Emily S. Tabatabai


Washington, D.C.


Emily S. Tabatabai is a partner and founding member of Orrick’s global Cyber, Privacy & Data Innovation Group. She has been recognized by Chambers USA as “an invaluable resource to have when it comes to data privacy and security,” particularly in matters involving state privacy laws, education technology (EdTech) and children’s privacy.

Emily provides strategic counseling and advice on privacy, consumer protection and online safety matters to clients across industries, including retail, ecommerce, mobile apps, gaming, social media, advertising technology (adtech), financial services, education, business services and technology. She also represents clients subject to regulatory investigations, including before the FTC and States Attorneys General, Congressional committees and other regulatory agencies and groups.

Emily provides proactive compliance guidance, and regulatory investigation defense, on a variety of privacy and consumer protection laws, including:

  • U.S. state privacy laws in California, Colorado, Connecticut, Utah and Virginia (CCPA, CPRA, CPA, CTDPA, UCPA, VCDPA)
  • Children’s Online Privacy Protection Act (COPPA)
  • Online safety laws for kids and teens, including California Age-Appropriate Design Code Act (AADC), Utah Social Media Regulation Act and others
  • Section 5 of the Federal Trade Commission Act (FTC Act) and state unfair and deceptive acts and practices (UDAP) laws
  • Family Educational Rights and Privacy Act (FERPA)
  • California’s Student Online Personal Information Protection Act (SOPIPA), New York’s Education Law 2-d and other state student data privacy laws
  • Illinois’ Biometric Information Privacy Act (BIPA) and other biometric privacy laws
  • Washington My Health My Data Act and other state health privacy laws
  • Fair Credit Reporting Act (FCRA)
  • Gramm-Leach-Bliley Act (GLBA)
  • Telephone Consumer Protection Act (TCPA)
  • Telemarketing Sales Rule (TSR)
  • Restore Online Shoppers’ Confidence Act (ROSCA)

Emily is a frequent speaker on data privacy matters, with a particular focus on children’s privacy (COPPA), student data privacy and EdTech and online safety laws for kids and teens. She has been featured as an “Up and Coming” Privacy & Data Security attorney by Chambers USA and Chambers Global. Clients tell Chambers, “She’s been an excellent partner. She has a very good understanding of the practical realities of implementing privacy policies for large companies.” Citing her expertise in the field of educational privacy, student data and EdTech matters, Chambers reports that clients regard her as “very knowledgeable and truly an expert in this space,” with some saying, “On the student data side, she is unmatched,” and The Legal 500 notes that Emily “is the first port of call for child- and student-directed service providers for compliance advice with COPPA, SOPIPA and CalOPPA regulations.”

Emily also has an active consumer protection practice, focused on marketing and promotional issues. She counsels clients on advertisements and endorsements, retail sales and e-commerce, advertising substantiation, SMS and telemarketing, social media and online advertising.

  • Regulatory Investigations:
    • Representing global gaming platform provider in FTC investigation and enforcement action involving COPPA and Section 5 of the FTC Act.
    • Representing EdTech platform provider in FTC investigation and enforcement action involving COPPA compliance.
    • Representing global IoT device maker in investigations by FTC and multiple State Attorneys General involving alleged unfair and deceptive acts and practices related to marketing and data security
    • Representing a mobile adtech company in non-public investigations by FTC and State Attorney General involving online advertising disclosures and opt-outs and alleged unfair and deceptive acts and practices.
    • Representing a mobile app provider in investigations by the FTC and California Attorney General, both of which were closed with no further action.
    • Representing multiple clients responding to California Attorney General inquiries related to CCPA compliance.
    • Representing multiple clients subject to investigation by State Attorneys General involving recurring payments, advertising substantiation, online and mobile advertising and deceptive acts and practices.
    • Successfully resolving a non-public FTC inquiry of a global EdTech provider involving alleged COPPA violations in connection with student-directed services and adtech.
    • Representing a major global fashion retailer in an investigation by the FTC involving the client’s online privacy policies and behaviorally targeted advertising practices.
    • Representing a social application developer in a confidential investigation by the FTC involving alleged breach of data protected by COPPA.
    • Representing a software developer in non-investigative discussions with the FTC regarding the developer’s behaviorally targeted marketing program for bank transactions.

    Privacy, Online Safety, Compliance and Advisory Matters:

    • Counseling online services and social media platforms on compliance with online safety obligations, best practices, and emerging laws in relation to teen and child users, age verification, parental consent and rights and age-appropriate design.
    • Advising clients on website design and deployment of adtech and other third-party technologies to comply with laws and platform policies and mitigate litigation risk.
    • Advising a global hospitality company on the deployment of smart technologies, including facial recognition and location tracking tools, in compliance with jurisdictional privacy laws.
    • Counseling global SaaS provider on development and deployment of big data analytics service offerings utilizing artificial intelligence (AI) and machine learning technologies.
    • Advising a major municipality on smart cities initiative and development of comprehensive privacy compliance program.
    • Advising numerous companies on the development of proactive compliance with emerging U.S. state comprehensive privacy laws, including the CCPA, VCDPA, CTDPA, CPA, as well as topical state privacy laws relating to health and biometric data.
    • Advising dozens of EdTech providers on compliance with FERPA and state student data privacy laws (e.g., SOPIPA, NY 2d, SOPPA, etc.), contracting and cybersecurity matters.
    • Advising hundreds of start-ups and mature company clients across the business spectrum navigate the rapidly- evolving legal landscape of state, federal and global data protection laws and regulations by providing strategic, practical advice on compliance, best practices and emerging trends, risks and threats.