Shruti Bhutani Arora

She strives to make things transparent and easy to understand by researching what needs to be done, assimilating it and then providing the information to clients in an accessible manner. Shruti has also assisted clients of various sizes, both nationally and internationally, with commercial and trademark matters.

She is experienced in privacy compliance, complex technology transactions, trademark, copyright and artificial intelligence.

• Advised a leading social media platform on employee privacy issues and assisted in building employee privacy program.
• Assisted clients in fields such as ecommerce, gaming and SaaS products with California Consumer Privacy Act (CCPA) compliance.
• Assisted a luxury hotel management company with General Data Protection Regulation (GDPR) and CCPA compliance, including preparing internal documentation and training personnel.
• Assisted academic organizations with privacy compliance.
• Advised clients on assessing data incidents and determining appropriate responses.
• Assisted clients with drafting and negotiating complex technology contracts, including a technology partnership agreement for a technology client, a master SaaS and services agreement for COVID-19-related products, and a master services agreement for a client providing sterilization and decontamination services.
• Advised U.S. and India-based clients on trademark prosecution matters, including a brand use agreement for a social networking platform and contest guidelines for an education platform.
• Directed negotiations for complex technology contracts with industry leaders, including Fortune 500 companies, and counseled clients in advertising agreements, services agreements and other commercial transactions.
• Renegotiated escrow clause trigger on behalf of client providing SaaS-based service to Canadian insurance company.
• Enabled client to continue operations in India by demonstrating that exporting customer data from the United States to India was allowed under HIPAA regulations subject to HIPAA compliance.
• Advised startup in redefining the company as a technology platform versus advertising agency, which decreased potential liability surrounding copyright law. Presented case law and federal statute that verified acceptance of terms constitutes proper signature for copyright assignment.
• Built trademark portfolio of more than 200 trademark applications and registrations as lead attorney. Assisted clients in all aspects of trademark prosecution-related matters.
• Defended clients in privacy and unfair competition enforcement actions, including advising clients on the strategy regarding the notices of violations and inquiry letters, preparing responses to the alleged notices of violations and inquiry letters, negotiating settlements and preparing audit reports on behalf of clients pursuant to the settlement terms.
• Assisted clients with a range of counseling and compliance needs related to a variety of U.S. privacy laws, including compliance program planning; operationalizing privacy requirements; recordkeeping and retention requirements; development of internal policies and procedures; and preparing data mapping, data processing agreements (DPAs), data protection impact assessments (DPIAs), public-facing privacy policies and jurisdiction-specific privacy notices.
• Advised clients on the limitations on and exceptions to consumer privacy requests; applicability thresholds and exceptions in U.S. privacy laws; profiling requirements; defensible data deletion; and limitations on service providers, contractors and processors.
• Advised clients on and prepared AI governance practices and documentations.
• Advised on AdTech issues, particularly compliance with laws and regulatory guidance on the use of online tracking technologies, cross-domain tracking, cross-context behavioral advertising, do-not-sell and do-not-share requirements, use of hashed identifiers, and developing architecture that effectively sends the downward opt-out signal to client’s vendors classified as third parties.
• Prepared policies and notices, including online privacy, internal privacy, data classification and handling, acceptable use, personal data transfer and records retention (and related schedules).
• Prepared and negotiated privacy-related portions of master services agreements and data protection addenda for technology consulting, digital marketing, subscriptions and other professional services.
• Conducted privacy-focused M&A due diligence.
• Assisted clients with a range of counseling and compliance needs related to the CCPA and New York City’s Local Law 144, including compliance program planning and establishment, recordkeeping, data subject requests, applicable exceptions and authentication, and privacy policies and notices.
• Advised clients on productivity and monitoring analysis and other uses of HR personnel data.
• Advised clients and prepared and edited responses to the regulator’s inquiry about employee data privacy practices under the CCPA.
• Advised, prepared and negotiated technology agreements, such as technology partnership agreements, software license agreements, purchase agreements, terms of service agreements, master services agreements, software as a service agreements, other as a service agreements and service level agreements, as well as advertising and marketing agreements, such as agency agreements, media buys and activations, brand collaborations, sponsorships, digital marketing and influencer protocols.
• Advised clients on trademark and copyright registrations; responded to office actions from the U.S. Patent and Trademark Office (USPTO) and oppositions from third parties; and negotiated trademark co-existence and settlement agreements, brand use agreements, agreements on behalf of music artists (such as providing voice-over and music for a character in a video game), and agreements with performance-right organizations like the American Society of Composers, Authors & Publishers (ASCAP) and BMI, etc. Also advised clients on contests and sweepstakes.