Skip to Main Content
Professional Photo
Professionals

David J. Oberly

Of Counsel

A tech-savvy attorney and recognized thought leader in the privacy space, David advises companies on all types of privacy and technology issues that arise when doing business in today's digital world and represents companies in the defense of bet-the-company privacy and technology class action litigation.

Overview


  • Indiana University Maurer School of Law, J.D., 2011
  • University of Cincinnati, B.A., 2008, cum laude
  • District of Columbia, 2024
  • Pennsylvania, 2019
  • Ohio, 2011
  • U.S. Court of Appeals for the Sixth Circuit
  • U.S. District Court for the Southern District of Ohio
  • U.S. District Court for the Northern District of Ohio
  • U.S. District Court for the Central District of Illinois

David's practice focuses on serving as go-to outside compliance and litigation counsel to technology-focused, data-driven companies. He provides strategic guidance to companies on the full range of regulatory, product, and risk management issues that impact the collection, use, and sharing of personal data. David also defends complex privacy and technology class action disputes, with a track record of defeating class claims at the initial pleading stage of litigation.

Class Action Defense

David represents companies in high-stakes, high-exposure privacy and technology class action litigation, with deep experience in defending claims alleging noncompliance with the Electronic Communications Privacy Act (ECPA), California Invasion of Privacy Act (CIPA), and similar state wiretapping laws; Video Privacy Protection Act (VPPA); Telephone Consumer Protection Act (TCPA); Illinois Biometric Information Privacy Act (BIPA); and California Consumer Privacy Act (CCPA), among others.

He possesses an intricate, comprehensive understanding of the core strategies on which plaintiffs' attorneys commonly rely in privacy and technology class actions, the range of potential defenses that may be available to defeat or limit these claims, and what arguments to expect from plaintiffs in their attempts to oppose dismissal of these types of high-exposure lawsuits. Drawing upon this knowledge, David is adept at formulating innovative, winning litigation strategies that effectively posture privacy and technology class actions for dispositive dismissals or, alternatively, negotiated settlements on favorable terms to his clients.

His command of the complexities of cutting-edge technologies and associated data flows, the nuances of class action procedure and strategy, and the rapidly changing nature of the law in this space – combined with the innovative and creative approaches he brings to every dispute – enables David to consistently produce exemplary results and outcomes when companies need it the most and makes him a go-to litigator for high-stakes privacy and technology class action litigation matters.

As David's representative matters show, he excels not just at defending privacy and technology class actions but also at achieving decisive victories in these suits – often at the very outset of litigation. And when necessary, David effectively litigates class actions from start to finish in a manner that positions clients for favorable outcomes, whether through dismissal on summary judgment, or client-favorable individual or class settlements.

Compliance

David provides strategic guidance to companies across all industries – including technology, automotive, retail, financial services, and professional sports, among others – on the full range of legal, regulatory, and risk management issues that arise at the intersection of technology, business, and the law. He excels in helping companies navigate the complexities and nuances of today's growing global patchwork of consumer privacy, consumer protection, marketing and advertising, biometrics, children's and student privacy, and similar laws and regulations, while also managing associated risks.

David provides guidance and advice to companies on the use of web analytics tools and online/mobile tracking technologies; processing of precise location data and other types of sensitive data; targeted advertising; data monetization; profiling and automated decision-making; and other practices that seek to leverage personal data in commercial operations. In particular, David advises companies on practical strategies for achieving and maintaining compliance with the ECPA, CIPA and similar state wiretapping laws, VPPA, and TCPA, and similar state marketing laws.

He frequently partners with companies to operationalize compliance through the development and implementation of bespoke, enterprise-wide privacy programs. David conducts compliance audits, gap assessments, and risk analyses of current organizational privacy compliance programs to identify, address, and remediate compliance gaps, and he advises on strategic measures to manage and minimize associated legal risk and potential liability exposure. In this role, David also regularly:

  • Advises on profiling and sensitive data processing activities and how to apply new opt-in and opt-out rights to those activities.
  • Develops privacy policies, notices, consents, data retention guidelines and schedules, and online terms and conditions (and similar online agreements).
  • Develops clickwraps and other online mechanisms for supplying notice, obtaining consent, and ensuring the enforceability of online agreements.
  • Assists companies in conducting due diligence and managing vendors and other data recipients.
  • Drafts, reviews, and revises service provider agreements to address privacy-critical issues.
  • Advises companies with operations spanning multiple jurisdictions on how to address and satisfy vague and oftentimes conflicting compliance obligations.
  • Advises on privacy legislation that could potentially impact companies' future legal and regulatory compliance obligations.

Transactions

David represents and advises companies involved in transactions relating to the collection, use, and sharing of personal data. In this role, he drafts and negotiates multiparty contracts for companies involved in technology deals, including software license agreements; end user license agreements (EULAs); software as a service (SaaS), platform as a service (PaaS), and other cloud service agreements; data processing addenda (DPAs); and negotiation playbooks. He also drafts and negotiates ancillary technology-related agreements, such as data sharing agreements, confidentiality and nondisclosure agreements, and media releases. In addition, David advises companies on key legal and commercial issues that arise in complex technology transactions.

Thought Leader

David is a recognized thought leader in the privacy and technology space, including as a recipient of JD Supra's Readers' Choice Award for his writing on privacy and technology matters. He is also the author of LexisNexis's Biometric Data Privacy Compliance & Best Practices – a full-length, comprehensive compendium on biometrics law.

  • Class Action Defense

  • Facilitated a nuisance-value, individual settlement for an innovative building and siding solutions company in a putative CIPA trap-and-trace class action through informal negotiations with opposing counsel.

  • Facilitated a nuisance-value, individual pre-suit settlement for a health care provider in a threatened CIPA pen register/trap-and-trace class action through negotiations with opposing counsel.

  • Facilitated a nuisance-value, individual pre-suit settlement for a global specialty chemical company in a threatened CIPA pen register/trap-and-trace class action through negotiations with opposing counsel.

  • Currently representing a health care system in a putative CIPA wiretapping class action involving Microsoft Clarity session replay software.

  • Obtained a dispositive, voluntary dismissal of a global biometric identity verification technology provider in a putative BIPA class action involving a cryptocurrency exchange customer's use of a biometric identity verification solution through informal discussions with opposing counsel.

  • Obtained a dispositive, voluntary dismissal of a national eyewear brand in a putative BIPA class action involving a biometric eyewear VTO tool within 48 hours of being retained to defend the matter through informal discussions with opposing counsel.

  • Obtained a dispositive, voluntary dismissal of a national eyewear brand in a second putative BIPA class action involving a biometric eyewear VTO tool through informal discussions with opposing counsel.

  • Obtained a dispositive, voluntary dismissal of an international cosmetics brand in a putative BIPA class action involving a biometric cosmetics VTO tool through informal discussions with opposing counsel.

  • Facilitated a nuisance-value, individual settlement for a ceiling fan manufacturer and designer in a putative TCPA class action through informal discussions with opposing counsel.

  • Compliance, Risk Management & Product Counseling

  • Serve as day-to-day outside privacy and technology counsel for digital identity software providers, technology platform developers, an eyewear retailer, and a financial intuition.

  • Advised numerous companies on compliance with the ECPA, CIPA, VPPA, and related privacy and consumer protection laws governing web and online data collection, analytics, and tracking practices.

  • Advised numerous companies on consumer privacy compliance obligations applicable to sensitive data, profiling, and automated decision-making activities.

  • Advised website operators and app developers on compliance with federal sector-specific laws, including FTC Act, HIPAA/HITECH, TCPA/TSR, FCRA, GLBA, COPPA, and FERPA.

  • Advised companies on compliance with the CAN-SPAM Act and other online marketing laws applicable to corporate email marketing campaigns.

  • Advised companies on strategic modifications to subscription programs and associated user flows for compliance with automatic renewal laws and mitigation of increased liability exposure stemming from heightened regulatory scrutiny of negative option marketing practices.

  • Advised a luxury British sports car manufacturer on global privacy compliance obligations appliable to the collection and use of autonomous vehicle occupant personal data.

  • Advised a global automobile ride dynamics product manufacturer on consumer privacy compliance obligations applicable to the collection and use of vehicle sensor data for analytics purposes.

  • Advised a national video market platform developer on compliance obligations and risk management considerations in connection with the development and rollout of enhanced AI product functionalities.

  • Advised an NFL franchise on compliance obligations and risk management considerations in connection with the implementation of a biometric security and access control solution at its home venue.

  • Advised digital identity verification technology companies on global expansion strategies in connection with their entrance into the U.S. gaming market to supply age and identity verification solutions to sports betting, internet gaming, and fantasy contest operators.

  • Online Privacy/Web Practices

  • Developed a broad range of online privacy disclosures and agreements for numerous companies across all sectors, including privacy policies, consumer health data privacy notices, consumer privacy notices, employee/HR privacy notices, children's privacy notices, cookies and tracking technologies policies, cookie banners, notice and consent banners, and online terms and conditions.

  • Conducted privacy assessments, compliance audits, and gap analyses of online privacy disclosures and practices, and prepared modifications and updates to remediate gaps and achieve global compliance with applicable privacy law.

  • Advised companies on the design, layout, appearance, and content of clickwrap agreements to ensure enforceability against end users.

  • Compliance Programs

  • Developed numerous enterprise-wide compliance programs for companies across a diverse range of sectors, including the world's largest global portfolio of online dating services, a school digital media management platform provider, a vehicle ignition interlock device manufacturer, multiple national financial institutions, multiple international cosmetics brands, a national eyewear brand, and a national linens provider.

  • Developed consumer rights response guidance, playbooks, and template policies and procedures for compliance with consumer privacy laws.

  • Developed enterprise-wide internal privacy and data protection policies and procedures.

  • Conducted a compliance audit and gap analysis of a national moving truck, trailer, and self-storage rental company's contemplated use of vehicle and equipment precise geolocation tracking technologies in advance of program rollout; advised on compliance implications relating to the use of tracking technologies and location data; and developed detailed, strategic guidance for satisfying heightened compliance obligations applicable to use of sensitive location data.

  • Conducted a compliance audit and gap analysis of a Fortune 500 energy company and convenience store brand owner's mobile app user flow and advised on user flow modifications to achieve compliance with applicable privacy law.

  • Technology Transactions

  • Drafted a template enterprise software license agreement, DPA set, and EULA for the world's leading face biometrics technology company.

  • Drafted and negotiated a SaaS agreement and DPA for a national eyewear brand in connection with the procurement of online technology platform services.

  • Advised a second NFL franchise in the negotiation of DPAs with league/franchise vendors.

  • Advised a global identity assurance software provider in the negotiation of a SaaS agreement with a financial institution.

  • Advised a global consumer-to-consumer online marketplace in the negotiation of a SaaS agreement with an identity verification software supplier.

  • American Bar Association
    • Chair, Brief Subcommittee – TIPS Cybersecurity & Data Privacy Committee (2024 – present)
    • Chair, Newsletter Subcommittee – TIPS Cybersecurity & Data Privacy Committee (2022 – present)
    • Vice Chair – TIPS Cybersecurity & Data Privacy Committee (2021 – present)
    • Vice Chair – TIPS Technology & New Media Committee (2021 – present)
  • Cincinnati Bar Association
    • Member – Board of Trustees (2022 – 2024)
    • Founder/Chair – Cybersecurity & Data Privacy Practice Group (2020 – 2023)
    • Chair – Membership Services & Development Committee (2019 – 2023)
    • Member – Awards Committee (2020 – 2023)
    • Co-Chair – Superhero Run for Kids 5K Planning Committee (2018 – 2020)
  • Ohio State Bar Association
    • Member – Young Lawyers Section Council (2018 – 2021)
  • United Way of Greater Cincinnati
    • Member – Emerging Leaders (2020 – 2023)
  • Listed in Best Lawyers: Ones to Watch® in America for Technology Law (2023)
  • Selected as a Top Cybersecurity Author, JD Supra Readers' Choice Awards (2021)
  • Selected to Ohio Rising Stars (2017 – present)
  • Selected to Washington, D.C. Rising Stars for Technology Transactions (2018 – 2025)
  • Participant – Cincinnati Academy of Leadership for Lawyers (2018)

Email Disclaimer

NOTICE: The mailing of this email is not intended to create, and receipt of it does not constitute an attorney-client relationship. Anything that you send to anyone at our Firm will not be confidential or privileged unless we have agreed to represent you. If you send this email, you confirm that you have read and understand this notice.
Cancel Accept