Jim Sullivan

James M. Sullivan Jr.

Partner
About

Jim Sullivan is a partner in DLA Piper's Washington, DC Regulatory and Government Affairs practice. He advises clients on existing and proposed data privacy rules in the United States and around the world. These include state, federal, and foreign laws and regulations, as well as international frameworks, that govern companies’ collection, use, disclosure, and cross-border transfers of personal data, and government access to such data for law enforcement and national security purposes.

Jim has extensive experience in both the government and private sectors. Prior to joining the firm, Jim served as an Assistant Secretary and Deputy Assistant Secretary in the International Trade Administration at the US Department of Commerce. In these roles, he led several key data privacy and digital policy initiatives, including US government administration and oversight of the EU-U.S. Privacy Shield Framework and establishment of the Global Cross-Border Privacy Rules Forum. Following the landmark Schrems II ruling by the Court of Justice of the European Union, he headed the US government task force charged with negotiating the EU-U.S. Data Privacy Framework and developing high-level principles in the OECD on government access to personal data held by the private sector.

During his time with the Commerce Department, Jim also oversaw US government engagement with foreign governments with respect to the development, implementation, and enforcement of data privacy laws (such as the EU's General Data Protection Regulation (GDPR), Japan’s Act on the Protection of Personal Information (APPI), Brazil’s General Data Protection Law (LGPD), India’s proposed Personal Data Protection Bill, and the UAE’s Federal Data Protection Law) and US government data requests pursuant to the CLOUD Act and the Foreign Intelligence Surveillance Act (FISA).

Prior to his government service, Jim held a number of senior business and legal roles. He served as co-founder and president of a SaaS startup, general counsel of a private equity firm, and white-collar litigator at DLA Piper and another global law firm.

Bar admissionsDistrict of ColumbiaNew York

EXPERIENCE

With extensive experience as key US policymaker on international data protection and cross-border data flows—and a deep background in litigation, investigations, and corporate work—Jim turns regulatory insight into practical advice for doing business anywhere in the world.

CROSS-BORDER TRANSFERS

  • Advise companies on certifying to the EU-US Data Privacy Framework (as well as its precursor, the EU-US Privacy Shield Framework), the Cross-Border Privacy Rules System, and the Privacy Recognition for Processors System
  • Assist businesses transferring personal data from Europe in conducting transfer impact assessments (TIAs), on a case-by-case basis, of the level of data protection provided in the US
  • Led the US government task force charged with negotiating the EU-US Data Privacy Framework following the landmark Schrems II decision by the Court of Justice of the European Union
  • Testified before Congress and regularly represented the US government before foreign governments and international bodies such as the OECD, APEC, G7, and International Conference of Data Protection and Privacy Commissioners
  • Oversaw implementation and administration of the EU-US Privacy Shield Framework—including commitments by the Departments of Commerce, Justice, State, and Transportation, the Office of the Director of National Intelligence, and the Federal Trade Commission—and US government engagement with the European Commission, European Data Protection Board, European Parliament, and EU privacy advocates and NGOs

GOVERNMENT ACCESS TO DATA

  • Advise companies on legal and regulatory obligations relevant to cross-border law enforcement access to data, including conflict-of-laws and jurisdictional issues, under the CLOUD Act, Mutual Legal Assistance Treaty (MLAT) process, and GDPR
  • Counsel clients in responding to legal process issued in national security investigations, such as National Security Letters (NSLs) and orders issued under FISA
  • Co-authored US government white paper regarding data privacy protections in US law relating to intelligence agencies’ access to personal data
  • Oversaw US government engagement in the OECD to develop high-level principles regarding Government Access to Personal Data Held by Private Sector Entities
  • Led dozens of US government diplomatic delegations to advocate against foreign data localization requirements
  • Coordinated with the National Institute of Standards and Technology (NIST), Department of Justice, Office of the Director of National Intelligence (ODNI), and representatives of the Five Eyes intelligence-sharing group regarding the recurrent "going dark" debate over encryption standards

LEGISLATION & RULEMAKINGS

  • Track the rapidly evolving data privacy and cybersecurity landscape in the US and across the globe to help clients anticipate, understand, shape, and comply with current and emerging legislation and regulation
  • Counsel clients on state-level data privacy and cybersecurity laws and regulations—including the California Consumer Privacy Act (CCPA), Colorado Privacy Act (CPA), Virginia Consumer Data Protection Act (VCDPA), Connecticut Data Privacy Act (CTDPA), Utah Consumer Privacy Act (UCPA), and other proposed comprehensive state privacy bills, as well as cybersecurity requirements such as those set forth by the New York Department of Financial Services Cybersecurity Regulation
  • Guide clients in drafting formal comments on existing and proposed data privacy and cybersecurity regulations—such as the FTC’s Commercial Surveillance and Data Security Rulemaking; the SEC’s Proposed Rules on Cybersecurity Risk Management, Strategy, Governance and Incident Disclosure by Public Companies; and the CFPB’s Personal Financial Data Rights Rulemaking
  • Track executive branch and congressional efforts to enact federal comprehensive data privacy legislation, such as the proposed American Data Privacy and Protection Act (ADPPA), and to amend current laws governing online content moderation and competition
  • Counsel global companies on existing and proposed legislation in the EU, such as the GDPR, Digital Markets Act (DMA), Digital Services Act (DSA), Data Governance Act (DGA), Data Act, and Artificial Intelligence Act (AIA)
  • Represented the US government at meetings of the OECD's Committee on Digital Economy Policy to foster trust in cross-border data flows and AI
  • Collaborated with the US Department of the Treasury to address the tax challenges of the digital economy by advocating for the consensus-based solution set forth in the OECD/G20 Inclusive Framework on Base Erosion and Profit Shifting
  • Chaired the US Department of Commerce Data Privacy Policy Coordinating Committee to align the policy initiatives of the International Trade Administration, NIST, the National Telecommunications and Information Administration (NTIA), the Bureau of Industry and Security (BIS), the Bureau of Economic Analysis (BEA), and the Patent and Trademark Office (PTO)

INTERNATIONAL TRADE

  • As CFIUS lead for the US Department of Commerce, implemented the process changes required by the 2018 Foreign Investment Risk Review Modernization Act
  • Represented energy and life science industry clients in government and internal corporate investigations involving alleged violations of Foreign Corrupt Practices Act (FCPA)
  • Advised multinationals on compliance requirements, formal ethics and compliance programs, and due diligence matters related to the FCPA and export controls

LITIGATION & INVESTIGATIONS

  • Represented corporations and individuals in complex civil and white-collar criminal litigation involving alleged violations of anticorruption, health care fraud, securities, False Claims Act (“qui tam”), and anti-money laundering laws
  • Counseled clients in corporate investigations, government investigations, congressional inquiries and hearings, and regulatory enforcement matters
Education
  • M.B.A., Georgetown University
  • J.D., Catholic University of America

    Member, Law Review

  • B.A., Political Science, College of the Holy Cross

Awards

  • The Legal 500 United States
    • Recommended, Cyber Law (including Data Privacy and Data Protection) (2023)

Publications

Seminars

  • The Evolving US Data Privacy Landscape, Panelist (Webinar, March 2023)
  • Government Access to Personal Data Held by the Private Sector, Presenter (Webinar, March 2023)
  • US Privacy and Security Developments at the State, Federal and International Levels, Panelist (Webinar, January 2023)
  • The Outlook for the EU-US Data Privacy Framework, Speaker (Brussels, November 2022)
  • Data Privacy Class Actions, Panelist (Webinar, October 2022)
  • US Government Update on Transatlantic Data Flows, Moderator (Webinar, October 2022)
  • Global Trade Talks: All Things Data, Guest Speaker (Webinar, May 2021)
  • The Cross-Border Data Forum, Guest Speaker (Webinar, February 2021)
  • The Invalidation of the EU-US Privacy Shield and the Future of Transatlantic Data Flows, Witness, US Senate Commerce Committee Hearing (Washington, DC, December 2020)
  • Debating Schrems II and the Future of the Transatlantic Relationship, Panelist, 10th Annual European Data Protection and Privacy Conference (Webinar, December 2020)
  • Transatlantic Data Privacy and Innovation: Convergence or Divergence (Washington, DC, February 2020)
  • Privacy and Interoperability, Speaker (Dubai, February 2020)
  • Privacy Without Monopoly: Data Protection and Interoperability, Speaker (Cairo, February 2020)
  • Data Protection in Egypt and the UAE, Speaker, US-UAE Business Council (Washington, DC, January 2020)
  • Third Annual Joint Review of the EU-US Privacy Shield Framework, Speaker and Moderator (Washington, DC, September 2019)
  • The Need for Interoperable Data Privacy Regimes, Speaker, Digital Advertising Alliance Summit (Washington, DC, August 2019)
  • The Asia EDGE: Enhancing Development and Growth Through Energy, Panelist, Center for Strategic and International Studies (Washington, DC, July 2019)
  • Strengthening US Fintech Competitiveness, Speaker (Washington, DC, June 2019)
  • Conversation on the Digital Economy, SelectUSA Investment Summit Moderator (Washington, DC, June 2019)
  • Beyond One-Size-Fits-All: Why Risk-Based Legislation is Critical to Privacy and Innovation, Speaker, 51st Asia Pacific Privacy Authorities Forum (Tokyo, June 2019)
  • Bridging the Differing Approaches to Privacy, Speaker, European Data Protection Days Conference (Berlin, May 2019)
  • Demystifying the US Data Privacy Regime, Keynote Speaker (Munich, May 2019)
  • Fostering Innovation and Trust in AI, Speaker, OECD Committee on Digital Economy Policy (CDEP) (Paris, May 2019)
  • The EU-US Privacy Shield, Panelist, IAPP Global Summit (Washington, DC, May 2019)
  • Addressing Foreign Barriers to Trade, Keynote Speaker, Global Insurance Symposium (Des Moines, April 2019)
  • Interoperability of Privacy and Data Protection Frameworks, Speaker, Asia-Pacific Economic Cooperation Ministers Meeting (Santiago, March 2019)
  • Privacy in the Indo-Pacific, Speaker, US-India Business Council (New Delhi, November 2018)
  • Blockchain Opportunities and Threats, Panelist, Singapore Fintech Festival (Singapore, November 2018)
  • Second Annual Joint Review of the EU-US Privacy Shield Framework, Speaker and Moderator (Brussels, October 2018)
  • Privacy Shield and the CLOUD Act, Speaker (Brussels, October 2018)
  • The USMCA’s Digital Trade Chapter, Speaker (Washington, DC, October 2018)
  • The APEC Cross-Border Privacy Rules and Japan’s Act on Protection of Personal Information, Speaker (Tokyo, August 2018)
  • The Quadrilateral Security Dialogue, Speaker (Sydney, August 2018)
  • The APEC Cross-Border Privacy Rules, Speaker (Wellington, New Zealand, August 2018)
  • Holding the Line: Preventing Regulatory Fragmentation and Balkanization of the Internet, Speaker, Asia-Pacific Economic Cooperation Summit (Port Moresby, Papua New Guinea, August 2018)
  • Building More Resilient US Supply Chains, Speaker, USC Marshall Global Supply Chain Summit (Los Angeles, August 2018)
  • The Future of US-Thai Relations: Enabling Innovation Through Digital Transformation, Panelist, The Asia Foundation (Washington, DC July 2018)
  • Update on the EU-US Privacy Shield Framework, Presenter, Bilateral Conference with the European Parliament’s Committee on Civil Liberties, Justice, and Home Affairs (Washington, DC, July 2018)
  • Privacy Shield and the CLOUD Act, Speaker, European Data Protection Days Conference (Berlin, May 2018)
  • Transatlantic Data Flows, Speaker (Munich, May 2018)
  • Data Protection, Privacy and Cybersecurity, Speaker, Central European ICT Dialogue (Prague, May 2018)
  • Blockchain Opportunities for Trade Finance and Supply Chains, Speaker, DC Blockchain Summit (Washington, DC, March 2018)
  • The FISA Amendments Reauthorization Act, Speaker (Washington, DC, February 2018)
  • First Annual Joint Review of the EU-US Privacy Shield Framework, Speaker and Moderator (Washington, DC, September 2017)
  • The Evolving Global Trade Ecosystem, Speaker, USC Marshall Global Supply Chain Summit (Los Angeles, August 2017)

Prior Experience

From 2017 to 2021, Jim served as an Assistant Secretary and Deputy Assistant Secretary in the International Trade Administration at the US Department of Commerce. Prior to his government service, Jim held senior business and legal roles as co-founder and president of a SaaS startup, general counsel of a private equity firm, and white-collar litigator at DLA Piper and another global law firm.

Connect