Ashley Winton

Ashley Winton focuses his practice on global data protection and privacy, information governance and cybersecurity compliance. He has particularly in-depth knowledge of cyber breach response, cybersecurity in the context of payment systems, the lawful interception of data, and the conflict of laws in relation to corporate and government investigations and international litigation. Ashley frequently represents major corporations, trade associations, charities and government entities on a range of data privacy and cybersecurity issues and he has significant experience in advising on the impact of privacy and cybersecurity law on cloud services, health care and international data transfers. Read Ashley Winton's full bio.
Schrems II Special Report: What Does the CJEU’s Decision Mean for Transfers From the EEA to the US?
By Laura E. Jehl, Romain Perray and Ashley Winton on Aug 7, 2020
Posted In Consumer Protection, Cybersecurity, Data Privacy, Data Transfers/Safe Harbor/Privacy Shield
For our Schrems II Practical Guidance special report, members of McDermott’s internationally recognized Global Privacy & Cybersecurity group have outlined practical guidance and next steps to ensure your business is prepared for what’s next following the final ruling in Data Protection Commissioner v. Facebook Ireland Limited, Maximillian Schrems. As your organization navigates the post-Schrems II...
Continue Reading
Does GDPR Regulate My Research Studies in the United States?
By Daniel F. Gottlieb, Bernadette M. Broccolo, Ashley Winton, Amy C. Pimentel and Matthew R. Cin on Feb 7, 2018
Posted In Big Data, Consumer Protection, Data Privacy, Workplace Privacy
The General Data Protection Regulation (GDPR) establishes protections for the privacy and security of personal data (Personal Data) about individuals in the European Union (EU) single market countries, and potentially affects the clinical and other scientific research activities of academic medical centers and other research organizations in the United States. This On the Subject includes...
Continue Reading
The General Data Protection Regulation: Key Requirements and Compliance Steps for 2018
By Jared T. Nelson, Leon C.G. Liu, Michael G. Morgan, Mark E. Schreiber, Paul McGrath, Romain Perray, Sabine Naugès, Camille Spegt, Dr. Wolfgang Freiherr Raitz von Frentz and Ashley Winton on Feb 6, 2018
Posted In Big Data, Consumer Protection, Cybersecurity, Data Privacy
Enforceable in all EU member states on 25 May 2018, the General Data Privacy Regulation will require action by organisations both inside and outside the European Union to ensure compliance with this far-reaching privacy legal framework. Compliance is even more urgent given that the GDPR provides for large penalties in cases of infringement. As some...
Continue Reading
Irish Court Casts Serious Doubt on EU Model Clauses
By Amy C. Pimentel, Ashley Winton, Katherine F. Froelicher, Michael G. Morgan, Mark E. Schreiber and Romain Perray on Oct 17, 2017
Posted In Cybersecurity, Data Privacy, Data Transfers/Safe Harbor/Privacy Shield
The validity of Model Clauses for EU personal data transfer to the United States is now in real doubt as a result of a new Irish High Court judgment stating that there are “well founded grounds” to find the Model Clauses invalid. The issue of Model Clauses as a legitimate data transfer mechanism will now...
Continue Reading
The Department of Transportation Helps Clear the Road for Autonomous Vehicles
By William M. Friedman, Michael G. Morgan, Ashley Winton and Amy C. Pimentel on Sep 27, 2017
Posted In Cybersecurity, Data Privacy, General Interest
The US Department of Transportation’s National Highway Traffic Safety Administration recently released A Vision for Safety 2.0, an update to its prior guidance on automated driving systems. The new guidance adopts a voluntary, flexible approach to regulation of automated driving systems and clarifies that it alone, and not the states, is responsible for regulating the...
Continue Reading
UK Government Issues Cybersecurity Guidance for Connected and Automated Vehicles
By Ashley Winton and Michael G. Morgan on Sep 13, 2017
Posted In Cloud, Consumer Protection, Cybersecurity, Data Privacy, General Interest
On 6 August 2017, the UK government released ‘The Key Principles of Vehicle Cyber Security for Connected and Automated Vehicles’, guidance aimed at ensuring minimum cybersecurity protections for consumers in the manufacture and operation of connected and automated vehicles. Connected and automated vehicles fall into the category of so-called ‘smart cars’. Connected vehicles have gained,...
Continue Reading