-author, "California Age-Appropriate Design Code Act," Data Protection Report, September 23, 2022
- Co-author, "Google Data Safety Form is Effective July 20, 2022," Data Protection Report, July 15, 2022
- Co-author, "The Slow Stroll Toward Schrems III? And How NT Analyzer Can Help in the Meantime," NT Analyzer Insights, April 12, 2022
- Co-author, "Google's Data Safety Form: Timeline Extended and Key Considerations," NT Analyzer Insights, February 28, 2022
- Co-author, "European rulings on the use of Google Analytics and how it may affect your business," Data Protection Report, February 14, 2022
- Co-author, "Data Privacy Concerns in 2022 and Beyond," NT Analyzer Insights, January 31, 2022
- Co-author, "iOS 15 Privacy Report Update: What it Means for App Owners," NT Analyzer Insights, January 19, 2022
- Co-author, "Google Play Store Releases Data Safety Form," NT Analyzer Insights, November 19, 2021
- Co-author, "Does Your App Track Users that Opted-out of Tracking?," NT Analyzer Insights, October 26, 2021
- Co-author, "iOS 15: New Privacy Features Industry Should Note - NT Analyzer," NT Analyzer Insights, October 7, 2021
- Co-author, "Why is Unintended Data Leakage and Third Party Code So Prevalent?," NT Analyzer Insights, July 26, 2021
- Co-author, "Google Will Nix the "GAID" for Opted-Out Users on Android," NT Analyzer Insights, June 8, 2021
- Co-author, "How Data Privacy Can Affect Consumer Goods," NT Analyzer Insights, June 2, 2021
- Co-author, "Google/Android Announces Privacy Requirements," NT Analyzer Insights, May 12, 2021
- Co-author, "iOS 14.5 and ATT Framework Coming to an App Near You," NT Analyzer Insights, April 22, 2021
- Co-author, "NT Analyzer Navigates Virginia's New Privacy Law," NT Analyzer Insights, April 7, 2021
- Co-author, "Solving Apple's New App Privacy Requirements," NT Analyzer Insights, October 16, 2020
- Co-author, "101 Problems and Schrems Ain't One," NT Analyzer Insights, September 25, 2020
- AdExchanger Talks, Why Privacy Lawyers Also Need To Be Technologists, June 21, 2023
- AdExchanger Programmatic I/O, Privacy Essentials: Privacy law is becoming more technically sophisticated. So Should You, May 17, 2023
- International Association of Privacy Professionals (IAPP) Little Big Stage Online, NT Analyzer: Empowering You to Manage Digital Privacy Risk at Every Level, June 3, 2021
- Webinar - NT Analyzer: Partnering With Your Business to Prepare for the Future of AdTech, May 25, 2021
- Webinar - Solving Apple's New App Privacy Requirement, November 13, 2020
- American Bar Association
- New York State Bar Association
- Big Brother, Big Brothers Big Sisters mentorship program
News
Insights
Validating state privacy law opt-out signals
Blog | April 05, 2023
Privacy law is becoming more technically sophisticated. So should you.
Blog | March 29, 2023
OCR warns impermissible use of online trackers can violate HIPAA
Publication | December 05, 2022