Goli Mahdavi

  1. People /

Goli Mahdavi

Goli Mahdavi

Counsel


San Francisco
  1. People /

Goli Mahdavi

Goli Mahdavi

Counsel


San Francisco

Goli Mahdavi

Counsel

San Francisco

T: +1 415 675 3448

VcardVcard
Download PDFDownload PDF
Print
Share

Biography

Focused on data privacy, cyber security, and technology transactions, Goli counsels a diverse array of companies from start-ups to Fortune 100 companies in both local and global markets.  Goli works closely with clients on data privacy and security compliance programs and advises on all aspects of local and international data privacy and security laws, including the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the EU and UK General Data Protection Regulation (GDPR), as well as COPPA, CAN-SPAM matters, and emerging laws and regulations around the world.  Goli also advises on data retention and minimization, privacy by design, data inventories, cross-border transfer agreements, privacy impact assessments and negotiating third-party agreements including digital marketing, software licensing, SaaS, and other commercial agreements.

In addition, Goli is a founding member of the Firm’s Artificial Intelligence (AI) working group and has specialized training in AI governance.  She advises a variety of clients on the emerging laws that impact the development and implementation of AI solutions. 

Goli works as a strategic business partner to her clients to bring products to market while minimizing risk in a challenging regulatory environment. Goli’s unique perspective on balancing compliance obligations and business needs is based in part on her time spent seconded as product counsel to a global leader in the VR/AR space wherein she provided frontline legal advice regarding the company’s products and experiences across multiple jurisdictions.

Goli speaks frequently on these topics, is a Certified Information Privacy Professional for the United States (CIPP/US) and Europe (CIPP/E), and an active member of the Lawyers of Color Affinity Group.

Civic Involvement & Honors

Ms. Mahdavi is an advocate for adults and children with developmental disabilities. In addition to pro bono representation of families with children who have special needs, Ms. Mahdavi previously served on the Board of Directors for the San Francisco based non-profit Support for Families of Children with Disabilities.

Professional Affiliations

  • International Association of Privacy Professionals (“IAPP”), member

AI Legislation Snapshot

Explore the map 

To help companies achieve their business goals while minimizing regulatory risk, our team actively tracks proposed and enacted AI regulatory bills from across the Unites States to enable our clients to stay informed in this rapidly-changing regulatory landscape.

AI Legislation Snapshot

To help companies achieve their business goals while minimizing regulatory risk, our team actively tracks proposed and enacted AI regulatory bills from across the Unites States to enable our clients to stay informed in this rapidly-changing regulatory landscape.

Admissions

  • California, 2006

  • United States Court of Appeals for the Ninth Circuit
    United States Bankruptcy Court, Northern District of California
    United States District Courts for the Eastern and Northern Districts of California

Education

Santa Clara University, J.D., 2006

University of Oregon, B.S., 2002

Related Practice Areas

  • Business & Commercial Disputes

  • Media & First Amendment

  • Business Speech

  • Marketing & Advertising

  • Litigation & Dispute Resolution

  • California Consumer Privacy Act

  • Data Privacy & Security

  • Corporate

  • Investigations

  • Regulation, Compliance & Advisory

Resources

Publications

"International: Comparing California's Age-Appropriate Design Code Act with its UK counterpart" - One Trust Data Guidance, March, 2023

"Connecticut takes a first stab at regulating government use of AI" - The Privacy Advisor, July 5, 2023

Speaking Engagements

Speaker, "Artificial Intelligence: A Blueprint for Legal-Tech Conversations," ACC SoCal, July 12, 2023

Related Insights

View All Related Insights

Insights
Feb 14, 2024

Washington My Health My Data Act FAQS: data subject rights

On April 27, 2023, the Washington State governor signed into law the My Health My Data Act or the MHMDA. In spite of the onerous and at times confusing requirements of the MHMDA, the Washington Attorney General (AG) has only published a short set of Frequently Asked Questions to help address some of this uncertainty.  Nevertheless, most of the law’s provisions take effect on March 31, 2024, meaning that, at this point, companies have a very short runway to meet their obligations and brace for the private right of action allowed for under the act.  Like so many other features of the MHMDA, data subject rights are deceptively complicated and have the potential to create significant administrative hurdles to getting it right.  As promised in our recent summary of the MHMDA (MHMDA: Time to Comply), we are examining in more detail these tricky issues in our MHMDA FAQs and have done a deep dive into data subject rights in this FAQ. 
Insights
Feb 02, 2024

Reviewing SaaS agreements in the age of AI

The development and implementation of AI-powered tools, including in SaaS platforms, have experienced a meteoric rise over the course of the last year. Businesses are understandably looking to realize competitive advantages from leveraging these new AI technologies, but adding AI to a tech stack can present serious risks related to bias, data ownership, privacy, accuracy and cybersecurity. As with many new tools, an organization’s procurement team is its first line of defense in de-risking AI, and AI literacy is essential in this process. Fortunately, while AI presents unique issues and considerations, the incorporation of AI into SaaS does not require a wholly novel SaaS agreement. Nevertheless, there are key provisions that must be considered carefully to meaningfully address the new risks and issues triggered by the incorporation of AI and the nascent state of the law and contract norms in this space. With this in mind, we have addressed below a number of key provisions that should be front and center in this analysis.
Insights
Jan 29, 2024

Time to Comply: Washington My Health My Data Act

On April 27, 2023, the Washington State governor signed into law the My Health My Data Act or the MHMDA. In spite of the onerous and at times confusing requirements of the MHMDA, the Washington Attorney General (AG) has only published a short set of Frequently Asked Questions to help address some of this uncertainty.  Nevertheless, most of the law’s provisions take effect on March 31, 2024, meaning that, at this point, companies have a very short runway to meet their obligations and brace for the private right of action allowed for under the act.   With this in mind, we have prepared this brief recap of the law and the steps companies should consider as they gear up for compliance. Our more detailed summary of the MHMDA is available in our original insight, and we will also be releasing a series of short FAQs over the coming weeks to help companies prepare.
Insights
Jan 04, 2024

Pressure-testing your privacy program for 2024

With the onslaught of new privacy legislation and cyber threats coupled with upticks in enforcement, running a well-functioning and flexible privacy program is now, more than ever, a critical component of an organization’s overall risk compliance strategy. As part of this process, companies must pressure-test their privacy programs regularly to make sure they appropriately address existing and emerging risks while maximizing business gains.  A comprehensive review is not always possible, but it is important to keep in mind that the last several years have seen a wave of new state privacy laws as well as activity at the federal level that promises to challenge even the most well-developed privacy team.  To help companies develop a strategy tailored to 2024, we have highlighted a few key issues below that will be particularly relevant over the coming year.

Related Insights

News
Apr 15, 2024
US AI legal landscape: patchwork state laws pose challenges for businesses amid congressional inaction
Insights
Apr 08, 2024
New York May Lead the Pack Through Imposition of Data Excise Taxes
News
Mar 18, 2024
BCLP’s AI Bill Tracker highlighted in Legal Tech Rundown
Insights
Feb 14, 2024
Washington My Health My Data Act FAQS: data subject rights
On April 27, 2023, the Washington State governor signed into law the My Health My Data Act or the MHMDA. In spite of the onerous and at times confusing requirements of the MHMDA, the Washington Attorney General (AG) has only published a short set of Frequently Asked Questions to help address some of this uncertainty.  Nevertheless, most of the law’s provisions take effect on March 31, 2024, meaning that, at this point, companies have a very short runway to meet their obligations and brace for the private right of action allowed for under the act.  Like so many other features of the MHMDA, data subject rights are deceptively complicated and have the potential to create significant administrative hurdles to getting it right.  As promised in our recent summary of the MHMDA (MHMDA: Time to Comply), we are examining in more detail these tricky issues in our MHMDA FAQs and have done a deep dive into data subject rights in this FAQ. 
Insights
Feb 02, 2024
Reviewing SaaS agreements in the age of AI
The development and implementation of AI-powered tools, including in SaaS platforms, have experienced a meteoric rise over the course of the last year. Businesses are understandably looking to realize competitive advantages from leveraging these new AI technologies, but adding AI to a tech stack can present serious risks related to bias, data ownership, privacy, accuracy and cybersecurity. As with many new tools, an organization’s procurement team is its first line of defense in de-risking AI, and AI literacy is essential in this process. Fortunately, while AI presents unique issues and considerations, the incorporation of AI into SaaS does not require a wholly novel SaaS agreement. Nevertheless, there are key provisions that must be considered carefully to meaningfully address the new risks and issues triggered by the incorporation of AI and the nascent state of the law and contract norms in this space. With this in mind, we have addressed below a number of key provisions that should be front and center in this analysis.
Insights
Jan 29, 2024
Time to Comply: Washington My Health My Data Act
On April 27, 2023, the Washington State governor signed into law the My Health My Data Act or the MHMDA. In spite of the onerous and at times confusing requirements of the MHMDA, the Washington Attorney General (AG) has only published a short set of Frequently Asked Questions to help address some of this uncertainty.  Nevertheless, most of the law’s provisions take effect on March 31, 2024, meaning that, at this point, companies have a very short runway to meet their obligations and brace for the private right of action allowed for under the act.   With this in mind, we have prepared this brief recap of the law and the steps companies should consider as they gear up for compliance. Our more detailed summary of the MHMDA is available in our original insight, and we will also be releasing a series of short FAQs over the coming weeks to help companies prepare.
Insights
Jan 22, 2024
Quebec Law No. 25: a little-known privacy law with a big reach
Insights
Jan 04, 2024
Pressure-testing your privacy program for 2024
With the onslaught of new privacy legislation and cyber threats coupled with upticks in enforcement, running a well-functioning and flexible privacy program is now, more than ever, a critical component of an organization’s overall risk compliance strategy. As part of this process, companies must pressure-test their privacy programs regularly to make sure they appropriately address existing and emerging risks while maximizing business gains.  A comprehensive review is not always possible, but it is important to keep in mind that the last several years have seen a wave of new state privacy laws as well as activity at the federal level that promises to challenge even the most well-developed privacy team.  To help companies develop a strategy tailored to 2024, we have highlighted a few key issues below that will be particularly relevant over the coming year.
Insights
Dec 28, 2023
California's Delete Act: a first of its kind data broker law