Robert Blamires, in the Privacy & Cyber and Data & Technology Transactions Practices, provides counseling and transactional support on cutting-edge regulatory compliance.

Mr. Blamires focuses in particular on data privacy, consumer protection, and payments, along with related IT/IP contracts and other transactional matters, and associated cross-border and multijurisdictional issues. He also regularly advises on proactive and reactive data security incident response, including managing suspected or actual breaches.

Mr. Blamires leverages profound insight into the priorities and demands of in-house counsel gleaned from secondments at several leading technology companies, both in the San Francisco Bay Area and in London. He also has a deep understanding of European regulatory enforcement, having spent two years on secondment at the UK’s consumer protection regulatory agency.

Drawing on more than 15 years’ experience, Mr. Blamires advises clients in a range of data-driven and other industries, particularly:

  • Technology, including:
    • Social media
    • AdTech
    • Fintech
    • HealthTech
  • Media
  • Financial services
  • Retail


  • “GDPR Five Months After Implementation: How Enforcement, Compliance and Insurability Issues are Playing Out,” RIMS Cyber Forum, Seattle, October 2018
  • “Critical Engagement and Machine Learning and AI,” Berkeley Center for Law & Technology’s 7th Annual Privacy Law Forum, Silicon Valley, March 2018
  • “International Considerations in Licensing, Understanding the Intellectual Property License,” Practising Law Institute, December 2017
  • “Standards and Guidelines for User Privacy Management,” Keynote, Polestar Connect Day Conference, Silicon Valley, March 2017
  • “Privacy in the Era of Safe Harbor II,” 13th Annual Stanford E-Commerce Best Practices Conference, Stanford Law School, June 2016
  • “GDPR Compliance Countdown – It’s All About the Details Now,” TRUSTe Privacy Risk Summit, San Francisco, June 2016
  • “Counsel’s Toolbox: Innovation in Managing Digital Privacy Risk,” Legaltech West Coast, San Francisco, June 2016
  • “How to Handle Cross-Border Data Transfers Post Safe Harbor and the Birth of the GDPR,” Masters Conference for Legal Professionals – Cybersecurity and Cross Border eDiscovery, San Francisco, April 2016
  • “Privacy By Design,” Berkeley Center for Law & Technology's 5th Annual Privacy Law Forum, Silicon Valley, March 2016
  • “Changing Rules for Data Privacy: Liability, Reform, and Opportunity,” Autonomous Cars Silicon Valley Conference, February 2016
  • “Practical Guidance on International Data Transfers,” Union Square Ventures Legal Lunch, New York, January 2016
  • “Privacy & Security in the Age of Global Investigations,” November 2016
  • “European Data Privacy,” Union Square Ventures Legal Lunch, New York, December 2014
  • “Exhaustion of Distribution Rights and Software Downloads,” US Association of Corporate Counsel, December 2013
  • “Mobile App Privacy for Developers: EU/US Perspectives,” UKTI App Developer Mission, San Francisco, October 2013
  • “Making Social Media Work For You,” Association of Corporate Counsel, September 2013
  • “Selling Online In Europe,” Association of Corporate Counsel, June 2013
  • “EU Legal Issues for US Enterprises,” Association of Corporate Counsel, April 2013
  • “EU Privacy Issues For US Enterprise,” John Marshall Law School, Chicago, March 2013
  • “App: The Legal Challenges,” Mobile Apps: The Legal Challenges Conference, London, May 2012
  • “Commercial Exploitation of .Brands,” New Top Level Domains Conference, London, May 2012
  • “Getting It Right When Selling Online,” Internet Retailing Conference, Birmingham, March 2012
  • “What Does .Brand Mean For You?” ICANN Conference, London, February 2012
  • “Commercial Exploitation of .Brands,” iStrategy Conference, Amsterdam, October 2011
  • “UK Regulatory Enforcement Of Consumer Protection Law Online,” The Norwegian Consumer Ombudsman, October 2010
  • “Internet Regulation,” The Office of Fair Trading, London, April 2010
  • “Exploitation Of Digital Media Rights,” European Association Of Animation Film / Cartoon Digital, Malaga, Spain, April 2009
  • “Virtual Worlds," Cambridge University, February 2009
  • “Negating The Use By Counterfeiters Of Web 2.0,” International Trademark Association, Conference On Counterfeiting, Paris, December 2009


  • “EDPB Publishes Regulatory Guidance on Territorial Scope of GDPR,” Latham Global Privacy & Security Compliance Law Blog, January 2019
  • “Social sharing and the US Video Privacy Protection Act: Perilous for online content providers,” Data Protection Leader, May 2018
  • “USA – Privacy Shield,” Guidance Note, DataGuidance, February 2018
  • White & Case Technology Newsflash:
    • “California Consumer Privacy Act Guide,” September 2018
    • “A Slice of GDPR in California?” September 2018
    • “CCPA and GDPR: Comparison of certain provisions,” September 2018
    • “Privacy Shield: Recent Developments,” April 2017
    • “Data Privacy in a Time of Reaction: ‘Big Data’ versus ‘The People’,” February 2017
    • “Further Challenges to EU-US Privacy Shield and EU Data Exports,” December 2016
    • “EU-US Privacy Shield challenged,” November 2016
    • “New York’s New Cybersecurity Rules: What Is Required?” October 2016
    • “EU-US Privacy Shield: How to Certify,” August 2016
    • “Unlocking the EU General Data Protection Regulation: A practical handbook on the EU’s new data protection law,” July 2016
    • “EU-US Privacy Shield approved,” July 2016
    • “New threats to transatlantic data flows as Model Clauses come under fire,” June 2016
    • “Strict and far-reaching new EU data protection regime comes into force,” May 2016
    • “Significant concerns from EU Data Protection Authorities may delay the EU-US Privacy Shield,” April 2016
    • “European Parliament approves new EU data protection law,” April 2016
    • “No consensus on Privacy Shield following debate on adequacy,” March 2016
    • “New deal for transferring personal data from the EU to the US moves a step closer,” March 2016
    • “EU Regulatory Agendas: EDPS Priorities 2016 and Article 29 Working Party Work Programme 2016 – 2018,” February 2016
    • “Safe Harbor is dead, long live Safe Harbor!” February 2016
    • “International Data Privacy: How to Navigate the Challenges,” January 2016
    • “UK and EU Law Enforcement Investigatory and Data Sharing Powers: Developments and International Impact,” January 2016
    • “Introduction of new EU General Data Protection Regulation: final stages,” December 2015
  • “EU Consumer Rights And US Businesses,” The Los Angeles | San Francisco Daily Journal, July 2014
  • “Eternal Sunshine of the Spotless Search,” The Los Angeles | San Francisco Daily Journal, June 2014
  • “EU: Doing Business In The European Union,” Mondaq, Corporate/Commercial Law and Privacy, June 2013
  • “The Proposed Ban On Credit And Debit Card Surcharges,” E-Finance & Payments Law & Policy; E-Commerce Law & Policy, November 2012
  • “Smarter Thinking – Connected TV, Law And Regulation,” Entertainment Law Review, June 2012
  • “Developments In Intermediary Liability: The Cases So Far,” E-Commerce Law & Policy, June 2012
  • “Illegal File Sharing – Newzbin And The Digital Economy Act,” E-Commerce Law & Policy, May 2012
  • “A Smart Approach To Smart TV,” Digital TV Europe, April 2012
  • “‘Paying To Pay’” – UK Government To Ban Excessive Surcharges For Debit And Credit Card Payments,” E-Finance & Payments Law & Policy, March 2012
  • “Mass Market Contracting,” Chapter 2, Computer Law Textbook, Oxford University Press, February 2011

Mr. Blamires has extensive experience advising clients on EU and US legislative regimes including:

  • EU General Data Protection Regulation (GDPR) and related EU data privacy laws
  • US State privacy laws, including California’s Consumer Privacy Act (CCPA)
  • US Federal privacy laws, including, the Children’s Online Privacy Protection Act (COPPA), the Gramm-Leach Bliley Act (GLBA), the Video Privacy Protection Act (VPPA), and the Health Insurance Portability and Accountability Act (HIPAA) and associated laws

Using his multi-jurisdictional qualifications and knowledge, and experience of Europe’s demanding data privacy regime, Mr. Blamires works with international businesses on cross-border data transfer and other compliance strategies, including exports of personal data from Europe to the US and elsewhere around the world, employing mechanisms such as Standard Contractual Clauses, EU-US / Swiss-US Privacy Shield Frameworks, and Binding Corporate Rules.

Mr. Blamires has also helped companies comply with requirements for the use of cookies and other tracking devices, including applicable notice and consent mechanisms, as well as broader online compliance issues associated with behavioral advertising.

He also works with clients to manage their domestic and international responses to law enforcement and litigation discovery requests.

As a prominent member of the data privacy and security community, Mr. Blamires frequently writes and speaks on current issues.

Bar Qualification

  • California
  • England and Wales (Solicitor)


  • Diploma in Legal Practice, Nottingham Law School
  • LLB in Law with American Law, University of Nottingham