Our Website Uses Cookies
We and the third parties that provide content, functionality, or business services on our website may use cookies to collect information about your browsing activities in order to provide you with more relevant content and promotional materials, on and off the website, and help us understand your interests and improve the website.
For more information, please contact us or consult our Privacy Notice.
Your binder contains too many pages, the maximum is 40.
We are unable to add this page to your binder, please try again later.
This page has been added to your binder.
David Bender advises clients on a broad range of privacy and cybersecurity issues, including privacy and cybersecurity compliance obligations, commercial transactions involving personal information and cybersecurity risk, and regulatory inquiries relating to data privacy and security.
Mr. Bender has particular expertise advising sports, media, and technology companies on compliance with federal, state, and international legal frameworks, including practical advice to businesses navigating the rapidly evolving legal landscape. He also regularly represents clients with respect to data privacy and cybersecurity aspects of commercial transactions with service providers and partners.
Prior to joining the firm, Mr. Bender was a software developer at a genetics research lab, directing the development of a widely used bioinformatics software package.
- Advises major sports, media, and technology companies on data collection, use, and disclosure practices, including compliance with the Federal Trade Commission Act and other federal, state, and international privacy-related laws.
- Advises clients, including multiple Fortune 100 companies, on data privacy and cybersecurity terms in commercial agreements with service providers and partners.
- Represents clients in responding to and successfully resolving Federal Trade Commission (FTC) investigations relating to privacy and cybersecurity issues, including inquiries relating to the FTC Act and the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (Privacy Shield).
- Advises multinational companies on international data transfer issues, including under the EU General Data Protection Regulation (GDPR) and the Privacy Shield.
- Drafts and revises clients’ privacy policies, terms of use, and other privacy-related policies, procedures, and disclosures.
- Advises clients on contractual implications of cybersecurity incidents involving partners and service providers.
- Represents sports and media companies on spectrum reallocation proceedings before the Federal Communications Commission.
- Successfully represented a professional football team in obtaining dismissal of a putative class action lawsuit asserting federal law claims under the Electronic Communications Privacy Act (ECPA).
- Successfully represented a pharmaceutical company in litigation over rights to a first-in-class gastrointestinal drug.
- Successfully represented a multinational electronics company in the International Trade Commission in a Section 337 investigation.
Pro Bono
- Represents non-profit organizations on managing privacy and cybersecurity risks.
- Advises media and human rights organizations on international freedom of expression standards and best practices.
- Drafted First Circuit amicus brief on behalf of over thirty media and technology organizations in support of defendant in Yershov v. Gannett Satellite Information Network, Inc., d/b/a USA Today.
September 30, 2020, Inside Privacy
In the wake of the Court of Justice of the European Union’s (“ECJ”) Schrems II decision invalidating the EU-U.S. Privacy Shield (“Privacy Shield”) but upholding the validity of standard contractual clauses (“SCCs”), the U.S. government has released a White Paper entitled “Information on U.S. Privacy Safeguards Relevant to SCCs and Other EU Legal Bases for...… ...
'No Quick Fix’ After Privacy Shield
September 14, 2020, Communications Daily
David Bender spoke with Communications Daily about the European Court of Justice’s decision in Schrems II being challenged in Ireland. Mr. Bender says since the decision, it has been a “very confusing time.”
EU-U.S. privacy rift leaves businesses in disarray
August 12, 2020, Axios
David Bender is quoted in Axios regarding the EU-U.S. Privacy Shield, which was recently struck down in Europe, but still stands in the U.S. Mr. Bender says, “It's a tough situation for a lot of companies. Frustrated and confused is how I'd describe the general mood.”
August 6, 2020, Covington Alert
On July 16, 2020, the Court of Justice of the European Union struck down the EU-U.S. Privacy Shield (“Privacy Shield”) in the Schrems II decision. Even though Schrems II invalidated the Privacy Shield with immediate effect as a matter of EU law, U.S. regulators swiftly indicated that they will continue to administer the Privacy Shield and that self-certified ...
August 12, 2019, Inside Privacy
At the Black Hat conference in Las Vegas last week, a security researcher presented his research on using access rights available under the GDPR for identity theft purposes (slides available here; whitepaper available here). Specifically, the researcher “attempted to steal as much information as possible” about his fiancé by submitting GDPR access requests in ...
January 28, 2019, Inside Privacy
On January 24, the European Data Protection Board (“EDPB”) adopted a report (“Report”) regarding the second annual review of the EU-U.S. Privacy Shield (“Privacy Shield”). In a press release accompanying the Report, the EDPB welcomed efforts by EU and U.S. authorities to implement the Privacy Shield, including in particular the recent appointment of a ...
December 21, 2018, Inside Privacy
Earlier this week, the European Commission (“Commission”) published its Report on the second annual review of the EU-U.S. Privacy Shield (“Privacy Shield”) (the Report is accompanied by a Staff Working Document). The Report concludes that the Privacy Shield “continues to ensure an adequate level of protection” for personal data transferred from the EU to ...
May 29, 2018, Inside Privacy
A class-action lawsuit filed last month alleges that Wal-Mart’s video recording technology at its self-service checkout kiosks collects “personal identification information” in violation of the California Song-Beverly Act Credit Card Act of 1971 (“Song-Beverly Act”). The Song-Beverly Act, like analogous statutes in several other states, generally prohibits ...
May 2, 2018, Inside Privacy
On Tuesday, Joseph Simons was sworn in as the new Chairman of the Federal Trade Commission. The five-member Commission will soon be at full strength, as Simons is set to be joined by four other new FTC Commissioners, each of which were confirmed for seven-year terms by the Senate on April 26: Democrats Rebecca Kelly...… Continue Reading
April 17, 2018, Inside Privacy
Today, 34 global technology and security companies announced that they have signed a Cybersecurity Tech Accord, which publicly commits them “to protect and empower civilians online and to improve the security, stability and resilience of cyberspace.” The signatories include Cisco, Dell, Facebook, HP, Intuit, and Microsoft. The text of the Accord references ...
Ninth Circuit Decision Provides Critical Win to FTC in its Authority over Internet Service Providers
February 26, 2018, Inside Privacy
In a ruling with implications for both net neutrality and privacy, the Ninth Circuit ruled en banc today that the common carrier exemption in Section 5 of the FTC Act is activity-based, reversing a 2016 panel ruling that the exemption was status-based. Today’s decision bolsters the FTC’s authority to bring consumer protection (including privacy) and...… ...
December 26, 2017
SILICON VALLEY—The Financial Times has recognized Covington among the most innovative firms in 2017 in the category of "Enabling Business Growth," for advising "Tencent in its acquisition of a $8.6bn majority stake in Supercell, the Finnish gaming company, while maintaining Supercell’s creative culture and retaining its employees by introducing incentive ...
October 18, 2017, Covington Alert
The European Commission published its Report today on the first-annual review of the EU-U.S. Privacy Shield (the Report is accompanied with a Staff Working Document, Infographic, and Q&A).
July 31, 2017, Inside Privacy
Last week, the FCC issued a forfeiture order against Dialing Services, LLC (“Dialing Services”) $2,880,000, finding that Dialing Services made automated calls to wireless phones without prior express consent, in violation of the Telephone Consumer Protection Act (“TCPA”). Dialing Services is a platform that offers automated calling services to its customers, ...
July 21, 2017, Inside Privacy
The FTC announced today a new “Stick With Security” Initiative, building on its prior “Start With Security” guide as “part of its ongoing efforts to help businesses ensure that they are taking reasonable steps to protect and secure consumer data.” Stick With Security constitutes a series of blog posts published each Friday using “hypothetical examples...… ...
May 1, 2017, Covington Alert
In a widely anticipated step, FCC Chairman Ajit Pai has released the text of a draft Notice of Proposed Rulemaking (“NPRM”) proposing to change the legal framework that governs broadband providers, eliminate the “Internet conduct standard” for evaluating broadband provider practices on a case-by-case basis, and seek comment on whether to keep, modify, or ...
Recent Developments and Future Changes to Internet Privacy Rules in the EU the UK and the US
March 2017, Computer Law Review International
Covington Represents Tencent in $8.6 Billion Acquisition
June 21, 2016
SILICON VALLEY—Covington advised Tencent Holdings Limited, a leading provider of internet service in China, in connection with its acquisition of a majority stake in Supercell from SoftBank. A consortium established by Tencent will acquire up to 84% of Supercell for $8.6 billion in a transaction valuing Supercell at approximately $10.2 billion. Supercell is a ...
March 2016, Cyber Security Law & Practice
2013, 81 Geo. Wash. L. Rev. 1665
2008, Statistical Genetics
2007, 81 Am. J. Hum. Genet. 559

California Consumer Privacy Act (CCPA)
We are representing clients on California Consumer Privacy Act (CCPA) compliance, including in the legislative amendment and rulemaking proceedings associated with the CCPA and in developing working plans to come into compliance with the CCPA.