areas of expertise
S. Gregory Boyd is a partner, Co-Chair of the Privacy & Data Security Group and Co-Chair of the Interactive Entertainment Group at Frankfurt Kurnit.
Mr. Boyd has extensive experience negotiating and drafting software (SaaS), technology, and game development agreements across all platforms. He also advises brands, media companies, and advertising agencies on a large variety of digital matters, including the creation, implementation, and management of privacy and data security programs. The International Association of Privacy Professionals (IAPP) has certified Mr. Boyd as both a Privacy Program Manager (CIPM) and Privacy Technologist (CIPT).
Mr. Boyd also handles a myriad of issues arising from data privacy and security for brands, agencies, and entertainment and media companies including children’s privacy, international issues, vendor auditing, and data breach management. Very few attorneys have attained IAPP CIPM and CIPT certifications, and Mr. Boyd is well-positioned to handle not only the executive aspects of privacy and data security, but also the actual design and implementation of those programs.
Mr. Boyd is co-author and editor of the popular textbook Business and Legal Primer for Game Development (Charles River Media) and wrote the chapter, "Intellectual Property in the Video Game Industry" in Mastering the Game: Business and Legal Issues for Video Game Developers (World Intellectual Property Organization). He is a founding member and on the Board of the Video Game Bar Association and a member of the Advisory Board for the NYU Game Center Incubator. He is a frequent speaker at international media conferences and educational institutions, and he taught a seminar on advanced topics in intellectual property for six years at New York Law School. Mr. Boyd is often quoted on technology and privacy issues in Mashable, Gamasutra, Edge-Online, CNN, Fortune, Forbes, and the New York Law Journal. The Legal 500 has praised Mr. Boyd for his work with media and technology companies.
Mr. Boyd is admitted to practice law in New York and is a registered patent attorney with the USPTO.
awards & recognition
2015 New York-area "Rising Star" by Super Lawyers magazine
2014 New York-area "Rising Star" by Super Lawyers magazine
East Carolina University (BS, magna cum laude, 1996, MS, 1998)
University of North Carolina (JD, MD; Chancellor’s Scholar, honors, 2004)
- Wrote for the North Carolina Journal of Law & Technology and served on its Executive Editorial Board
NYU-Stern School of Business (MBA, Finance and Marketing, 2009)
Upcoming Speaking Engagements
Past Speaking Engagements
Marks Paneth: Cyber Security Seminar
Greg Boyd speaks on a panel for a Cyber Security Seminar in Long Island.
June 20 2017
Working Within the Shades of Gray: Frankfurt Kurnit’s Second Annual Advertising Law Summit
Legal questions confronting in house marketing lawyers rarely elicit simple "yes" or "no" answers. (If only they did!) More often than not — to the consternation of clients working on tight deadlines — the answer is "maybe" or "it depends" or "there's a risk." How do you help your marketing clients evaluate the risks and weigh them against potential rewards?
June 8 2017
Video Game Bar Association’s Annual Conference 2017
May 15 2017
Vilnius Games Law Summit 2017
April 27 2017
More Than Just a Game III
Sean Kane and Greg Boyd present at Queen Mary University of London's "More Than Just a Game III" conference in London. Greg Boyd presents on "AR and Privacy Law in Open Spaces" and Sean Kane presents on "The Legality of Representing Real buildings in AR and VR Spaces." The firm sponsors this event.
April 7 2017
LSI Game Technology Law Conference
Greg Boyd serves as co-chair of the LSI Game Technology Law Conference in Seattle on October 13th and 14th.
October 13 2016
Greg Boyd Speaks to the Association of Corporate Counsel
Greg Boyd leads a roundtable discussion in the boardroom for members of the Association of Corporate Counsel, from 8:30 to 9:30am EST. Greg's topic is privacy and data security. The firm sponsors ACCA.
October 5 2016
Change is Good (But Only If You Know About It) - What’s Ahead for Advertising Lawyers in 2016
Advertising law is changing all the time. There are changes from regulators, self-regulators and unions. Changes from social platforms and review sites. Changes from privacy and data security czars. Changes from courts and bar committees. To clear your campaigns with confidence, you need to stay ahead of the changes.
June 8 2016
International Games Industry Law Summit
April 28 2016
PSP Annual Meeting
S. Gregory Boyd speaks at the Professional & Scholarly Publishing Annual Meeting on Cyber Security in the scholarly publishing industry.
February 4 2016
Mastering the Game: Business and Legal Issues for Video Game Developers
November 4 2015
Society of Digital Agencies (SoDA) Global Member Meeting
Rick Kurnit and Greg Boyd speak at the annual Society of Digital Agencies (SoDA) Global Member meeting in San Diego, which centers on topics, issues and trends identified by its C-level members as critical to their business success. This event is for SoDa members only.
July 30 2015
Legal Essentials for Startups: Intellectual Property Protection
Greg Boyd speaks on "Intellectual Property Protection" at part four of the Legal Essentials for Startups series sponsored by the New York Technology Council.
June 25 2015
VGBA Summit 2015
S. Gregory Boyd and Sean Kane moderate the panels "Advertising in Games" and "Right of Publicity and Intellectual Property" at the annual Video Game Bar Association Summit at UCLA Law School. Frankfurt Kurnit sponsors this event.
May 18 2015
Chicago Video Game Law Summit
March 27 2015
Video Game Bar Association Breakfast Panel
Privacy and data security are a growing concern across all industries and the game industry is no exception.
February 11 2015
Adventures in Videogaming
S. Gregory Boyd hosts a roundtable on "Adventures in Videogaming" at the 36th Annual BAA Marketing Law Conference in Chicago.
November 7 2014
Protecting Sensitive Data in the Cloud: New Approaches to Mitigate Database Security Risk
Greg Boyd attends New York Technology Council's "Protecting Sensitive Data in the Cloud: New Approaches to Mitigate Database Security Risk". Frankfurt Kurnit proudly hosts and sponsors the event.
October 28 2014
The Legal Low Down at the Cloud Gaming USA Conference
September 4 2014
SoDA Global Member Meeting
July 29 2014
NYU Game Center Incubator
S. Gregory Boyd participates in the NYU Game Center Incubator workshops.
June 6 2014
Law Seminar International: Regulatory Compliance for Social Gaming
S. Gregory Boyd speaks on a panel at Law Seminar International's two-day "Regulatory Compliance for Social Gaming” conference in Las Vegas, NV.
June 5 2014
2014 ANA Advertising Law & Public Policy Conference
S. Gregory Boyd speaks on the panel, "It's All in the Game: Legal Challenges in the World of Gaming" at the 2014 ANA Advertising & Public Policy Conference.
April 23 2014
IAPP Global Privacy Summit, Washington, DC
March 5 2014
Social Media Week: Rules of the Road
S. Gregory Boyd, Terri Seligman, and Edward Rosenthal lead a Social Media Week panel entitled "Rules of the Road - Four Areas of Law Every Social Media Marketer Should Know." The panel also includes Ellie Boragine, JetBlue Airways Corporation, Jake Feldman, Johnson & Johnson, and Seth Rogin, Mashable.
February 18 2014
Building Video Game and Interactive Media Companies
S. Gregory Boyd leads a class for video game artists, designers, illustrators, enthusiasts, attorneys and the video game community on the key legal issues involved in building and counseling a video game or interactive media company.
February 10 2014
The 411 on Legal Issues in Advertising and Social Media
January 28 2014
MIT Business in Games
S. Gregory Boyd moderates a panel on the competitive gaming industry.
March 21 2013
PLI’s Counseling Clients
S. Gregory Boyd speaks on Game Development, Publishing, and License Agreements for PLI's Counseling Clients in the Entertainment Industry.
March 4 2013
The Business of Games
S. Gregory Boyd speaks at Game On Finance's "Business of Games" panel in Toronto.
January 29 2013
Video Games for Volunteer Lawyers for the Arts
S. Gregory Boyd teaches a Continuing Legal Education video game bootcamp seminar for attorneys and video game executives for the above.
November 28 2012
Columbia Law School Video Game Law Discussion
S. Gregory Boyd speaks at the Columbia Law School Video Game Law Discussion. Frankfurt Kurnit sponsors the event.
October 9 2012
Southern Interactive Entertainment & Game Expo
S. Gregory Boyd speaks at the Southern Interactive Entertainment & Game Expo on "Building Your Game Business".
October 5 2012
The New Economics of Games
S. Gregory Boyd moderates a Gotham Media Interactive Entertainment panel at Frankfurt Kurnit.
October 2 2012
news & press
Shields On: 9th Circuit Strengthens Legal Defense for Video Game Developers
There's good news for game developers who incorporate real-world elements in their games. On October 20, 2017, the Court of Appeals for the Ninth Circuit affirmed a trial court decision which found that Gran Turismo, a Sony video game, was an expressive work entitled to First Amendment protection
Privacy Shield: Year One Updates You Need To Know
This month we're celebrating Privacy Shield's first birthday with an update on everything Privacy Shield. There have been a number of developments on the Privacy Shield-front that companies certified or seeking self-certification under Privacy Shield need to know.
FTC Settles First-Ever Action Against Individual “Influencers”
Third State Adopts Biometric Privacy Law
On June 1, 2017, Washington State joined Illinois and Texas as the third state to pass a biometric privacy law. The law, H.B. 1493, which goes into effect July 23, 2017, covers any business entity that collects biometric identifiers for commercial purposes.
Video Game Association Challenges Chicago’s Online Streaming Services Tax
One of the nation's most prominent video game associations has decided to challenge Chicago's controversial "Cloud Tax."
Code Ownership is a Trap
No Harm, No Foul: Court Dismisses Biometric Data Privacy Class Action Against NBA 2K Games
Biometric data — from, e.g., retina, face and fingerprint scans — plays a big role in the current wave of new technology services. For example, biometrics provide security features for financial and healthcare products. But companies using or thinking of using biometric data have to comply with myriad privacy and data security laws and regulations, or face potential enforcement action and litigation.
ZeniMax v. Oculus: Lessons from a $500 Million VR Case Verdict
The Oculus Rift has been one of the most anticipated technology developments in modern video game history. Now — as a result of avoidable mistakes — it is also a teaching case for lawyers advising clients in the interactive entertainment space. Here's a rundown of the case and the traps the developers fell into.
New Privacy and Data Security Blog
Looking for an easy way to keep up with the rapid-fire changes in Privacy and Data Security law? Introducing Focus on the Data — Frankfurt Kurnit's weekly insights and practical guidance on privacy and data security issues.
FCC Adopts Broadband Consumer Privacy Rules
On October 27, 2016, the Federal Communications Commission (FCC) adopted an Order requiring broadband Internet service providers and all other telecommunications carriers providing telecommunications services to take greater steps to protect the privacy of their customers, including current and former subscribers and new applicants. Here's a summary of the key obligations imposed on carriers:
Latest on the FTC Data Security Front
FTC Issues Guide on How to Respond to a Data Breach, and Eleventh Circuit Questions the FTC's Interpretation of Its Section 5 Authority But Does NOT Alter the Unfairness Standard in Data Security Matters.
Are Augmented Reality Games Liable for Depictions of Buildings, Trademarks or Artwork?
Are Augmented Reality Games Liable for Depictions of Buildings, Trademarks or Artwork?
In the few weeks since its release, Pokémon™ GO has dominated the interactive entertainment landscape. The augmented reality game has reportedly achieved more than 30 million downloads and lots of buzz. But as its popularity grows, so do questions about its legal implications - including the use of landmarks, buildings, monuments, and other frequented locations.
The New “Privacy Shield”: What Does it Mean for Your Company?
This week brought important news for any company that transfers across borders, or receives cross-border transfers of, consumer or employee personally identifying data (very broadly defined).
Greg Boyd in MediaPost
National Marketers Face Class Action Suits Under New Jersey Consumer Protection Law
A surge of recent lawsuits brought under a 30 year-old New Jersey consumer protection law has national marketers and their lawyers huddling. Here's a summary of how the law works and why there's exposure for marketers everywhere.
New Online Tool Helps Mobile App Developers Manage Healthcare Compliance
Here is some news about an important new resource for mobile app developers working in the healthcare space.
Transferring Personal Data Overseas: EU - US Privacy Shield Will Create New Obligations
On February 2, 2016, EU and US authorities reached an agreement in principle on a new framework for transatlantic data transfers, dubbed the "Privacy Shield."
FTC Settles Privacy Charges Against ASUS
Computer hardware maker ASUSTeK Computer, Inc. ("ASUS") recently settled FTC charges that the company failed to take steps to secure the software on its routers, putting hundreds of thousands of consumers at risk.
Judge Says Apple Doesn’t Have to Unlock iPhone in Case Similar to San Bernardino
S. Gregory Boyd is quoted in the Wired article, "Judge Says Apple Doesn't Have to Unlock iPhone in Case Similar to San Bernardino". Further coverage is provided in the Tech Times here, Stuff.tv here, NYSE Post here, Financial Spots here, The Saint here, Techislet here, and Equilibrio Informativo here.
Apple vs. the FBI: Why the Stakes Have Never Been Higher
Greg Boyd in WeiserMazars 2015 Media Barometer
App Developers Pay $360,000 to Settle COPPA Charges
Two app developers recently paid a total of $360,000 to settle charges by the Federal Trade Commission ("FTC") that they violated the Children's Online Privacy Protection Act ("COPPA") Rule. The cases make clear that children's privacy online remains an FTC focus. Here's what happened.
LabMD Decision Clarifies Corporate Liability for Data Security Breaches
A recent decision in a long-running data security case is a must-read for corporate executives charged with ensuring the security of personal information.
Federal Government Announces New HIPAA Privacy Audits for Companies That Handle Healthcare Data
Here's some news for companies that have to comply with the privacy provisions of the Health Insurance Portability and Accountability Act ("HIPAA"). The U.S. Department of Health and Human Services ("HHS") has announced plans to begin auditing compliance in early 2016.
European Court of Justice Declared EU-U.S. Safe Harbor Invalid - What This Means for Your Company
In a recent landmark decision, the Court of Justice of the European Union (the "CJEU") declared the EU-U.S. safe harbor invalid. The ruling comes out of the Schrems v. Facebook case, which has become one of the most widely followed and significant global data privacy cases to date.
Greg Boyd in Cyber Defense Magazine
Risk Management: New Patent Insurance Will Help Marketers Fight Claims from “Trolls”
In August 2015, the Association of National Advertisers (ANA) announced a groundbreaking program to provide patent insurance to its members.
Thirty-seven Frankfurt Kurnit Attorneys Named “Super Lawyers” for 2015
Super Lawyers listed thirty-seven Frankfurt Kurnit attorneys in its 2015 edition.
Federal Appeals Court Confirms FTC Can Bring “Unfairness” Claims in Data Security Breach Cases
The Third Circuit Court of Appeals affirmed this week that the Federal Trade Commission ("FTC") has the authority to declare companies' data security practices "unfair" under Section 5 of the FTC Act.
Enforcement of the Digital Advertising Alliance’s Mobile Guidance Will Begin on September 1st
Starting on September 1, 2015, all companies that collect and use data across sites or apps for interest-based advertising - including carriers, apps, ad networks, brands, agencies and publishers - will be required to demonstrate compliance with the Digital Advertise Alliance's Mobile Guidance on its Self-Regulatory Principles ("DAA Mobile Guidance"), which was issued in July, 2013.
FTC Recommends 10 Steps to Help Ensure Data Security
While there is no generally applicable federal law in the United States requiring all businesses to take particular steps to secure their sensitive data, the Federal Trade Commission has investigated and penalized numerous companies for failing to implement "reasonable" data security standards.
Video Games and New York Sales Tax
On June 3, 2015, the New York State Department of Taxation and Finance (NYSDTF) issued an advisory opinion that will have a big impact on New York-based interactive entertainment companies.
New EU Data Protection Law May Be Ready This Year
In January, 2012, the EU legislative bodies proposed an updated and more harmonized data protection law to replace the existing EU Data Protection Directive 95/46/EC.
Pictures on Planes
FTC Pursues Companies for Privacy Certification Misrepresentations
The FTC recently filed complaints alleging two US businesses that claimed to be in compliance with the US-EU Safe Harbor Framework were, in fact, no longer compliant.
Data Security: Seven Steps to Help Safeguard Your Company’s Personally Identifiable Information
A day barely passes without news of a major data breach perpetrated by outsiders who gained unauthorized access to sensitive personal information and intellectual property stored on company computers.
Thirty-four Frankfurt Kurnit Attorneys Named “Super Lawyers” for 2014
Super Lawyers listed thirty-four Frankfurt Kurnit attorneys in its 2014 edition.
Paying Attention: FTC Focuses on Cognitive Function Claims in a Video Game
The Federal Trade Commission has made clear in recent months that it will scrutinize claims from advertisers about products that allegedly improve cognitive function, including video game products.
The Internet of Things: Best Practices for Developers
What is the Internet of Things (the "IoT")? It's the ability of everyday objects to connect to the internet and collect and transmit data.
5 Blatant Mobile Game Rip-offs
FTC Probe of Verizon Holds Valuable Lessons in Cyber Security Protocol
Six Essential Steps for Data Security
Here's a holiday gift for anyone whose business depends on keeping customer or client data secure: the Frankfurt Kurnit Technology Group's list of six essential steps for data security.
FTC Closes Investigation of Verizon Router Security Citing Company’s Steps to Mitigate Consumer Harm
The FTC recently closed an investigation into whether Verizon engaged in unfair or deceptive acts or practices by failing to ensure that routers it shipped to customers, in connection with its DSL and FiOS services, had proper encryption security. Verizon took steps to mitigate consumer harm, and the company's efforts helped avoid regulatory sanctions. Here's what happened.
FTC Settles With Yelp and TinyCo Over Alleged COPPA Violations
Yelp, a business search and review service website, and TinyCo, a developer of gaming apps geared towards children, recently agreed to settle FTC allegations.
eCommerce Best Practice: Require Customers to Click “I Agree”
The Ninth Circuit recently affirmed what many industry players already recognized: when conducting eCommerce with consumers, the safest practice for businesses looking to enforce their website's terms is to include obvious indicia of consumer consent, possibly through use of a "clickwrap" agreement (where website users are required to affirmatively click on an "I agree" box).
California Issues Guidance for Compliance with Recent Updates to CalOPPA
Last month, the California Attorney General's Office released guidelines for businesses on how to comply with recent updates to the California Online Privacy Protection Act.
Can FTC Bring “Unfairness” Claims in Alleged Data Security Breach Cases?
That's the important question currently before a federal appeals court - a question with huge implications for advertisers and other custodians of sensitive customer data. How did the question arise?
UK Joins Investigation of eBay Data Breach: Did Company Do Enough to Protect User Data?
FTC Settles with Snapchat over Alleged Privacy and Security Violations
Snapchat Inc., developer of a popular mobile photo and video messaging app designed to bring the fabled self-destructing message to life, agreed to settle FTC allegations that it misrepresented its privacy and data security practices - including that its messages could be made to "disappear forever" seconds after viewing.
IRS Will Treat Virtual Currencies as “Property”
In Notice 2014-21 issued on March 25, 2014, the IRS announced that it will treat virtual currencies (such as Bitcoin) as "property" for U.S. federal tax purposes.
Recent Decisions Highlight Importance of Compliance with Online Behavioral Advertising Principles
The Online Interest-Based Advertising Accountability Program has recently released a handful of decisions addressing the responsibilities of the advertiser, agency and platform when collecting consumer information for online behavioral advertising.
California Amends Its Online Privacy Protection Act
Last month California introduced two amendments to the state's privacy law, the California Online Privacy Protection Act. The amendments establish new requirements for operators of websites, online services and mobile apps that collect personal information about California residents.
EA Settles Major Right of Publicity Case with Athletes
Popular video game manufacturer Electronic Arts recently settled claims brought against the company by former college athletes over EA's use of athletes' personas in its major game series, NCAA Football and NCAA Basketball.
Drive-By Storing: Google Agrees to Pay $7 Million to Settle Street View Privacy Case
According to a recent settlement, in addition to images of the world's roads and buildings, Google's special Street View vehicles may have also collected personal information from users on unencrypted business and personal wireless networks.
HTC Settles FTC Device Security Charges
In February 2013, HTC, one of America's biggest sellers of mobile devices based on the Android, Windows Mobile, and Windows Phone operating systems, settled FTC charges that millions of its smartphones and tablets had security holes that allowed malicious applications to send text messages, record audio, and even install additional malware onto a consumer's HTC device, without users' knowledge or permission.
FTC Releases Best Practices for Mobile Privacy and Fines Mobile Service Provider $800,000
The Federal Trade Commission issued a staff report on Friday recommending ways for participants in the mobile ecosystem to improve their mobile privacy disclosures. The report includes guidance tailored for key commercial players involved in the mobile area, including platforms (such as Apple's iOS and Google's Android), app developers, certain third parties (such as ad networks and analytics companies), and trade associations.
FTC Sanctions Ad Network for History Sniffing
In December, an FTC order barred Epic Marketplace, Inc. from continuing a practice known as history sniffing. The technology employed by the company allowed them to track sensitive information including certain medical and financial information for millions of consumers.
Court Invalidates Zappos’ Browsewrap Agreement
Delta Airlines was not first in flight but it did achieve a different first last month when the California Attorney General sued the company for alleged violations of a never-before-litigated state privacy law, the California Online Privacy Protection Act.
California Releases New Mobile App Privacy Recommendations
California's Attorney General recently released a set of official privacy recommendations for consideration by mobile app developers, mobile ad networks and related industry players.
FTC Report Faults Mobile App Makers on Privacy
On December 10th, the Federal Trade Commission issued a staff report, "Mobile Apps for Kids: Disclosures Still Not Making the Grade" -- a follow-up to an earlier staff report, "Mobile Apps for Kids: Current Privacy Disclosures Are Disappointing." The new staff report included results of a survey of children's mobile "apps" available in Apple's App Store and Google's Android Market.
Get Ready for a New Children’s Online Privacy Protection Act Rules
In December, the FTC released its long-awaited update to the Children's Online Privacy Protection Act (COPPA). COPPA, originally written in 1998, covers information collected online from Children under the age of 13. The statute applies to digital applications and websites that are directed toward children or that knowingly collect personal information from children. The update contains important changes for advertisers, agencies, and other business operators. The changes go into effect on July 1, 2013. Here's a rundown of what you need to know.
FTC Bans Behavioral Targeting at Kids’ Sites
Marketing Your Mobile App: Get it Right from the Start
The FTC recently released guidelines entitled "Marketing Your Mobile App: Get It Right from the Start". The guidelines provide valuable do's and don'ts for companies and individuals creating mobile applications. The guideline was divided into two sections, "Truthful Advertising" and "Privacy". Here's a rundown of what you need to know.