Austin Mooney focuses his practice on global privacy, cybersecurity and emerging technologies. He helps clients in a variety of industries understand and manage risks relating to the collection, use and protection of personal and other sensitive information.
In his privacy practice, Austin advises clients on implementing global compliance programs designed to navigate the evolving legal landscape around data privacy, including the Federal Trade Commission (FTC) Act, the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and other emerging US state consumer privacy laws. He is experienced in consumer privacy litigation and investigations, internal and external privacy policies and procedures, advertising technology (AdTech) compliance, cross-border data transfers and compliance issues with federal surveillance law including the Foreign Intelligence Surveillance Act (FISA).
Austin also advises on cybersecurity matters, including conducting enterprise security assessments under privilege, drafting internal security policies and procedures, compliance with federal and state security laws and data breach response and remediation.
Austin has particular experience drafting and negotiating privacy and security vendor contracts, having led numerous contract negotiations representing clients from both the vendor- and customer-facing perspective. Austin helps develop, draft, and implement comprehensive contract templates and response “playbooks” designed to minimize client risk while accounting for the rapidly changing requirements in this area.
Austin regularly speaks and writes on technology law topics. He has represented clients ranging from startups to Fortune 500 companies, including in the professional services, technology, healthcare, life sciences, finance, retail, real estate and entertainment sectors. He advises on risks relating to emerging technologies including autonomous vehicles, blockchain/cryptocurrencies, Internet of Things (IoT) devices, encryption, artificial intelligence, biometrics and advertising technology. He has also advised on privacy and security risks arising from large M&A transactions.
Before McDermott, Austin served as a law clerk for the US Senate Judiciary Committee, where he worked on Supreme Court and Attorney General nominations, executive branch oversight and investigations, FISA reform and other legislative initiatives. He has also held positions with the Federal Trade Commission, the Network Advertising Initiative and as a research assistant for privacy law academic Daniel Solove.
Austin is a Certified Information Privacy Professional/United States (CIPP/US) and a Certified Information Privacy Professional/Europe (CIPP/E).
- Represented leading technology companies as amici curiae in US Supreme Court surveillance law case United States v. Microsoft*
- Authored report and presented workshop on US privacy and cybersecurity law for trade association’s membership of Internet of Things (IoT) device manufacturers
- Advised company on discussion draft of the CCPA, proposing changes that became law*
- Developed legal strategy for US client following the European Court of Justice’s Schrems II decision, including external communications on surveillance law exposure, “transfer impact assessments” (TIAs), and mitigating “supplementary measures”
- Represented professional services firm in CCPA compliance project including developing data subject response procedure, “Do Not Sell” analysis and framework, privacy notices and contracting playbook
- Drafted global regulatory memorandum for company on use of consumer data for contact tracing and other COVID-19 prevention purposes
- Advised healthcare technology company on compliance with emerging state privacy laws, including Health Insurance Portability and Accountability Act (HIPAA) exemption analysis
- Drafted client memorandum on applicability of the Clarifying Lawful Overseas Use of Data Act (CLOUD Act)
- Advised entertainment company on global biometric privacy compliance related to use of facial recognition software
- Conducted comprehensive US privacy compliance assessment for advertising technology company
- Advised technology company on Gramm-Leach-Bliley Act (GLBA) and other privacy and security risks related to acquisition of financial services technology company
- Represented retailer in credit card data breach response including investigation, remediation, PCI-DSS compliance and notification of impacted cardholders
- Represented device manufacturer in responding to dozens of law enforcement requests for customer data under the Electronic Communications Privacy Act (ECPA)*
*Matter handled prior to joining McDermott.
George Washington University Law School, JD, 2017
New College of Florida, BA, Philosophy, 2014
District of Columbia