Lydia de la Torre

De la Torre was raised in Spain and got her law license in Madrid before moving to the U.S. with her American businessman husband, passing the California bar exam and studying intellectual property law at Santa Clara University. After a stint teaching comparative privacy law there, she joined Squire Patton Boggs in August 2019 as of counsel. She is an authority on the intersection of California privacy laws and the European Union's General Data Protection Regulation.

She provides strategic privacy compliance advice regarding other states' privacy and cyber laws, U.S. financial privacy laws, marketing and advertising regulatory requirements and information security.

"It's not common for European attorneys to be licensed in the U.S.," she said. "But it's useful. The European Union has led the way in privacy for many years. I passed the bar here in 2010, and that opened the door to a lot of work. I really wanted to get back to the kind of technology law I'd been practicing in Europe, so I joined the university as a law fellow. That was a great opportunity to research state privacy regulations just as the field was becoming quite popular here."

Part of her current practice involves work for mid-sized and larger law firm clients. For them, de la Torre has conducted assessments of the applicability of the California Consumer Privacy Act and evaluated the role that law firms should take under the act: whether they are acting for clients as a business, as a service provider or in some other category. She also prepared gap analyses, updated notices policies and contract terms as part of an overall strategy of insuring compliance with the CCPA.

For clients that provide services to U.S. K-12 schools, de la Torre advises on the applicability of the FERPA and other relevant state laws and how to achieve compliance, including the establishment of viable processes to obtain verifiable parental consent where applicable. Because the framework of the EU's General Data Protection Regulation and its ePrivacy Directive do not fully align with that of the Children Online Privacy Protection Act, she drafts contractual language, COPPA notices and advises on parental rights to balance the separate legal regimes.

A de la Torre client with an e-commerce platform required assistance with the evaluation and remediation of its accidental collection of data on minors under 13 who are subject to COPPA and minors under 16 who are subject to the GDPR. She said the work can be a high-risk endeavor, because COPPA fines can quickly escalate, the requirements for consent diverge across the affected jurisdictions and the impact of collection--absent parental consent--diverges depending on which laws apply.

De la Torre said she considers herself lucky to work for a firm with two great mentors: Rosa Barcelo, who, working from Brussles, Belgium, co-chairs Squire Patton's global data privacy and cybersecurity practice, and Ann J. LaFrance, who works from New York in the same role. "Most firms we serve locally are growing globally, so we are able to ensure they get the answers they need."

-- John Roemer