Kyle Fath is a partner in the Data Privacy, Cybersecurity & Digital Assets Practice. Kyle has a unique blend of deep experience in advising companies on compliance with data privacy laws, drafting and negotiating technology agreements, and advising on the privacy, IT and IP implications of mergers and acquisitions and other corporate transactions. His practice has a particular focus on the ingestion and sharing of data by way of strategic data transactions, data brokers, and vendor relationships, the implications of digital advertising (as companies look toward the so-called “cookieless future”), and assisting clients through the build out of e-commerce and other global online platforms.

Kyle provides product and privacy counsel to digital media, adtech, e-commerce, restaurant/retail and various other types of companies, focusing on compliance with landmark privacy legislation, such as the California Consumer Privacy Act (CCPA) and the growing list of forthcoming U.S. privacy legislation, including the California Privacy Rights Act and Virginia’s Consumer Data Protection Act (VCDPA). In this capacity, Kyle works with organizations’ interdisciplinary teams (e.g., product, engineering, marketing, and sales), as well as their in-house lawyers and senior management, to proactively address and mitigate the risks arising out of day-to-day operations and long-term strategic plans, relationships with vendors and customers, collection, usage, and sharing of data, and the changing legal, regulatory and technology landscapes. Notably, Kyle has specific experience advising advertisers, publishers, and adtech companies through compliance with data privacy regulation and how to manage the various relationships with other players in the adtech ecosystem.

Kyle has drafted and negotiated hundreds of data processing agreements and technology agreements, including for licensing, data, and other strategic deals, adtech services, and IT services and outsourcing. Moreover, he develops online and other clickwrap agreements (e.g., terms of service and privacy policies, end-user license agreements (EULA) and API), and various other types of agreements.

In addition, Kyle works closely alongside business finance and M&A lawyers to help close deals. He drafts and negotiates ancillary agreements to deals, including IP, data and technology licenses, as well as the IT, IP and data privacy provisions of purchase and similar agreements. Kyle provides due diligence and assesses and advises on the risks related to IT, IP and data assets involved in private equity and other financing deals, stock and asset purchases, mergers and other transactions.

Kyle has provided pro bono legal services to a number of organizations, including an organization supporting women nonfiction filmmakers, an international nonprofit that trains and supports people using video in their fight for human rights, and a New York City-based nonprofit using media, arts and technology to address human rights issues.

Award Mouse thought multimedia interface book medal screen monitor

Privacy and Product Counseling

  • Advised on, developed and implemented California Consumer Privacy Act compliance programs for dozens of US and global organizations including comprehensive data mapping; drafting of privacy notices; implementation of consumer rights requests response procedures; and management and classification of vendors and other data recipients. 
  • Developed novel cookie and adtech vendor diligence and remediation processes for addressing CCPA implications of digital advertising.
  • Developed dozens of bespoke data processing agreement templates, including for adtech and other complicated use cases (including controller/business to controller/service provider; controller/business to processor/service provider; controller/business to controller/business; business to service provider; controller to controller; controller to processor). 
  • Counseled publishers, advertisers, and adtech companies on implementation of IAB and DAA CCPA “Do Not Sell” frameworks and big tech data use limitation features.
  • Worked with companies to implement privacy-by-design procedures.
  • Advised on, developed and implemented EU General Data Protection Regulation (GDPR) compliance programs for US and international organizations, including consent mechanisms for cookies and online behavioral advertising, and email and text message (SMS) marketing; record-keeping/data mapping; applicability analysis; data transfer mechanisms, including drafting and negotiating scores of data protection addendums, advising on the now-defunct EU-US Privacy Shield, Standard Contractual Clauses, intercompany agreements; GDPR compliant privacy policies; and various other GDPR compliance issues.
  • Counseled companies through the fallout of the Schrems II decision.

Technology Transactions

  • Played key role in development of prominent podcast producer’s rollout of global subscription platform and mobile application, including negotiation of agreements with back-end technology vendors, revising user flow, terms of use and privacy policy, and advising on privacy and advertising compliance in relation to marketing of the platform.
  • Negotiated dozens of agreements with data brokers and data match vendors. 
  • Drafted strategic alliance agreement between adtech client and competitor for provision of joint advertising services on leading video-sharing platform.
  • Developed numerous online terms of service, end-user license agreements, terms of sale/subscription and privacy policies for a variety of clients, including an educational technology and content provider, a high-end retail company, a digital media publisher and one of the world’s largest mobile app developers.
  • Advised on IP, IT and data privacy issues, and performed due diligence, on M&A, financing and other transactions for clients in software, financial services, digital media, edtech and other industries.
  • Drafted and negotiated various IT, cloud, SaaS and outsourcing agreements for a variety of clients, including numerous restaurant and retail chains, and an emerging company offering a mobile application and online platform for cannabis brands and dispensaries.
  • Counseled liquor brand in M&A transaction related to its use of a famous bootlegger’s name and likeness.
  • Drafted ancillary agreements to M&A and other transactions, including technology, data, and IP license and license-back agreements.

Advertising, Marketing, and Digital Media

  • Participated in a number of working groups with the Interactive Advertising Bureau, including in relation to development of its CCPA framework, an ad industry survey measuring CCPA compliance and adoption of opt-out framework, and cross-jurisdictional privacy project for developing a global privacy string for use in digital advertising transactions.  
  • Advised medical advertising company on ad campaign involving geotargeting around medical clinics. 
  • Drafted and negotiated numerous documents in relation to client’s participation in joint venture with other major cable and telco companies for national addressable (i.e., interest-based) and linear advertising campaigns. 
  • Counseled clients on compliance with marketing laws and regulations including CAN-SPAM and the Telephone Consumer Protection Act (TCPA).
  • Advised clients on protections offered by Communications Decency Act, including an online cannabis sales and delivery platform for brands and dispensaries. 
  • Developed and implemented Digital Millennium Copyright Act takedown policies and procedures for numerous publishers, including prominent educational technology company.
  • Drafted and negotiated numerous content creation (e.g., podcasts and other media, websites, etc.) agreements and IP licenses and assignments.


  • Washington University School of Law, J.D., 2012
  • University of Cincinnati, B.S., 2009


  • New York, 2018
  • Ohio, 2012
  • Not admitted in California (application pending)
  • New York Metro Super Lawyers Rising Star, 2020

{{}} {{insights.type}} {{insights.contentTypeTag}}
{{blog.title}} {{blog.source}}

  • Co-Presenter, “AI and Biometrics Privacy: Trends and Developments,” IAPP, June 2, 2022.
  • Co-Presenter, “2022 NFTs Conference,” Federal Bar Association/MyLawCLE, January 31, 2022.
  • Co-Presenter, “Ad-Tech for 2022 – What You Need to Know,” Privacy OC’s PrivacyNext Summit 2022, January 26, 2022.
  • Presenter, “Vendor and Processor Management and Risk,” SW Ohio ACC, December 2, 2021.
  • Presenter, “Navigating the Cookieless Future,” IAPP Privacy.Security.Risk Conference, October 21, 2021.
  • Co-Presenter, “AdTech Considerations Under CCPA and CPRA,” Webinar, February 18, 2021.
  • Co-Presenter, “The Future of Data Privacy Automation,” Privacy OC Privacy Week virtual conference, January 27-28, 2021.
  • Co-Author, “Third-Party & Vendor Management Considerations for CPRA Compliance,” LACBA, January 19, 2021.
  • Speaker, “What CCPA 2.0 Will Mean for Businesses and Consumers,” IAPP KnowledgeNet Cincinnati Chapter, January 13, 2021.
  • Speaker, “The California Consumer Privacy Act and the Forthcoming California Privacy Rights Act,” online Business Law Institute presented by the Ohio State Bar Association, December 10, 2020.
  • Co-Author, “California: What CPRA Will Mean for Businesses, Consumers, and US Privacy Landscape,” One Trust/Data Guidance, November 2020.
  • Co-Author, “Guide: United States: Data Protection & Cyber Security,” The Legal 500, June 2019.

Award Mouse thought multimedia interface book medal screen monitor