Nilou Massachi is a senior associate in the Data Privacy, Cybersecurity & Digital Assets Practice. She focuses her practice on data privacy and protection, technology transactions, advertising, sales and digital media practices, cybersecurity, and consumer protection law.

A certified information privacy professional (CIPP/US), Nilou works collaboratively with clients to develop and implement information governance and privacy compliance programs. Counseling multinational companies spanning a variety of industries, she regularly evaluates privacy impact assessments, drafts policies and procedures for providing consumer data privacy transparency and choice, advises clients on data inventory and mapping, and negotiates privacy and data security provisions for various types of multiparty commercial agreements, such as data protection agreements. In advising clients, she applies her in-depth understanding of state and federal privacy laws, including the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (CDPA), the California Shine the Light Act, the California Online Privacy Protection Act (CalOPPA), the Video Privacy Protection Act (VPPA) and the Children’s Online Privacy Protection Act (COPPA). In her role as privacy counsel, Nilou coordinates and leads the implementation of global privacy programs such as for international organizations subject to the CCPA and the EU General Data Protection Regulation (GDPR).

Nilou also advises clients on advertising, marketing, promotions and sales practices, as well as e-commerce platform compliance. Her experience encompasses counseling on licensing of user-generated content, the protections afforded by the Digital Millennium Copyright Act (DMCA) and the Communications Decency Act (CDA), clickwraps, customer testimonials, W3C disability accessibility standards and buy flow processes, as well as preparing terms of use, terms of sale and supply chain notices. In addition, she provides counseling on how to conduct compliant contests, sweepstakes and loyalty programs, as well as recurring membership subscriptions programs in accordance with ROSCA and state automatic renewal laws. She also has experience advising clients on how to conduct email and text marketing campaigns in compliance with consumer protection laws, such as the CAN-SPAM Act and the TCPA. In her role, Nilou counsels clients on digital advertising practices, including in relation to cookies and other types of tracking technologies, and the interplay of related consumer protection programs, such as enhanced notice requirements for cross-device interest-based advertising and the collection of precise location data.

Nilou’s experience also encompasses counseling clients on developing incident response plans and responding to security incidents, including addressing notification obligations and regulatory investigations.

Award Mouse thought multimedia interface book medal screen monitor
  • Advises clients in a wide array of industries on developing CCPA compliance programs, including drafting privacy notices, conducting data inventory and mapping, implementing processes and policies for responding to consumer requests, and drafting and reviewing vendor agreements.
  • Regularly develops and revises website and mobile application privacy policies and terms of use, conducts data practice assessments and audits, and advises on e-commerce platforms.
  • Advises clients on technology transactions, having represented both vendors and customers from the request for proposal through follow-up compliance.
  • Drafts and negotiates various types of multiparty contracts, such as data protection agreements, service agreements and end user license agreements.
  • Performs gap analyses and assesses potential privacy and security liability as part of mergers and acquisitions due diligence.
  • Counsels clients across a variety of industries on compliance with requirements set by self-regulatory programs, including the Digital Advertising Alliance’s Self-Regulatory Principles (DAA Principles) that cover entities engaged in interest-based advertising across websites or mobile applications and set forth enhanced notice requirements for the collection of precise location data and cross-device interest-based advertising.
  • Advises on advertising laws, e-commerce platforms and data collection practices across a variety of technological mediums.
  • Counsels on incident response investigations involving malware, inadvertent disclosure, network intrusion and ransomware.


  • University of California, Los Angeles School of Law, J.D., 2017
  • University of California, Los Angeles, B.A., summa cum laude, 2014


  • California, 2017

Memberships & Affiliations

  • International Association of Privacy Professionals (IAPP)
  • State Bar of California
  • Los Angeles County Bar Association
  • American Bar Association

{{}} {{insights.type}} {{insights.contentTypeTag}}
{{blog.title}} {{blog.source}}
Award Mouse thought multimedia interface book medal screen monitor