Julia Apostle Partner

Paris

Julia counsels on compliance issues in relation to European and French tech and data regulations, including:

• the GDPR;
• the Digital Services Act;
• the EU AI Act and the regulation of AI more generally,
• the Data Act;
• the Cyber Resilience Act;
• the NIS2 Directive;

and other new and emerging legislation impacting online platforms, technology developers, and eCommerce businesses. She advises companies of all sizes on a wide range of compliance matters, ranging the drafting of internal policies, to assisting with regulatory investigations, product counseling and regulatory engagement.

In the context of strategic transactions covering significant and complex technological issues, she is involved in the drafting and negotiation of agreements relating to data transfer, IT, software, content and brand licensing.

Julia is deeply familiar with the commercial considerations’ clients face, having practiced in-house at Twitter, Financial Times and CBS for more than a decade prior to joining Orrick. Julia also teaches a course on AI contracts for the Master's program in AI Law at a leading French university and acts as a mentor for students.

Rami Kawkabani Senior Associate

Paris

Rami advises clients in drafting and negotiating their contractual terms and in the context of strategic transactions covering significant and complex technological issues including in terms of liability and intellectual property.

He also regularly advises clients on compliance with tech and data European and French regulations (Digital Services Act, AI Act, GDPR, Data Act, LCEN) and in the context of their commercial practices towards consumers.

Rami has spent time in-house with major tech companies, and is able to quickly understand his client’s requirements and priorities.

Róisín Culligan Managing Associate

London

Róisín works with fast-growing startups and established technology companies to navigate complex legal frameworks.

She has a particular focus on AI governance, complex outsourcings, technology contracts and digital platform compliance with the EU’s new technology regulations.

Prior to joining Orrick, Róisín held roles at a top-tier Irish law firm where she developed a deep understanding of the intersection between law, technology and business strategy.

Sulina Gabale Partner

Washington, D.C.

As innovation pushes the limits of technology, those ideas challenge the boundaries of what is considered “personally identifiable information.” Sulina answers the question - how can we create tomorrow’s technology with yesterday’s privacy and consumer protection laws? Sulina works closely with innovators at all levels of a business – executives, engineers, marketing and product, HR and customer service teams – to gain a true understanding of their goals and the data they’re collecting, using and sharing. She places herself in her client’s shoes as well as in consumers’ mindset to devise creative privacy-by-design solutions, ensuring her client’s business and data innovation strategies withstand multi-national rules, government regulations, industry standards and consumer scrutiny.

With experience in both data privacy and consumer protection, Sulina utilizes a comprehensive approach to counsel clients on a myriad of issues affecting consumers and businesses. She routinely guides companies of all sizes through the existing patchwork of laws, self-regulatory standards and industry practice impacting data privacy and security. She advises clients subject to regulatory investigations and litigation involving a spectrum of federal and state laws, including:

• California Online Privacy Protection Act (CalOPPA)
• Children’s Online Privacy Protection Act (COPPA)
• Family Educational Rights and Privacy Act (FERPA) and related state student data privacy laws
• Fair Credit Reporting Act (FCRA)
• Gramm-Leach-Bliley Act (GLBA)
• Illinois’ Biometric Information Privacy Act (BIPA) and other biometric privacy laws
• Section 5 of the Federal Trade Commission Act (FTC Act)
• U.S. state privacy laws in California, Colorado, Connecticut, Utah, Virginia and other states

Sulina advises companies of all sizes on the development and deployment of cutting-edge technologies and services, including ad-tech, AI and machine learning, biometric tools, social media, robotics and IoT devices, marketing and promotions and more. Sulina began her legal career focusing on consumer protection. She continues to counsel clients on marketing and promotional issues, including interest-based ads; sweepstakes and promotions; automatic renewal and subscriptions; advertising substantiation; influencer programs and social media; SMS text messaging and telemarketing (including matters involving the Telemarketing Sales Rule (TSR), the Telephone Consumer Protection Act (TCPA)); and other state and federal consumer protection laws.

Sulina’s practice is industry-agnostic. She has represented clients ranging from start-ups to Fortune 500s, non-profits, academic institutions and city governments across a range of industries from fashion and ecommerce, financial services, retail, food and beverage and technology services. Prior to law school, Sulina worked in the highly interactive fields of journalism, entertainment and digital media. This well-rounded background helps her connect with clients on a personal level, and ensure her advice integrates legal solutions with business practicality.

Before joining Orrick, Sulina was a member of the Privacy & Data Security Group; Entertainment & Media Group; and IP, Information & Innovation Group at Reed Smith, LLP in New York and Washington, D.C.

Aravind Swaminathan Partner

Seattle; Boston

A leading cybersecurity and online safety authority, Aravind is recognized by Chambers USA in Privacy and Data Security in both Litigation and Incident Response. Clients describe him as “a very talented lawyer experienced with incident responses” and “incredibly responsive and technically savvy.”

Aravind’s deep knowledge of his clients’ business objectives and technological capabilities distinguishes him as a strategic advisor and frontline crisis responder. He advises some of the world’s leading online platforms, public and private financial institutions, tech companies, higher education institutions, and critical infrastructure providers on cybersecurity, and their obligations to monitor and remove harmful or illegal content online and root out instances of child exploitation.

He is adept at guiding companies through cybersecurity incidents, having directed more than 500 data breach investigations, including enterprise-wide network intrusions to cyberattacks with national security implications. Aravind defends clients in an array of cybersecurity and privacy class actions and regulatory enforcement actions brought by the SEC, FTC, NY DFS and State AGs, and also represents individual C-level executives in criminal and civil regulatory enforcement matters.

As a former assistant United States attorney, he investigated and prosecuted a broad array of cybercrime, child exploitation cases, digital crimes, and white-collar crime cases. This first-hand knowledge of federal agencies allows him to navigate the system, partner with investigators and find creative solutions for clients.

Aravind is a member of Orrick’s Board of Directors, and he devotes much of his free time to advising independent schools on AI, online safety, and cybersecurity, and teaching and coaching.

Behnam Dayanim Partner

Washington, D.C.

Behn advises gaming and gambling providers, large media companies, Fintech, blockchain and more traditional financial services participants, and other technology and consumer-focused companies on issues at the intersection of gaming, financial services, data privacy and governance and related regulatory areas. Clients turn to him for his ability to advise on the whole frame of issues they may encounter, and he is equally comfortable guiding emerging companies in the early stages of their lifecycles and mature, multinational public companies. Behn is at home in the courtroom – representing clients in cutting-edge gaming litigations, before regulatory bodies – helping the crypto industry address growing sanctions and other financial services obligations, and in the boardroom – assisting in the formation of significant commercial partnerships, brand licenses, acquisitions and other combinations.

Magda Gathani Senior Associate

Washington, D.C.

Magda advises payments companies and commercial clients engaged in money transmission with regard to federal and state compliance, including the Bank Secrecy Act (BSA), anti-money-laundering (AML) laws, licensing obligations and consumer compliance. She also counsels clients on consumer privacy issues arising from the Gramm-Leach-Bliley Act (GLBA) and Regulation P, the California Consumer Privacy Act (CCPA), the New York Department of Financial Services (NYDFS) Cybersecurity Rules, and other state and federal laws that address data privacy and information security.

Prior to joining Orrick, Magda was an associate at Buckley LLP.

She is a Certified Information Privacy Professional (CIPP/US).

Elizabeth McGinn Partner

Washington, D.C.; New York

In conjunction with this work, she develops policies and procedures, records retention schedules and training materials. A significant part of her practice involves addressing data security breaches, working proactively with clients to prevent such breaches from occurring, and advising clients in responding to regulatory inquiries, investigations and enforcement actions related to privacy, information security and cybersecurity issues. She also assists numerous professional sports teams comply with data privacy concerns, consumer financing laws and payment system issues.

Beth also represents financial institutions, corporations and individuals in a wide range of matters. She advises clients in investigations, examinations and litigation initiated by the Consumer Financial Protection Bureau (CFPB), the New York Department of Financial Services (NYDFS), the Department of Justice (DOJ), the Federal Trade Commission (FTC), state attorneys general and bank regulatory agencies. She has represented financial institutions in class action litigation concerning federal and state fair lending laws, mortgage fraud, unfair and deceptive trade practices statutes, consumer fraud statutes and consumer privacy laws. She has extensive experience counseling clients in response to federal and state subpoenas and handling all aspects of e-discovery.

Over the course of her career, Beth has represented clients in matters involving simultaneous criminal, civil administrative and congressional proceedings. She has defended clients in matters relating to money laundering compliance issues and investigations and litigation by the U.S. Attorney’s Office for the Southern District of New York (SDNY), the Manhattan District Attorney’s Office, the Department of Treasury, the Securities and Exchange Commission (SEC), and various congressional committees, including the U.S. Committee on Homeland Security and Government Affairs Permanent Subcommittee on Investigations, the U.S. House Financial Services Committee and the U.S. House Committee on Oversight and Government Reform.

Beth has published and spoken on a variety of topics, including privacy, cybersecurity, electronic discovery, vendor management and consumer financial services litigation. She authored the chapter on “Oversight of Compliance and Control Responsibilities” for Navigating the Digital Age – The Definitive Cybersecurity Guide for Directors and Officers. She has been recognized for her work in Cyber Law (Data Protection and Privacy) by Legal 500 since 2013, which describes her as “outstanding on privacy and e-discovery issues,” “able to advise both on the regulatory and litigation sides of problems,” an attorney who "exceeds expectations on response and turnaround times,” “has strong industry knowledge in data security and privacy, and is able to walk the fine line between operational efficiency and regulatory compliance' when developing IT policies.” It also described her as “top notch, incredibly responsive, thoughtful, and provides advice that is both practical and efficient.”

Prior to joining Orrick, Beth was a partner at Buckley LLP where she was Co-chair of the firm’s Privacy, Cyber Risk & Data Security practice and E-discovery Committee. Previously she was an associate at Skadden, Arps, Slate, Meagher & Flom. She clerked for Federal Magistrate Judge P. Trevor Sharp of the United States District Court for the Middle District of North Carolina after law school. Beth is a Certified Information Privacy Professional (CIPP/US).

David McGill Partner

Washington, D.C.

The Legal 500 reports that David has earned a reputation among clients for dispensing “invaluable and practical, business-oriented advice,” and his approach to disputes has been praised as “insightful, uber responsive and fearless.”

Known as an aggressive advocate, David is frequently retained by financial firms to design creative solutions for investigations and disputes involving allegations of market misconduct across an array of financial products, commodities, and other asset classes. He has successfully persuaded the U.S. Commodity Futures Trading Commission (CFTC), U.S. Department of Justice (DOJ), and U.S. Securities and Exchange Commission (SEC) to walk away from threatened charges in numerous contexts, and his recent litigation wins include obtaining the first-ever dismissal of a criminal spoofing scheme charge in a commodities futures case. Alternative asset managers and technology companies often turn to David for advice on regulatory and compliance issues, including in the areas of digital currency and exchange enforcement.

David’s practice also extends to intellectual property disputes and investigations into alleged workplace misconduct. He regularly represents technology, sports, and media companies in matters involving allegations of trade secret misappropriation, licensing disputes, unfair competition, and employee/insider misconduct.

Dr. Odey Hardan Associate

Düsseldorf

Prior to joining Orrick, Odey served as a research assistant to a distinguished chair focusing on European law, where he authored several academic papers. Throughout his doctoral studies, he delved deeply into the intricate realms of European, international, and data protection law.

Additionally, Odey contributed to significant legal opinions and gained practical experience by supporting the representation of the German Federal Government in pivotal cases before the Federal Constitutional Court, including the proceedings on the European Patent Convention, CETA and the EU-Singapore Free Trade Agreement.

Before starting his legal practice, he also worked as a research assistant for an international UK-headquartered law firm.

Thora Johnson Partner

Washington, D.C.

Thora works with medical device, pharmaceutical, biotech and digital health companies, helping them navigate the increasingly complex patchwork of state and federal health privacy laws. One client described her to the Legal 500 as a “very practical” advisor providing “exceptional guidance” on health information privacy and HIPAA compliance matters.

Her breadth and depth of experience enable Thora to assist clients in harnessing the power of artificial intelligence and executing data-sharing arrangements, all while protecting health data. As a result, Thora spends much of her time counseling pioneering startups and high-growth companies on responsible innovation in healthcare and life sciences.

Thora brings extensive experience counseling clients, including Fortune 500 companies and brick and mortar providers, on the Health Insurance Portability and Accountability Act (HIPAA) and other state and federal health privacy and regulatory compliance regimes including:

• Office of the National Coordinator for Health Information Technology’s interoperability and information blocking regulations
• Centers for Medicare & Medicaid Service’s (CMS’s) interoperability and patient access regulations
• Part 2 confidentiality requirements applicable to substance abuse records
• State health information privacy laws
• State consumer privacy laws with special controls for health data
• Medicare/Medicaid compliance
• Mental Health Parity and Addiction Equity Act (MHPAEA)
• Genetic Information Nondiscrimination Act (GINA)
• Affordable Care Act (ACA) compliance
• Regulatory requirements of the Employer Retirement Income Security Act (ERISA), the Internal Revenue Code, HIPAA, and the ACA as they apply to employer health and wellness plans

Thora routinely helps companies and large employers prepare for and respond to privacy and security incidents involving health information. She also defends clients in government investigations initiated by the OCR, OIG, DOJ, FTC and State AGs, among others.

Jonathan Direnfeld Partner

Washington, D.C.

Jon’s enforcement work involves helping clients navigate the patchwork of federal and state “consumer protection” rules and defending investigations and enforcement actions brought by the Federal Trade Commission (FTC), U.S. Department of Justice (DOJ), State Attorneys General (AGs), and other state regulatory agencies. These matters cover a broad spectrum of B2C and B2B issues, including data privacy, cybersecurity, greenwashing, and so-called “unfair and deceptive” sales and marketing practices with a focus on representation of e-commerce platforms, marketplaces, gig economy, social media and fintech companies. In connection with these enforcement matters, Jon is able to leverage his substantial experience in crisis management by helping clients devise and implement coordinated regulatory, legislative, and media responses to these high stakes incidents.

Jon also helps companies identify and understand regulatory risks and opportunities associated with ESG marketing and goals by providing guidance on greenwashing and the FTC’s Green Guides to help clients avoid deceptive marketing for environmental responsibility and sustainability.

Jon also has substantial experience in the antitrust and competition space, including class action antitrust litigation, criminal cartel investigations and enforcement actions before the DOJ and international regulators, as well as mergers and acquisitions and conduct investigations before the DOJ and FTC. In addition, Jon also provides strategic public policy counseling to clients on consumer protection and data management matters before Congress and executive branch agencies, and he has an active complex commercial litigation practice in federal and state courts across the country.