Skip to Main Content
Professional Photo
Professionals

David J. Oberly

Of Counsel

David leads the Firm's multi-disciplinary Biometrics Team and focuses his practice on counseling companies on a wide range of biometrics, AI, and data privacy/security issues that arise when doing business in today's digital, data-driven world.

Professional Biography


Recognized as "one of the nation's foremost thought leaders in the biometric privacy space" by LexisNexis and the author of Biometric Data Privacy Compliance & Best Practices – a full-length treatise that provides a comprehensive compendium of biometric privacy law – David concentrates his practice on serving as go-to counsel for data-driven companies that utilize biometrics, artificial intelligence (AI), and other emerging technologies in their commercial operations. He regularly advises companies that seek to leverage data to develop and enhance advanced technologies, including on complex data rights and data ownership issues, as well as the contractual-related implications associated with enterprise-wide initiatives of this nature. David also serves as a trusted advisor to companies across all industries on a broad assortment of privacy and security compliance and risk management issues that businesses face in today's highly digital world.

Biometric Privacy

As a national thought leader on biometrics, David serves as a strategic advisor to technology-focused and data-driven organizations, helping to navigate the increasingly complex biometrics legal and regulatory landscape. He counsels organizations on the full range of compliance obligations applicable today, as well as on associated risk management and liability exposure mitigation strategies.

David also regularly partners with clients to develop tailored, enterprise-wide biometric privacy compliance programs in connection with all types of biometric data – helping to ensure continued, ongoing compliance with both current and future legal requirements, while at the same time allowing clients to always stay a step ahead of today's ever-expanding web of biometric privacy regulation.

In addition to his counseling and advisory work, David also possesses deep experience in litigating biometric privacy (and other types of privacy) class action disputes, with particularly considerable experience in litigating bet-the company Illinois Biometric Information Privacy Act (BIPA) class action lawsuits.

Artificial Intelligence

David also serves as a trusted advisor to companies in the area of AI and machine learning (ML), assisting clients in developing innovative and versatile legal compliance and risk management strategies and programs that enable businesses to remain on the forefront of emergent industries while maximizing the benefits of cutting-edge technology.

As a tech-savvy attorney, clients turn to him for advice and guidance on the full spectrum of AI, ML, and related technologies, as well as on the critical interplay between different laws and regulations that impact specific sectors and technologies. With his intricate understanding of the underlying technologies that power today's next-generation systems and solutions, David partners with clients to optimize their operations, avoid potential legal and regulatory challenges, and help them build compliant, digitally-focused products, services, and businesses.

Data Privacy & Security

David routinely counsels and guides clients through the existing and ever-growing patchwork of laws that impact privacy and security around the globe, including but not limited to:

  • California Consumer Privacy Act (CCPA)
  • Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM)
  • EU/UK General Data Protection Regulation (GDPR)
  • Fair Credit Reporting Act (FCRA)
  • Federal Trade Commission Act (FTC Act)
  • Gramm-Leach-Bliley Act (GLBA)
  • Health Insurance Portability and Accountability Act of 1996 (HIPAA)
  • National Institute of Standards and Technology's (NIST) Artificial Intelligence Risk Management Framework (AI RMF)
  • Telephone Consumer Protection Act (TCPA)
  • U.S. State Consumer Privacy Laws (CPA, CTDPA, UCPA, and VCDPA)
  • U.S. State Data Security Laws
  • Self-Regulatory Frameworks (applicable to advertising and payment card processing industries)

David also assists companies across a diverse set of industries in proactively managing risk through the design, development, and implementation of enterprise-wide privacy and information security compliance programs that provide for full compliance with today's complex web of state and federal laws, self-regulatory rules, and industry best practices. He has helped develop numerous global privacy and security compliance programs tailored to company-specific needs for compliance with the CCPA and other emerging U.S. privacy laws, as well as the GDPR. David also conducts privacy audits and assessments of clients' compliance procedures and practices to help identify and eliminate potential areas of privacy-related legal risk.

  • Biometric Privacy & Artificial Intelligence

  • Developed enterprise-wide biometric privacy compliance programs for a national online eyewear retailer, multiple national cosmetics retailers, an ignition interlock device (car breathalyzer) manufacturer, multiple national financial institutions, and a national linen provider.

  • Advised a professional NFL franchise on biometric privacy compliance and risk mitigation issues in connection with the implementation of facial biometrics security and access control system at their home venue.

  • Advised a national convenience store and gas station chain on biometric privacy compliance and risk mitigation issues in connection with the implementation of facial biometrics and AI frictionless checkout systems in physical store locations.

  • Assisted two facial biometrics technology developers in preparing consumer-facing materials addressing the most common and significant misconceptions regarding facial recognition solutions.

  • Conducted comprehensive audits and risk analyses of several international and national cosmetic and eyewear brands' biometric privacy programs pertaining to the use of facial biometrics online virtual try-on (VTO) tools, developed remediation plans to eliminate compliance gaps, and advised on measures to facilitate ongoing legal compliance.

  • Advised a national eyewear retailer on biometric privacy- and intellectual property-related compliance and risk mitigation issues pertaining to the implementation of an open source software as part of an in-store eyewear VTO tool offered at physical retail store locations.

  • Advised a leading multifamily real estate company on compliance obligations pertaining to the use of a selfie ID facial biometrics identity verification solution.

  • Advised multiple facial biometrics identity verification technology developers on global expansion strategies pertaining to entrance into the U.S. gaming market to provide age and identity verification solutions to sports betting, internet gaming, and fantasy contest operators.

  • Advised multiple companies on California- and New York-specific biometric privacy compliance obligations pertaining to employee fingerprint biometrics time and attendance systems; advised on measures to achieve compliance with the same.

  • Advised a national video market platform developer on biometric privacy compliance and risk mitigation issues in connection with the implementation of new facial and voice biometrics product tools, including: face enhancement feature, AI video face detection feature utilizing human skeleton models and facial landmarks, AI speaker diarization feature, and AI video classification feature.

  • Advised multiple clients on BIPA and associated biometric privacy legal risks pertaining to the use of in-store video customer engagement analytics solutions to evaluate customer behavior and interactions in retail stores and measuring the impact of the same on business outcomes.

  • Advised a global automobile manufacturer on biometric privacy compliance and risk mitigation issues in connection with the implementation of a keyless facial biometrics vehicle access control feature.

  • Completed a comprehensive biometric privacy risk analysis of one of world's largest building technology, software, and services entity's AI facial biometrics customer demographics software solution; advised on biometric privacy compliance and risk mitigation strategies during the design phase of software solution.

  • Prepared online terms of use for a national financial institution pertaining to mobile app facial and fingerprint biometrics multi-factor authentication features.

  • Advised a major consumer-to-consumer (C2C) online marketplace during the re-negotiation of a vendor agreement with facial biometrics selfie ID identity verification provider.

  • Drafted and negotiated a complex facial biometrics online eyewear VTO tool platform SaaS agreement and a DPA between a national eyewear retailer and a leading beauty facial biometrics VTO technology developer.

  • Drafted an end user license agreement (EULA) and related biometric technology contracts for AI-driven facial biometrics access control technology developer.

  • Advised a voice biometrics digital identity assurance software company during negotiation of a SaaS agreement with financial institution customer pertaining to voice biometrics customer call center service platform.

  • Obtained a voluntary dismissal of a national eyewear retailer in putative BIPA class action involving facial biometrics online eyewear VTO tool within 48 hours of being retained to defend the matter.

  • Obtained a voluntary dismissal of a national eyewear retailer in second putative BIPA class action involving facial biometrics online eyewear VTO tool prior to service being attempted by opposing counsel.

  • Obtained voluntary dismissal of an international cosmetics company in putative BIPA class action involving facial biometrics online cosmetics VTO tool by informally educating opposing counsel on the applicability of arbitration defense, prompting opposing counsel to dismiss action without the need to engage in any motion practice.

  • Data Privacy & Security

  • Advised multiple companies on compliance requirements and related risk management concerns applicable to profiling and automated decision-making activities under emerging U.S. privacy laws.

  • Conducted a comprehensive privacy assessment of a national moving truck, trailer, and self-storage rental company's anticipated use of geolocation tracking technologies on vehicles and other equipment for tracking purposes; provided detailed guidance on the development and implementation of measures for achieving compliance with heightened legal obligations under emerging U.S. privacy laws pertaining to the use of precise geolocation data in an advance of rollout of a geolocation tracking program.

  • Advised a luxury British sports car manufacturer on U.S. privacy and security compliance requirements and related legal obligations applicable to the collection and use of autonomous vehicle occupant personal data.

  • Advised multiple companies on emerging U.S. privacy law compliance requirements and related legal obligations applicable to the collection and use of sensitive diversity and inclusion employee/job applicant personal data.

  • Advised multiple companies on the implementation of strategic modifications to subscription programs and associated user flows to achieve compliance with applicable automatic renewal legal obligations.

  • Advised multiple clients on compliance with U.S. federal and state wiretap/two-party consent laws; developed strategies for providing notice and obtaining consent from customers in connection with online and in-person data capture/recording activities; drafted privacy policies and an online/mobile notice and consent language for compliance with the same.

  • Developed a global privacy and security program charter for a Fortune 500 energy company and convenience store brand owner.

  • Represented a second professional NFL franchise in the negotiation of DPAs with current NFL franchise vendors.

  • American Bar Association
    • Vice Chair – TIPS Cybersecurity & Data Privacy Committee (2021 – present)
    • Vice Chair – TIPS Technology & New Media Committee (2021 – present)
  • Cincinnati Bar Association
    • Founder/Chair – Cybersecurity & Data Privacy Practice Group (2020 – present)
    • Chair – Membership Services & Development Committee (2019 – present)
    • Member – Awards Committee (2020 – present)
    • Co-Chair – Superhero Run for Kids 5K Planning Committee (2018 – 2020)
  • Ohio State Bar Association
    • Member – Young Lawyers Section Council (2018 – 2021)
  • United Way of Greater Cincinnati
    • Member – Emerging Leaders (2020 – present)
  • Listed in Best Lawyers: Ones to Watch® in America for Technology Law (2023)
  • Chosen as a Top Cybersecurity Author, JD Supra Readers Choice Awards (2021)
  • Selected to Ohio Rising Stars (2017 – present)
  • Selected as a Featured Writer, The Daily Swig (2019 – present)
  • Participant – Cincinnati Academy of Leadership for Lawyers (2018)

Education

  • Indiana University Maurer School of Law, J.D., 2011
  • University of Cincinnati, B.A., 2008, cum laude

Admissions

  • District of Columbia, 2024
  • Pennsylvania, 2019
  • Ohio, 2011
  • U.S. Court of Appeals for the Sixth Circuit
  • U.S. District Court for the Southern District of Ohio
  • U.S. District Court for the Northern District of Ohio
  • U.S. District Court for the Central District of Illinois

Email Disclaimer

NOTICE: The mailing of this email is not intended to create, and receipt of it does not constitute an attorney-client relationship. Anything that you send to anyone at our Firm will not be confidential or privileged unless we have agreed to represent you. If you send this email, you confirm that you have read and understand this notice.
Cancel Accept