Two synergistic developments led me to technology and data. Early in my legal career, I specialised in media and entertainment litigation, which were among the first industries to be disrupted by the emergence of digital media (eg Napster), leading to a number of matters grappling with how to deal with online streaming and IP rights amidst digital transformation. Separately, I handled a series of cases for online ad network ValueClick, including a click fraud case that gave me the opportunity to go deep with engineers into online advertising technology. This was my first exposure to working with data and technical facts, and I fell in love with the field and never looked back. Because adtech was the target in early privacy and data-focused litigation and regulatory attention, I was well positioned to lead the early cases that defined the field because I already had a strong understanding of the technology.
There are so many highlights from my career so far! I filed a once-in-a-career case on behalf of several iconic artists (Grateful Dead, Led Zeppelin, Carlos Santana, Janis Joplin’s estate, The Doors) against the guy who purchased Bill Graham’s archives and then proceeded to launch an online service (Wolfgang’s Vault) where he streamed soundboard tapes from early Bill Graham shows and sold merchandising derived from the concert posters. The artists were deeply offended, and the case presented several novel IP issues in the early days of digital streaming. Defending Carlos Santana, Jimmy Page and Robert Plant’s depositions (and having Jimmy politely ask permission to “crib” my lines during depo prep) stand out as an unforgettable career highlight.
I was the first to assert an Article III standing challenge in defence to a privacy class action, in a case against Specific Media and numerous other online publishers and ad networks targeting the use of Adobe “flash cookies” to track online activity. The theories in the case were novel and involved technology that very few lawyers understood, so there was a rush of settlements after the case was filed. I filed a motion to dismiss challenging the failure to identify any concrete injury (much less to plaintiff) in a complaint that was essentially a technical policy paper. Plaintiff’s counsel scoffed at the move, but we won – and Article III standing challenges became a standard defence to technology-focused class action litigation following that decision.
I represented Facebook in the FTC’s 2010 investigation into its privacy practices, the second privacy-focused FTC action (the first was against Google, related to Google Buzz, which was announced in the midst of the Facebook investigation). The investigation gave me the opportunity to engage deeply with Facebook’s platform technology and leadership during an early stage of growth, and I negotiated a settlement over the course of several months that avoided any product changes and avoided the onerous consent provisions that Google signed on to (for Google Buzz, now defunct).
I had the opportunity to join Facebook as deputy general counsel, leading the regulatory, privacy, product and litigation legal teams. I was on the management team at Facebook and deeply involved in core product and business strategy, built global teams of more than 200 lawyers, and had the opportunity to spend extensive time with regulators and in significant court proceedings in Europe, the UK, Brazil and Singapore. I led the company’s GDPR implementation, negotiated the second FTC consent decree, spearheaded a transition to a new privacy engineering compliance organisation, and was involved in developing and socialising several new product launches and features with regulators around the globe. I had the deepest respect and affection for the exceptionally talented people I worked with at Facebook, and gained an irreplaceable understanding of data science and hypergrowth company dynamics during my time there.
An emerging area I’m following closely is the rise of blockchain. Since returning to private practice, I have been deeply immersed in crypto and blockchain technologies – product counselling, advocating in courts and with key regulators to moderate their approach to this transformative new technology. The pace of innovation and the understanding gap with courts and regulators is evocative of the early internet and mobile ecosystems, and I believe the impact of blockchain will be comparably transformative (and will reimagine and replace the “internet” over time). I’ve had several matters where I’m working to demystify and normalize the technology but also to highlight the importance for regulators to create incentives to operate within regulated systems, because blockchain’s pull to decentralised exchange is real and requires radically new forms of regulatory partnership.
Cybersecurity threats and vulnerability management are another key area of board and senior management focus, due to the increased sophistication and motivation of bad actors and the technical debt underlying most major online and software-based services. There is high demand and critical need for advisors who can integrate regulatory, technical and operational strategies to guide companies to effectively address and prioritise their programmes in these areas. I’m currently advising boards and senior management at several companies in their oversight, evaluation and response to cybersecurity.
Women are poised to crush it in data. The last decade has propelled a surge of women in C Suite roles: Deb Liu, chief executive of Ancestry.com, Fidji Simo, chief executive of Instacart, and Asha Sharma, chief operating officer of Instacart, are a few examples of the incredible women leading product teams at Facebook who now are stepping into the helm of data-driven companies.
Part of this is a function of the demand curve. There is far more demand for data science and engineering in the market than can be filled, so companies and countries (like China) have recognised the necessity of investing in developing skills for the entire population. But I’ve also seen that women often have a unique ability to chart action, bring intuition, compassion and judgment to chaotic circumstances, and keep complex teams and organisations moving forward under pressure, so it is not surprising we’re seeing a sharp increase in women in leadership roles in technology and data companies.
I’ve seen this same shift at my law firm – since I returned to Gibson Dunn after seven years at Facebook, our chair is now a woman (Barbara Becker), the partners leading the engagements with most of our major technology clients are women, and each of the three partners we elevated in our privacy, cybersecurity and data innovation practice last year are women. I was conscious of gender and being an outlier earlier in my career, including when I was first leading in technology law – at this point, I don’t even think about it because it is uneventful for women to be rainmakers and leaders in my industry.
A piece of advice I would give aspiring data lawyers and professionals is to immerse yourself in the technology and the surrounding business issues, so that you can comfortably debate, discuss, advocate and counsel in a technical environment. Read Ben Thompson’s Stratechery blog, take online courses from leading universities in areas you want to understand better, seek out opportunities to work on technical matters and do lots of background research before you meet with the client so you have baseline conversancy and confidence coming in the door.
Be curious, rigorous and ask good questions – and if you think something is off, even something technical, raise it (I can’t tell you how many times I’ve raised a nagging question in a technical meeting because the facts weren’t adding up, only to discover a more significant issue – this builds your confidence and credibility quickly).
And develop a strong spiritual practice that connects you to source and the deeper intelligence of the universe, which is the companion to all innovation.