Privacy Law Blog
Courtney M. Bowman

Courtney M. Bowman

Associate
View full bio

Courtney Bowman is an associate in the Litigation Department. She assists clients in a wide variety of industries with issues related to privacy, data security, and general commercial litigation. Courtney is a regular contributor to Proskauer’s Privacy Law Blog and frequently speaks to the media on issues relating to international privacy and data security, and has authored articles on data security and e-commerce issues in the Middle East. She is accredited by the International Association of Privacy Professionals ("IAPP") as a certified information privacy professional (CIPP) in both the U.S. private sector (CIPP/US) and Europe (CIPP/E).

In addition, Courtney has an active pro bono practice that focuses on Iraqi and Afghan refugee assistance, and is a supervising attorney for the Iraqi Refugee Assistance Project (IRAP). She has worked with Kids in Need of Defense to represent a child asylum applicant. In 2015, Courtney received Proskauer’s Golden Gavel Award in recognition of her pro bono work on behalf of Iraqi refugees.

Subscribe to all posts by Courtney M. Bowman

California Legislature Passes Amendments to the California Consumer Privacy Act

By Courtney M. Bowman and Kristen J. Mathews on Posted in California, Data Privacy Laws, Privacy Law
The California Consumer Privacy Act (CCPA) is a major new state law poised to affect the privacy landscape not just in California, but in the U.S. as a whole. (For a detailed overview of the CCPA, read our previous post.) On August 31, the California legislature passed several amendments to the CCPA that will have a … Continue Reading

The California Consumer Privacy Act of 2018

By Kristen J. Mathews and Courtney M. Bowman on Posted in California, Data Privacy Laws, Privacy Law
This has been a big year in the data protection world, with the headline-grabbing General Data Protection Regulation (GDPR) occupying most of the spotlight with its plethora of privacy-related requirements and potential for high fines for violators. While companies (justifiably) may be focused on the GDPR at the moment, it’s also important to keep an … Continue Reading

A Primer on the SHIELD Act: New York’s Move to Adopt More Stringent Data Security Requirements

By Courtney M. Bowman on Posted in Cybersecurity, Data Breaches, Privacy Law, Security Breach Notification Laws
In November 2017, New York Attorney General Eric Schneiderman introduced the Stop Hacks and Improve Electronic Data Security (SHIELD) Act (the “Act”) in the state’s Legislature. Companies – big and small – that collect information from New York residents should take note, as the Act could mean increased compliance costs, as well as potential enforcement actions for those that … Continue Reading

GDPR Compliance Update: Which Government Authorities Have Issued Official GDPR Guidance?

By Courtney M. Bowman on Posted in Data Privacy Laws, European Union, International, Privacy Law
This post provides an update as to the current status of official GDPR-related guidance. With a little under a year remaining until the European Union’s General Data Protection Regulation (GDPR) becomes enforceable, companies are on the lookout for any interpretive guidance from EU or member state authorities that will help them focus their compliance efforts. … Continue Reading

A Primer on China’s New Cybersecurity Law: Privacy, Cross-Border Transfer Requirements, and Data Localization

By Courtney M. Bowman, Ying Li and Lijuan Hou on Posted in Cybersecurity, Data Privacy Laws, International, Privacy Law
China’s new Cybersecurity Law is one of the most important pieces of privacy and cybersecurity legislation we’ll see this year, and companies of all sizes need to be aware of its requirements – regardless of whether or not they have a physical presence in China. The new law goes into effect on June 1, 2017, … Continue Reading

Part 1: Data Breach 101 – Data Breach Notification Laws

By Courtney M. Bowman on Posted in Commercial Litigation, Data Breaches
In 2017, there are few words that make companies – and their counsel – shudder more than “data breach.” Recent high-profile breaches and the resulting litigation have shown that breaches can be embarrassing, harmful to a company’s brand, and extremely expensive to handle – both in terms of response costs and, potentially, damages paid to … Continue Reading

Kingdom in the Cloud: Saudi Arabia’s Draft Cloud Computing Regulations

By Courtney M. Bowman on Posted in Cloud Computing, International
Proskauer litigation associate Courtney Bowman and Jonathan Reardon, head of the Al Khobar, Saudi Arabia office of the Middle East-based firm Al Tamini & Co., recently co-authored an article published by Bloomberg about Saudi Arabia’s draft cloud computing regulations.  The article analyzes the draft regulations and their potential impact on cloud service providers seeking to … Continue Reading

Qatar’s New Personal Data Privacy Law

By Courtney M. Bowman on Posted in Data Privacy Laws, International, Privacy Law
At the end of last year, Qatar became the first Gulf state to enact a comprehensive privacy law. Until now, the many companies that market to consumers or have employees based in Gulf Cooperation Council (GCC) countries have had to determine their local practices based on the various countries’ patchwork of sector-specific laws and regulations, … Continue Reading

European DPAs Issue First GDPR Guidance

By Courtney M. Bowman on Posted in European Union, International, Privacy Law
On Friday, the Article 29 Working Party issued official guidance relating to the General Data Protection Regulation, or GDPR (which we’ve covered in previous posts here and here). The Article 29 Working Party is comprised of representatives of the various EU Member States’ data protection authorities (DPAs), so this marks the first time that the … Continue Reading

Privacy Law in Saudi Arabia: A Primer for Businesses

By Courtney M. Bowman on Posted in Data Privacy Laws, International
Proskauer litigation associate Courtney Bowman and Jonathan Reardon, head of the Al Khobar, Saudi Arabia office of the Middle East-based firm Al Tamini & Co., recently co-authored an article published by Corporate Counsel about privacy laws in Saudi Arabia.  The article provides valuable insight into the Kingdom’s privacy regime and focuses specifically on the central … Continue Reading

EU Court Rules that Dynamic IP Addresses are Personal Data…Sometimes

By Courtney M. Bowman on Posted in Data Privacy Laws, European Union, International
On October 19, the Court of Justice of the European Union (CJEU) ruled that dynamic IP addresses may qualify as “personal data” under EU privacy law. As we covered here on the blog a few months ago, this decision is significant because it clarifies that companies that collect, store, process, and/or transfer dynamic IP addresses … Continue Reading

German DPA Plans to Challenge Privacy Shield

By Courtney M. Bowman on Posted in European Union
The Privacy Shield is now live, having gone into effect on August 1. Perhaps emboldened by the Article 29 Working Party’s late July announcement that European regulators will not challenge the program’s adequacy for at least a year (after the first annual review of the program in May 2017), companies have begun self-certifying in order … Continue Reading

Privacy Shield Adopted, But Uncertainty Remains

By Courtney M. Bowman on Posted in European Union, International
Yesterday, the European Commission adopted the EU-US Privacy Shield, a framework designed to replace the invalidated Safe Harbor program. In theory, the Privacy Shield offers its adherents a relatively simple, straightforward way to legally transfer personal data from the EU to the US.  In reality, however, the Privacy Shield is likely to face legal challenges … Continue Reading

Are Dynamic IP Addresses Personal Data? A Primer

By Courtney M. Bowman on Posted in Data Privacy Laws, European Union, International, Online Privacy
Last month, one of the Advocate Generals (“AG”) of the Court of Justice of the European Union (“CJEU”), Manuel Campos Sánchez-Bordona, issued an opinion suggesting that dynamic IP addresses should be recognized as “personal data” under EU law. If the CJEU adopts this reasoning, it would represent a landmark decision that would resolve a contentious … Continue Reading

The Supreme Court’s Spokeo Decision and its Potential Impact on Privacy and Data Security Class Actions

By Courtney M. Bowman on Posted in Commercial Litigation, Privacy Litigation
On May 16, 2016, the Supreme Court decided Spokeo, Inc. v. Robins, ruling that a plaintiff must sufficiently allege an injury that is both concrete and particularized in order to have Article III standing, and further that a “bare procedural violation” of a plaintiff’s statutory right may not be sufficiently “concrete” under this analysis. This ruling … Continue Reading

Article 29 Working Party has “Strong Concerns” About Privacy Shield

By Courtney M. Bowman on Posted in Data Privacy Laws, European Union, International
On Wednesday, the EU’s Article 29 Working Party issued its much-anticipated statement on the viability of the proposed EU-US Privacy Shield. As we’ve detailed previously, EU and US officials reached agreement on the Privacy Shield arrangement, which was meant to serve as a replacement for the invalidated Safe Harbor program, back in February, and released … Continue Reading

Safe Harbor 2.0 Agreement Reached; New Program to be Named “Privacy Shield”

By Courtney M. Bowman on Posted in Data Privacy Laws, European Union, International
Yesterday, the European Commission announced that EU and US officials had reached an agreement to implement a program known as the EU-US Privacy Shield.  Privacy Shield is designed to be the successor to the Safe Harbor program, which the European Court of Justice (CJEU) invalidated last October.  The announcement brings some relief to the many … Continue Reading

New Safe Harbor Deal Possible by February 1

By Courtney M. Bowman on Posted in Data Privacy Laws, European Union, International
Companies anxiously watching their calendars to see if a new Safe Harbor program will be introduced before the end of January may get their wish: yesterday, a European Commission official announced that the Commission will inform the European Parliament of the outcome of negotiations for a new Safe Harbor program by Monday, February 1.  This … Continue Reading

A Primer on the GDPR: What You Need to Know

By Courtney M. Bowman on Posted in European Union, International
Now that it’s been approved by the EU Parliament’s Civil Liberties Committee, Europe’s General Data Protection Regulation (the “GDPR” or the “Regulation”) is well on its way to replacing the 20-year-old Data Protection Directive (the “Directive”) as the EU’s omnibus data protection law.  Although it won’t officially become law until it receives the approval of … Continue Reading

GDPR Text Approved

By Courtney M. Bowman on Posted in European Union, International
Following yesterday’s announcement that European officials had agreed on the language of the EU’s new General Data Protection Regulation (“GDPR” or “Regulation”), today the EU Parliament’s Civil Liberties Committee approved the text of the GDPR.  The GDPR isn’t law yet, as it still needs to be approved by the EU Parliament next month.  However, the … Continue Reading
LexBlog