WSGR logoWSGR logo
WSGR logo
  • Experience
  • People
  • Insights
  • About Us
  • Careers

  • Practice Areas
  • Industries

  • Corporate
  • Intellectual Property
  • Litigation
  • Patents and Innovations
  • Regulatory
  • Technology Transactions

  • Capital Markets
  • Corporate Governance
  • Corporate Life Sciences
  • Derivatives
  • Emerging Companies and Venture Capital
  • Employee Benefits and Compensation
  • Energy and Climate Solutions
  • Executive Advisory Program
  • Finance and Structured Finance
  • Fund Formation
  • Greater China
  • Mergers & Acquisitions
  • Private Equity
  • Public Company Representation
  • Real Estate
  • Restructuring
  • Shareholder Engagement and Activism
  • Tax
  • U.S. Expansion

  • Special Purpose Acquisition Companies (SPACs)

  • Environmental, Social, and Governance

  • AI and Data Center Infrastructure
  • Energy Regulation and Competition
  • Project Development and M&A
  • Project Finance and Tax Credit Transactions
  • Sustainability and Decarbonization
  • Transportation Electrification

  • U.S. Expansion Library and Resources

  • Post-Grant Review
  • Trademark and Advertising

  • Antitrust Litigation
  • Arbitration
  • Board and Internal Investigations
  • Class Action Litigation
  • Commercial Litigation
  • Consumer Litigation
  • Corporate Governance Litigation
  • Employment Litigation
  • Government Investigations
  • Internet Strategy and Litigation
  • Patent Litigation
  • Securities Litigation
  • State Attorneys General
  • Supreme Court and Appellate Practice
  • Trade Secret Litigation
  • Trademark and Copyright Litigation
  • Trial
  • White Collar Crime

  • Advertising, Promotions, and Marketing
  • Antitrust and Competition
  • Committee on Foreign Investment in the U.S. (CFIUS)
  • Communications
  • Data, Privacy, and Cybersecurity
  • Export Control and Sanctions
  • FCPA and Anti-Corruption
  • Federal Trade Commission
  • Fintech and Financial Services
  • Government Contracts
  • Healthcare and FDA Regulatory
  • National Security and Trade
  • Payments
  • State Attorneys General
  • Strategic Risk and Crisis Management
  • Tariffs, Customs, and Import Compliance

  • Antitrust and Intellectual Property
  • Antitrust Civil Enforcement
  • Antitrust Compliance and Business Strategy
  • Antitrust Criminal Enforcement
  • Antitrust Litigation
  • Antitrust Merger Clearance
  • European Competition Law
  • Third-Party Merger and Non-Merger Antitrust Representation

  • FDA Regulatory and Compliance

  • Anti-Money Laundering
  • Foreign Ownership, Control, or Influence (FOCI)
  • Team Telecom

  • AI in Healthcare
  • Animal Health
  • Artificial Intelligence and Machine Learning
  • Aviation
  • Biotech
  • Blockchain and Cryptocurrency
  • Clean Energy
  • Climate and Clean Technologies
  • Communications and Networking
  • Consumer Products and Services
  • Data Storage and Cloud
  • Defense Tech
  • Diagnostics, Life Science Tools, and Deep Tech
  • Digital Health
  • Digital Media and Entertainment
  • Electronic Gaming
  • Fintech and Financial Services
  • FoodTech and AgTech
  • Global Generics
  • Internet
  • Life Sciences
  • Medical Devices
  • Mobile Devices
  • Mobility
  • NewSpace
  • Quantum Computing
  • Semiconductors
  • Software

  • Offices
  • Country Desks
  • Events
  • Community
  • Our Diversity
  • Sustainability
  • Our Values
  • Board of Directors
  • Management Team

  • Austin
  • Boston
  • Boulder
  • Brussels
  • Century City
  • Hong Kong
  • London
  • Los Angeles
  • New York
  • Palo Alto
  • Salt Lake City
  • San Diego
  • San Francisco
  • Seattle
  • Shanghai
  • Washington, D.C.
  • Wilmington, DE

  • Law Students
  • Judicial Clerks
  • Experienced Attorneys
  • Patent Agents
  • Business Professionals
  • Alternative Legal Careers
  • Contact Recruiting

Data, Privacy, and Cybersecurity

Open PDF
  • Visit wsgrdataadvisor.com—Your Source for Privacy, Cybersecurity, and Data Protection Insights

    Wilson Sonsini’s Data Advisor is your source for privacy news and insights—brought to you by our global data, privacy, and cybersecurity team. Visit wsgrdataadvisor.com and subscribe to stay connected.

  • A Team Anchored by Former Senior Regulatory Agency Officials

    Wilson Sonsini's team includes former senior officials who served in the FTC's Bureau of Consumer Protection, the DOJ's National Security Division, HHS Office of General Counsel and Office of the National Coordinator for Health Information Technology, DHS, NSA, and other U.S. regulatory agencies, as well as the French CNIL and National Assembly.

  • A Recognized and Highly Ranked Practice

    Wilson Sonsini's Data, Privacy, and Cybersecurity practice is consistently recognized by well-known ranking authorities such as Global Data Review’s 20 Elite, Law360, Chambers USA, Chambers Global, Chambers Europe, and Legal 500.

  • A multinational team advising on all privacy and data protection issues globally

    Our lawyers are qualified in multiple jurisdictions and work with a network of local counsel in 85+ countries. We can provide high-level global strategic advice or assist with detailed privacy issues in any country, interfacing with local counsel on your behalf.

As the premier legal advisor to technology, life sciences, and growth enterprises worldwide, Wilson Sonsini is at the forefront of data, privacy, and cybersecurity law in the U.S. and throughout the world. Our cross-disciplinary team of highly experienced professionals helps companies navigate the complex and ever-changing set of laws, regulations, and industry standards that govern the collection, storage, and use of information.

Who We Are

Our data, privacy, and cybersecurity team includes former senior officials who served in the FTC's Bureau of Consumer Protection, the DOJ's National Security Division, the HHS Office of General Counsel and Office of the National Coordinator for Health Information Technology, DHS, NSA, and other U.S. regulatory agencies, as well as the French CNIL and National Assembly. The team also includes some of the nation's leading litigators and veteran trial attorneys who have litigated complex data disputes involving novel issues of law. Rounding out the team are compliance and transactional attorneys, as well as legislative and regulatory strategists.

Our Data, Privacy, and Cybersecurity practice is consistently recognized by well-known ranking authorities such as Global Data Review’s 20 Elite, Law360, Chambers USA, Chambers Global, Chambers Europe, and Legal 500. Additionally, the team’s attorneys are individually cited for excellence and other accomplishments in these publications, and they are frequent speakers at major conferences on key developments in data, privacy, and cybersecurity.

What We Do

Wilson Sonsini’s data, privacy, and cybersecurity team advises companies of all sizes—from start-ups to industry leaders—on issues arising from the collection, use, maintenance, and security of data. Our comprehensive scope of practice includes helping clients manage government investigations and enforcement actions, and assisting them during crisis situations resulting from security breach incidents. The team’s litigators represent clients in complex, multi-jurisdictional privacy disputes and class action litigation.

The firm’s Data, Privacy, and Cybersecurity practice is a global practice. With practitioners based in key markets in the U.S., the European Union, and the UK, Wilson Sonsini advises clients on all U.S. federal, state, European, and UK privacy laws, including:

  • Children's Online Privacy Protection Act (COPPA)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • U.S. data breach notification laws
  • U.S. state privacy laws, including the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), Illinois Biometric Information Privacy Act (BIPA), Texas Capture or Use of Biometric Identifier Act (CUBI), Colorado Privacy Act (ColoPA), and the Virginia Consumer Data Protection Act (VCDPA)
  • General Data Protection Regulation (GDPR)
  • Revised European e-Privacy Directive
  • Fair Credit Reporting Act (FCRA)
  • Gramm-Leach-Bliley Act (GLBA)
  • Electronic Communication Privacy Act (ECPA)
  • Video Privacy Protection Act (VPPA)
  • Upcoming legislations in the EU and their interactions with the GDPR, including the draft e-Privacy Regulation, the draft regulation on AI, and the draft Digital Market and Digital Services Acts

Because a large percentage of Wilson Sonsini’s clients are technology and life sciences companies, our team is skilled at addressing unique issues that arise when privacy matters intersect with innovation and data. For example, our attorneys help clients apply best practices toward implementing effective privacy programs online, offline, on mobile devices, and throughout their enterprises; advise them on when and how to comply with self-regulatory programs governing online advertising; and guide them on how to develop compliant marketing and promotional communications using new media.

We help our clients determine and implement their most effective GDPR compliance program, ranging from data mapping, data protection impact assessment, privacy policies, cookies compliance, and handling of data subjects’ rights to detailed, cutting-edge, and novel GDPR compliance issues. We have unmatched experience designing data transfer strategies. We advise regularly on data transfer impact assessment, the use of EU standard contractual clauses, Code of Conduct, the use of derogations, and the approval of binding corporate rules (BCRs). In addition, we assist clients in reconciling the demands of EU data protection law with conflicting legal obligations.

In short, Wilson Sonsini’s Data, Privacy, and Cybersecurity practice is a valued asset because clients can leverage our unique combination of an experienced team led by skilled practitioners and former agency veterans and a comprehensive global legal practice that fully covers a company’s privacy and cybersecurity needs.

Overview

As the premier legal advisor to technology, life sciences, and growth enterprises worldwide, Wilson Sonsini is at the forefront of data, privacy, and cybersecurity law in the U.S. and throughout the world. Our cross-disciplinary team of highly experienced professionals helps companies navigate the complex and ever-changing set of laws, regulations, and industry standards that govern the collection, storage, and use of information.

Who We Are

Our data, privacy, and cybersecurity team includes former senior officials who served in the FTC's Bureau of Consumer Protection, the DOJ's National Security Division, the HHS Office of General Counsel and Office of the National Coordinator for Health Information Technology, DHS, NSA, and other U.S. regulatory agencies, as well as the French CNIL and National Assembly. The team also includes some of the nation's leading litigators and veteran trial attorneys who have litigated complex data disputes involving novel issues of law. Rounding out the team are compliance and transactional attorneys, as well as legislative and regulatory strategists.

Our Data, Privacy, and Cybersecurity practice is consistently recognized by well-known ranking authorities such as Global Data Review’s 20 Elite, Law360, Chambers USA, Chambers Global, Chambers Europe, and Legal 500. Additionally, the team’s attorneys are individually cited for excellence and other accomplishments in these publications, and they are frequent speakers at major conferences on key developments in data, privacy, and cybersecurity.

What We Do

Wilson Sonsini’s data, privacy, and cybersecurity team advises companies of all sizes—from start-ups to industry leaders—on issues arising from the collection, use, maintenance, and security of data. Our comprehensive scope of practice includes helping clients manage government investigations and enforcement actions, and assisting them during crisis situations resulting from security breach incidents. The team’s litigators represent clients in complex, multi-jurisdictional privacy disputes and class action litigation.

The firm’s Data, Privacy, and Cybersecurity practice is a global practice. With practitioners based in key markets in the U.S., the European Union, and the UK, Wilson Sonsini advises clients on all U.S. federal, state, European, and UK privacy laws, including:

  • Children's Online Privacy Protection Act (COPPA)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • U.S. data breach notification laws
  • U.S. state privacy laws, including the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), Illinois Biometric Information Privacy Act (BIPA), Texas Capture or Use of Biometric Identifier Act (CUBI), Colorado Privacy Act (ColoPA), and the Virginia Consumer Data Protection Act (VCDPA)
  • General Data Protection Regulation (GDPR)
  • Revised European e-Privacy Directive
  • Fair Credit Reporting Act (FCRA)
  • Gramm-Leach-Bliley Act (GLBA)
  • Electronic Communication Privacy Act (ECPA)
  • Video Privacy Protection Act (VPPA)
  • Upcoming legislations in the EU and their interactions with the GDPR, including the draft e-Privacy Regulation, the draft regulation on AI, and the draft Digital Market and Digital Services Acts

Because a large percentage of Wilson Sonsini’s clients are technology and life sciences companies, our team is skilled at addressing unique issues that arise when privacy matters intersect with innovation and data. For example, our attorneys help clients apply best practices toward implementing effective privacy programs online, offline, on mobile devices, and throughout their enterprises; advise them on when and how to comply with self-regulatory programs governing online advertising; and guide them on how to develop compliant marketing and promotional communications using new media.

We help our clients determine and implement their most effective GDPR compliance program, ranging from data mapping, data protection impact assessment, privacy policies, cookies compliance, and handling of data subjects’ rights to detailed, cutting-edge, and novel GDPR compliance issues. We have unmatched experience designing data transfer strategies. We advise regularly on data transfer impact assessment, the use of EU standard contractual clauses, Code of Conduct, the use of derogations, and the approval of binding corporate rules (BCRs). In addition, we assist clients in reconciling the demands of EU data protection law with conflicting legal obligations.

In short, Wilson Sonsini’s Data, Privacy, and Cybersecurity practice is a valued asset because clients can leverage our unique combination of an experienced team led by skilled practitioners and former agency veterans and a comprehensive global legal practice that fully covers a company’s privacy and cybersecurity needs.

Alerts
The FTC After Slaughter: What Businesses Need to Understand
On June 29, 2026, the U.S. Supreme Court issued its opinion in Trump v. Slaughter, where the six-Justice majority held that appointed agency officials who wield executive power are subject to presidential removal. In so holding, the Court overruled its 1935 decision in Humphrey’s Executor v. United States, 295 U.S. 602 (1935), which for nearly a century stood for the principle that Congress can create independent agencies whose leaders can only be removed for cause.
Alerts
SCOTUS Ruling Calls into Question EU-U.S. Personal Data Flows
On June 29, 2026, the Supreme Court of the U.S. (SCOTUS) held in Trump v. Slaughter that the U.S. President can dismiss members of the Federal Trade Commission (FTC) at will, rather than only for cause, overruling existing precedent regarding independent agencies. This decision of domestic constitutional law could also change the rules governing transfer of personal data from the European Economic Area (EEA, which includes the 27 European Union countries plus Iceland, Liechtenstein, and Norway) to the U.S.
Newsletters
All Eyes on AI: Regulatory, Litigation, and Transactional Developments – Q1 2026
Wilson Sonsini is pleased to present the next edition of All Eyes on AI: Regulatory, Litigation, and Transactional Developments, which closely follows the evolving regulatory landscape for artificial intelligence (AI) in the U.S., new EU regulations for AI, international developments, litigation, recent deal highlights, firm publications, and other AI and machine learning highlights.
Bylined Articles
Wilson Sonsini Partners Co-Author Chapter in Third Edition of GCR Data & Antitrust Guide
Wilson Sonsini partners Cédric Burton, Deirdre Carroll, and Maneesha Mithal, along with associates Michelle Zang and Hattie Watson, and Gil Zhang and Michael Han of Fangda Partners, have co-authored a chapter in the third edition of the GCR Data & Antitrust Guide examining the accelerating convergence of data protection, competition, artificial intelligence (AI), and cybersecurity regulation across major jurisdictions. The chapter, “Regulators Target AI as Evolving Technology Threatens Fair Competition in the Digital Economy,” highlights a widespread recognition that traditional privacy and antitrust frameworks are increasingly insufficient on their own to address data-driven market power and AI-enabled competition concerns. In response, regulators are adopting a wide range of approaches, from sector-specific and self-regulatory models to highly prescriptive ex ante regimes.
Alerts
EU Data Act September 2026 Deadline: What Businesses Need to Know
Starting September 12, 2026, connected products sold in the EU must be built with data access functionality. This alert discusses the new access-by-design obligation and provides practical steps for compliance.
Alerts
UK Announces Social Media Ban and Broader Online Restrictions for Users Under 16
On June 15, 2026, the UK government announced plans to introduce a social media ban for users under 16 (under-16s), alongside restrictions on features deemed harmful to minors, such as livestreaming and messaging functions, for a wider range of online services, including those in the gaming sector. These measures, which may require platforms active in the UK market to significantly alter their operations, are expected to come into force in Spring 2027.
View All
Insights
Alerts
The FTC After Slaughter: What Businesses Need to Understand
On June 29, 2026, the U.S. Supreme Court issued its opinion in Trump v. Slaughter, where the six-Justice majority held that appointed agency officials who wield executive power are subject to presidential removal. In so holding, the Court overruled its 1935 decision in Humphrey’s Executor v. United States, 295 U.S. 602 (1935), which for nearly a century stood for the principle that Congress can create independent agencies whose leaders can only be removed for cause.
Alerts
SCOTUS Ruling Calls into Question EU-U.S. Personal Data Flows
On June 29, 2026, the Supreme Court of the U.S. (SCOTUS) held in Trump v. Slaughter that the U.S. President can dismiss members of the Federal Trade Commission (FTC) at will, rather than only for cause, overruling existing precedent regarding independent agencies. This decision of domestic constitutional law could also change the rules governing transfer of personal data from the European Economic Area (EEA, which includes the 27 European Union countries plus Iceland, Liechtenstein, and Norway) to the U.S.
Newsletters
All Eyes on AI: Regulatory, Litigation, and Transactional Developments – Q1 2026
Wilson Sonsini is pleased to present the next edition of All Eyes on AI: Regulatory, Litigation, and Transactional Developments, which closely follows the evolving regulatory landscape for artificial intelligence (AI) in the U.S., new EU regulations for AI, international developments, litigation, recent deal highlights, firm publications, and other AI and machine learning highlights.
Bylined Articles
Wilson Sonsini Partners Co-Author Chapter in Third Edition of GCR Data & Antitrust Guide
Wilson Sonsini partners Cédric Burton, Deirdre Carroll, and Maneesha Mithal, along with associates Michelle Zang and Hattie Watson, and Gil Zhang and Michael Han of Fangda Partners, have co-authored a chapter in the third edition of the GCR Data & Antitrust Guide examining the accelerating convergence of data protection, competition, artificial intelligence (AI), and cybersecurity regulation across major jurisdictions. The chapter, “Regulators Target AI as Evolving Technology Threatens Fair Competition in the Digital Economy,” highlights a widespread recognition that traditional privacy and antitrust frameworks are increasingly insufficient on their own to address data-driven market power and AI-enabled competition concerns. In response, regulators are adopting a wide range of approaches, from sector-specific and self-regulatory models to highly prescriptive ex ante regimes.
Alerts
EU Data Act September 2026 Deadline: What Businesses Need to Know
Starting September 12, 2026, connected products sold in the EU must be built with data access functionality. This alert discusses the new access-by-design obligation and provides practical steps for compliance.
Alerts
UK Announces Social Media Ban and Broader Online Restrictions for Users Under 16
On June 15, 2026, the UK government announced plans to introduce a social media ban for users under 16 (under-16s), alongside restrictions on features deemed harmful to minors, such as livestreaming and messaging functions, for a wider range of online services, including those in the gaming sector. These measures, which may require platforms active in the UK market to significantly alter their operations, are expected to come into force in Spring 2027.
View All
Speaking Engagements
IAPP Linkedin Live: "The FTC after Slaughter"
On July 6, Wilson Sonsini partner Maneesha Mithal will participate in a LinkedIn Live hosted by IAPP Managing Director Cobun Zweifel-Keegan titled "The FTC After Slaughter." The discussion will center on the June 29, 2026 U.S. Supreme Court decision in Trump v. Slaughter, which held that regulatory agencies Congress creates to wield executive power, including the power to enforce the law, are ultimately accountable to the chief executive. The speakers will discuss how the decision impacts the FTC, both internally and externally.
Speaking Engagements
Informa Connect Digital Law & Regulation Conference
Join Wilson Sonsini Of Counsel Tom Evans at Informa Connect's Digital Law & Regulation Conference.
Speaking Engagements
Brussels Privacy Hub Summer Academy
The Brussels Privacy Hub Summer Academy will examine how the EU digital rulebook is being reshaped through the simplification agenda and the Digital Omnibus, set against the enduring resilience of the GDPR and the expanding influence of newer instruments such as the Digital Services Act, Digital Markets Act, the Data Act, the Cyber Resilience Act and the AI Act. 
Speaking Engagements
IAPP Navigate 2026
On June 24, Wilson Sonsini partner Maneesha Mithal will speak at the IAPP Navigate 2026 Digital Policy Leadership Summit on the panel, “The Billion Dollar Club: Responding to the Growing Wave of Privacy Enforcement.” Maneesha and her fellow panelists will examine the rise in state and federal privacy enforcement, the uptick in new privacy laws across the United States, and the enforcement priorities and strategies organizations should anticipate in the years ahead. To learn more or register, please visit the event website.
Speaking Engagements
US@War: Executive Perspectives on Cyber Risk
On June 11, Wilson Sonsini partner Demian Ahn will be moderating the panel, "US@War: Executive Perspectives on Cyber Risk". Hosted by the University of Maryland's Smith Enterprise Risk Consortium, the panel will explore the Iran-nexus threat landscape—who's targeting what, where the real exposure lies, and how to think about cyber risk in a time of war. To register for the free webinar, please visit the event website.
Affiliated Programs
Incident Response Forum London 2026
On June 4, 2026, Wilson Sonsini Of Counsel Laura Brodahl will join experienced panelists from the FBI and UK NCA OR law enforcement agencies for the discussion, "Working with Law Enforcement: Balancing Cooperation with Potential Risks" at Cybersecurity Docket’s Incident Response Forum London 2026. The panel will discuss issues surrounding working with law enforcement in a shifting regulatory landscape.
View All
Events
Speaking Engagements
IAPP Linkedin Live: "The FTC after Slaughter"
On July 6, Wilson Sonsini partner Maneesha Mithal will participate in a LinkedIn Live hosted by IAPP Managing Director Cobun Zweifel-Keegan titled "The FTC After Slaughter." The discussion will center on the June 29, 2026 U.S. Supreme Court decision in Trump v. Slaughter, which held that regulatory agencies Congress creates to wield executive power, including the power to enforce the law, are ultimately accountable to the chief executive. The speakers will discuss how the decision impacts the FTC, both internally and externally.
Speaking Engagements
Informa Connect Digital Law & Regulation Conference
Join Wilson Sonsini Of Counsel Tom Evans at Informa Connect's Digital Law & Regulation Conference.
Speaking Engagements
Brussels Privacy Hub Summer Academy
The Brussels Privacy Hub Summer Academy will examine how the EU digital rulebook is being reshaped through the simplification agenda and the Digital Omnibus, set against the enduring resilience of the GDPR and the expanding influence of newer instruments such as the Digital Services Act, Digital Markets Act, the Data Act, the Cyber Resilience Act and the AI Act. 
Speaking Engagements
IAPP Navigate 2026
On June 24, Wilson Sonsini partner Maneesha Mithal will speak at the IAPP Navigate 2026 Digital Policy Leadership Summit on the panel, “The Billion Dollar Club: Responding to the Growing Wave of Privacy Enforcement.” Maneesha and her fellow panelists will examine the rise in state and federal privacy enforcement, the uptick in new privacy laws across the United States, and the enforcement priorities and strategies organizations should anticipate in the years ahead. To learn more or register, please visit the event website.
Speaking Engagements
US@War: Executive Perspectives on Cyber Risk
On June 11, Wilson Sonsini partner Demian Ahn will be moderating the panel, "US@War: Executive Perspectives on Cyber Risk". Hosted by the University of Maryland's Smith Enterprise Risk Consortium, the panel will explore the Iran-nexus threat landscape—who's targeting what, where the real exposure lies, and how to think about cyber risk in a time of war. To register for the free webinar, please visit the event website.
Affiliated Programs
Incident Response Forum London 2026
On June 4, 2026, Wilson Sonsini Of Counsel Laura Brodahl will join experienced panelists from the FBI and UK NCA OR law enforcement agencies for the discussion, "Working with Law Enforcement: Balancing Cooperation with Potential Risks" at Cybersecurity Docket’s Incident Response Forum London 2026. The panel will discuss issues surrounding working with law enforcement in a shifting regulatory landscape.
View All
Demian Ahn
Partner
Washington, D.C.
Demian Ahn is a member of the firm’s data, privacy, and cybersecurity practice based in Washington, D.C. He leads the firm’s incident response practice and advises companies on compliance, regulatory, and crisis management matters relating to emerging technologies of all kinds.
  • Data, Privacy, and Cybersecurity
View Profile
Colleen Bal
Partner
San Francisco
Colleen is a nationally recognized trial lawyer with a proven track record of handling difficult and high-profile cases for leading technology, life sciences, and financial companies.
  • Litigation
View Profile
Cédric Burton
Partner
Brussels
Cédric co-leads the firm's global privacy and cybersecurity practice and leads the EU data protection team.
  • Data, Privacy, and Cybersecurity
View Profile
Daniel Chen
Partner
Palo Alto
Daniel Chen is a partner in the Palo Alto office of Wilson Sonsini Goodrich & Rosati, where he focuses on privacy, cybersecurity, and data processing matters. Daniel works closely with clients to navigate complex compliance risks and challenges, including in connection with the use of data and data-driven products and services. He also has extensive experience advising clients on mergers, acquisitions, spin-offs, securities offerings, strategic partnerships, data licensing arrangements, service engagements, and other commercial transactions.  
  • Data, Privacy, and Cybersecurity
View Profile
Jodi Daniel
Partner
Washington, D.C.
Jodi Daniel is a nationally recognized leader in digital health law and policy, trusted by health care organizations and technology innovators to navigate the complex and dynamic regulatory landscape of digital health and wellness. With over 30 years of experience in healthcare innovation—including 15 years as a lawyer and senior policymaker at the U.S. Department of Health and Human Services (HHS)—Jodi leverages her extensive experience in digital health and health data to deliver strategic, practical advice to clients engaged in groundbreaking products and services that raise novel legal, policy, and ethical issues.
  • Regulatory
View Profile
Laura De Boel
Partner
Brussels
Laura De Boel is a partner in the Brussels office of Wilson Sonsini Goodrich & Rosati, where she is a member of the privacy and cybersecurity practice. She assists clients on all matters related to EU data regulations including:
  • Data, Privacy, and Cybersecurity
View Profile
Joshua F. Gruenspecht
Partner
Washington, D.C.
Joshua advises domestic and foreign investors, funds, established companies and startups in regulatory, investigative, and enforcement matters.
  • National Security and Trade
View Profile
Victor Jih
Partner
Century City
Victor has extensive experience as a commercial litigator in a wide range of complex business disputes at both the trial and appellate levels.
  • Litigation
View Profile
David H. Kramer
Partner
Palo Alto
David represents companies facing challenging disputes involving novel issues of law. 
  • Litigation
View Profile
Samantha Alexandria-Booth Machock
Partner
San Diego
Samantha Machock is a partner in the San Diego office of Wilson Sonsini Goodrich & Rosati, where she is a member of the internet strategy and litigation group. Samantha’s practice focuses on representing technology and healthcare companies in complex, high-stakes consumer class and mass actions, particularly those involving cutting-edge consumer protection, false advertising, privacy, and cybersecurity-related claims. She has secured victories for her clients on a wide range of dispositive motions and class action issues: Recent victories include dismissal of claims against a generative AI service for allegedly misleading users, dismissal of a putative TCPA class action, and dismissal of claims seeking to create novel privacy rights for drivers under California’s Unfair Competition Law. Samantha is currently lead counsel for YouTube and Google in hundreds of cases alleging youth addiction and other harms as a result of YouTube’s design. 
  • Litigation
View Profile
View All
People
Demian Ahn
Partner
Washington, D.C.
Demian Ahn is a member of the firm’s data, privacy, and cybersecurity practice based in Washington, D.C. He leads the firm’s incident response practice and advises companies on compliance, regulatory, and crisis management matters relating to emerging technologies of all kinds.
  • Data, Privacy, and Cybersecurity
View Profile
Colleen Bal
Partner
San Francisco
Colleen is a nationally recognized trial lawyer with a proven track record of handling difficult and high-profile cases for leading technology, life sciences, and financial companies.
  • Litigation
View Profile
Cédric Burton
Partner
Brussels
Cédric co-leads the firm's global privacy and cybersecurity practice and leads the EU data protection team.
  • Data, Privacy, and Cybersecurity
View Profile
Daniel Chen
Partner
Palo Alto
Daniel Chen is a partner in the Palo Alto office of Wilson Sonsini Goodrich & Rosati, where he focuses on privacy, cybersecurity, and data processing matters. Daniel works closely with clients to navigate complex compliance risks and challenges, including in connection with the use of data and data-driven products and services. He also has extensive experience advising clients on mergers, acquisitions, spin-offs, securities offerings, strategic partnerships, data licensing arrangements, service engagements, and other commercial transactions.  
  • Data, Privacy, and Cybersecurity
View Profile
Jodi Daniel
Partner
Washington, D.C.
Jodi Daniel is a nationally recognized leader in digital health law and policy, trusted by health care organizations and technology innovators to navigate the complex and dynamic regulatory landscape of digital health and wellness. With over 30 years of experience in healthcare innovation—including 15 years as a lawyer and senior policymaker at the U.S. Department of Health and Human Services (HHS)—Jodi leverages her extensive experience in digital health and health data to deliver strategic, practical advice to clients engaged in groundbreaking products and services that raise novel legal, policy, and ethical issues.
  • Regulatory
View Profile
Laura De Boel
Partner
Brussels
Laura De Boel is a partner in the Brussels office of Wilson Sonsini Goodrich & Rosati, where she is a member of the privacy and cybersecurity practice. She assists clients on all matters related to EU data regulations including:
  • Data, Privacy, and Cybersecurity
View Profile
Joshua F. Gruenspecht
Partner
Washington, D.C.
Joshua advises domestic and foreign investors, funds, established companies and startups in regulatory, investigative, and enforcement matters.
  • National Security and Trade
View Profile
Victor Jih
Partner
Century City
Victor has extensive experience as a commercial litigator in a wide range of complex business disputes at both the trial and appellate levels.
  • Litigation
View Profile
David H. Kramer
Partner
Palo Alto
David represents companies facing challenging disputes involving novel issues of law. 
  • Litigation
View Profile
Samantha Alexandria-Booth Machock
Partner
San Diego
Samantha Machock is a partner in the San Diego office of Wilson Sonsini Goodrich & Rosati, where she is a member of the internet strategy and litigation group. Samantha’s practice focuses on representing technology and healthcare companies in complex, high-stakes consumer class and mass actions, particularly those involving cutting-edge consumer protection, false advertising, privacy, and cybersecurity-related claims. She has secured victories for her clients on a wide range of dispositive motions and class action issues: Recent victories include dismissal of claims against a generative AI service for allegedly misleading users, dismissal of a putative TCPA class action, and dismissal of claims seeking to create novel privacy rights for drivers under California’s Unfair Competition Law. Samantha is currently lead counsel for YouTube and Google in hundreds of cases alleging youth addiction and other harms as a result of YouTube’s design. 
  • Litigation
View Profile
View All

Wilson Sonsini assists companies facing government investigations that are often triggered by high-profile privacy incidents, novel business practices, and data breaches. We advise clients facing inquiries from key U.S. enforcement agencies, including the FTC, FCC, FBI, DOJ, and SEC; the Secret Service and other Department of Homeland Security offices and agencies; members of the Intelligence Community; and state and local agencies, including investigations led by state attorneys general. We have represented clients at every stage of an investigation, from advising on informal regulatory inquiries to managing and resolving complex, bet-the-company investigations.

We have particular expertise in representing companies facing government investigations into children’s privacy, advertising, and data security practices. For example, we have represented companies in the most significant COPPA and GDPR enforcement actions brought by the FTC and EU data protection authorities, respectively, positioning Wilson Sonsini as a leader on children’s privacy issues. We have a track record of obtaining favorable outcomes for our clients and resolving investigations without enforcement action. We also have deep experience in crafting thoughtful and effective responses to security breaches—for both business and legal purposes.

Our global practice scope and international experience allow us to help clients manage multi-jurisdictional challenges, including privacy inquiries by EU Data Protection Authorities. Our practitioners in Brussels and London assist clients with investigative matters originating from government entities throughout Europe and the UK, including inquiries involving the European Data Protection Authorities and the European Data Protection Board.

Government Inquiries and Investigations

Wilson Sonsini assists companies facing government investigations that are often triggered by high-profile privacy incidents, novel business practices, and data breaches. We advise clients facing inquiries from key U.S. enforcement agencies, including the FTC, FCC, FBI, DOJ, and SEC; the Secret Service and other Department of Homeland Security offices and agencies; members of the Intelligence Community; and state and local agencies, including investigations led by state attorneys general. We have represented clients at every stage of an investigation, from advising on informal regulatory inquiries to managing and resolving complex, bet-the-company investigations.

We have particular expertise in representing companies facing government investigations into children’s privacy, advertising, and data security practices. For example, we have represented companies in the most significant COPPA and GDPR enforcement actions brought by the FTC and EU data protection authorities, respectively, positioning Wilson Sonsini as a leader on children’s privacy issues. We have a track record of obtaining favorable outcomes for our clients and resolving investigations without enforcement action. We also have deep experience in crafting thoughtful and effective responses to security breaches—for both business and legal purposes.

Our global practice scope and international experience allow us to help clients manage multi-jurisdictional challenges, including privacy inquiries by EU Data Protection Authorities. Our practitioners in Brussels and London assist clients with investigative matters originating from government entities throughout Europe and the UK, including inquiries involving the European Data Protection Authorities and the European Data Protection Board.

Wilson Sonsini’s team provides practical advice on how clients at every stage can collect, use, protect, and share data while remaining in compliance with privacy laws. We counsel clients in a wide range of industries on cutting-edge technologies. We have particular expertise in advising companies on compliance with COPPA, TCPA, CCPA, state biometric privacy laws, GDPR, the e-Privacy Directive, data localization laws, and advertising laws and regulations, such as the FTC’s Endorsement Guides.

In addition, our team advises clients on measures that demonstrate responsible stewardship of data and reduce the risk of regulatory and legal exposure. Examples of preventative measures we assist clients with include helping them:

  • create, enhance, and audit privacy policies and programs;
  • develop and implement global compliance programs; and
  • establish sound and efficient information governance programs.
Privacy Counseling and Compliance

Wilson Sonsini’s team provides practical advice on how clients at every stage can collect, use, protect, and share data while remaining in compliance with privacy laws. We counsel clients in a wide range of industries on cutting-edge technologies. We have particular expertise in advising companies on compliance with COPPA, TCPA, CCPA, state biometric privacy laws, GDPR, the e-Privacy Directive, data localization laws, and advertising laws and regulations, such as the FTC’s Endorsement Guides.

In addition, our team advises clients on measures that demonstrate responsible stewardship of data and reduce the risk of regulatory and legal exposure. Examples of preventative measures we assist clients with include helping them:

  • create, enhance, and audit privacy policies and programs;
  • develop and implement global compliance programs; and
  • establish sound and efficient information governance programs.

Our cybersecurity team counsels clients on how to minimize cyber risks and respond to cyber threats and attacks. We help develop incident response plans, policies, and procedures required by various laws and regulations, as well as conduct incident response testing. We manage forensic and internal investigations related to security incidents, including the submission of regulatory notifications across all 50 states and three territories, as well as the submission of notifications under the General Data Protection Regulation (GDPR). This includes advising companies when their systems, products, or employees may have been targeted for cyber exploitation by foreign state actors.

We also advise our clients on the full range of issues that arise when the government seeks user data or customer information, or attempts to compel one of our clients to directly assist in the government's efforts to conduct intelligence and law enforcement operations. We have expertise in dealing with:

  • requests for information under the Foreign Intelligence Surveillance Act (FISA);
  • National Security Letters (NSLs);
  • issues under the Wiretap and Stored Communications Acts; and
  • other search warrants and subpoenas from federal, state, and local intelligence and law enforcement authorities.

In addition, we assist clients involved in cutting-edge research and development that require specialized counsel to help them navigate the national security issues associated with innovation in a global economy. 

Cybersecurity and Incident Response

Our cybersecurity team counsels clients on how to minimize cyber risks and respond to cyber threats and attacks. We help develop incident response plans, policies, and procedures required by various laws and regulations, as well as conduct incident response testing. We manage forensic and internal investigations related to security incidents, including the submission of regulatory notifications across all 50 states and three territories, as well as the submission of notifications under the General Data Protection Regulation (GDPR). This includes advising companies when their systems, products, or employees may have been targeted for cyber exploitation by foreign state actors.

We also advise our clients on the full range of issues that arise when the government seeks user data or customer information, or attempts to compel one of our clients to directly assist in the government's efforts to conduct intelligence and law enforcement operations. We have expertise in dealing with:

  • requests for information under the Foreign Intelligence Surveillance Act (FISA);
  • National Security Letters (NSLs);
  • issues under the Wiretap and Stored Communications Acts; and
  • other search warrants and subpoenas from federal, state, and local intelligence and law enforcement authorities.

In addition, we assist clients involved in cutting-edge research and development that require specialized counsel to help them navigate the national security issues associated with innovation in a global economy. 

Our data, privacy, and cybersecurity team advises clients on the privacy and data security issues that arise in transactional matters. Our experience includes:

  • representing companies in high-stakes mergers, acquisitions, and asset dispositions in which data is a key asset and where data transfers raise sensitive, complex, and often novel privacy issues;
  • representing financial institutions and other companies in IPOs and other financial offerings involving companies whose business models entail collecting, processing, and disclosing user data; and
  • assisting companies of all sizes in negotiating licensing, outsourcing, services, and other commercial transactions, including advising on privacy and data-security-related risks and obligations relating to the use, processing, security, and monetization of consumer data.

Our transactional attorneys’ combination of experience and understanding of prevailing norms enables them to provide responsive and practical advice while keeping our clients' business objectives in mind.

Transactions

Our data, privacy, and cybersecurity team advises clients on the privacy and data security issues that arise in transactional matters. Our experience includes:

  • representing companies in high-stakes mergers, acquisitions, and asset dispositions in which data is a key asset and where data transfers raise sensitive, complex, and often novel privacy issues;
  • representing financial institutions and other companies in IPOs and other financial offerings involving companies whose business models entail collecting, processing, and disclosing user data; and
  • assisting companies of all sizes in negotiating licensing, outsourcing, services, and other commercial transactions, including advising on privacy and data-security-related risks and obligations relating to the use, processing, security, and monetization of consumer data.

Our transactional attorneys’ combination of experience and understanding of prevailing norms enables them to provide responsive and practical advice while keeping our clients' business objectives in mind.

Wilson Sonsini’s litigation attorneys have successfully defended our clients since the privacy litigation trend arose through their effective, creative advocacy on behalf of companies ranging from innovative start-ups to market-leading technology companies. Our litigation team has consistently achieved favorable resolutions on behalf of clients in precedent-setting victories in privacy and internet law disputes, and the firm’s attorneys have consistently been involved in the most complex and novel privacy cases—especially considering Wilson Sonsini’s longtime nexus to innovative, disruptive technology companies.

Our team has decades of experience defending litigation from the earliest stages of class actions, including cases involving allegations of the improper tracking of user behavior online and on mobile devices. We have also represented companies in litigation involving claims under COPPA, the Computer Fraud and Abuse Act (CFAA), the VPPA, TCPA, BIPA, and other state privacy laws. We work with local counsel across the UK and the European Union to assist our clients in complex privacy litigations before national courts, as well as before the Court of Justice of the European Union.

Litigation

Wilson Sonsini’s litigation attorneys have successfully defended our clients since the privacy litigation trend arose through their effective, creative advocacy on behalf of companies ranging from innovative start-ups to market-leading technology companies. Our litigation team has consistently achieved favorable resolutions on behalf of clients in precedent-setting victories in privacy and internet law disputes, and the firm’s attorneys have consistently been involved in the most complex and novel privacy cases—especially considering Wilson Sonsini’s longtime nexus to innovative, disruptive technology companies.

Our team has decades of experience defending litigation from the earliest stages of class actions, including cases involving allegations of the improper tracking of user behavior online and on mobile devices. We have also represented companies in litigation involving claims under COPPA, the Computer Fraud and Abuse Act (CFAA), the VPPA, TCPA, BIPA, and other state privacy laws. We work with local counsel across the UK and the European Union to assist our clients in complex privacy litigations before national courts, as well as before the Court of Justice of the European Union.

Related Practices
  • Regulatory
  • Federal Trade Commission
  • Class Action Litigation
  • Commercial Litigation
  • Government Investigations
  • Internet Strategy and Litigation
Recent Insights
Alerts
The FTC After Slaughter: What Businesses Need to Understand
On June 29, 2026, the U.S. Supreme Court issued its opinion in Trump v. Slaughter, where the six-Justice majority held that appointed agency officials who wield executive power are subject to presidential removal. In so holding, the Court overruled its 1935 decision in Humphrey’s Executor v. United States, 295 U.S. 602 (1935), which for nearly a century stood for the principle that Congress can create independent agencies whose leaders can only be removed for cause.
Learn More
Alerts
SCOTUS Ruling Calls into Question EU-U.S. Personal Data Flows
On June 29, 2026, the Supreme Court of the U.S. (SCOTUS) held in Trump v. Slaughter that the U.S. President can dismiss members of the Federal Trade Commission (FTC) at will, rather than only for cause, overruling existing precedent regarding independent agencies. This decision of domestic constitutional law could also change the rules governing transfer of personal data from the European Economic Area (EEA, which includes the 27 European Union countries plus Iceland, Liechtenstein, and Norway) to the U.S.
Learn More
View All
Recent Events
Speaking Engagements
IAPP Linkedin Live: "The FTC after Slaughter"
On July 6, Wilson Sonsini partner Maneesha Mithal will participate in a LinkedIn Live hosted by IAPP Managing Director Cobun Zweifel-Keegan titled "The FTC After Slaughter." The discussion will center on the June 29, 2026 U.S. Supreme Court decision in Trump v. Slaughter, which held that regulatory agencies Congress creates to wield executive power, including the power to enforce the law, are ultimately accountable to the chief executive. The speakers will discuss how the decision impacts the FTC, both internally and externally.
Learn More
Speaking Engagements
Informa Connect Digital Law & Regulation Conference
Join Wilson Sonsini Of Counsel Tom Evans at Informa Connect's Digital Law & Regulation Conference.
Learn More
View All
Key Contacts
Cédric Burton
Partner
Brussels
Cédric co-leads the firm's global privacy and cybersecurity practice and leads the EU data protection team.
  • Data, Privacy, and Cybersecurity
View Profile
Maneesha Mithal
Partner
Washington, D.C.
Maneesha Mithal is a partner in the Washington, D.C., office of Wilson Sonsini and co-chair of the firm’s data, privacy, and cybersecurity practice. Maneesha advises clients on privacy, cybersecurity, and consumer protection matters and represents companies in regulatory investigations. She is also one of the founding members of Wilson Sonsini’s AI group.
  • Data, Privacy, and Cybersecurity
View Profile
Christopher N. Olsen
Partner
Washington, D.C.
Christopher advises clients on all aspects of privacy and cybersecurity matters and represents companies under investigation by the FTC and state attorneys general.
  • Data, Privacy, and Cybersecurity
View Profile
  • people
  • insights
  • about us
  • careers
  • Binder
  • Alumni
  • Mailing List Signup
  • Client FTP Portal
  • Privacy Policy
  • Terms of Use
  • Accessibility
WSGR logo
Twitter
LinkedIn
Facebook
Instagram
Youtube
Copyright © 2026 Wilson Sonsini Goodrich & Rosati. All Rights Reserved.