David N. Patariu

David Pataiu

David N. Patariu focuses his practice on matters related to privacy, cybersecurity, and data protection. David has counseled clients on regulatory compliance, litigation, mergers and acquisitions (M&A), intellectual property (IP), product development, and due diligence. He has a background in the technology industry, advising clients on compliance with laws and regulations at the state, federal, and global levels. His knowledge spans a range of security issues, including data breaches, information privacy, cyberattacks, network architecture, incident responses, and risk management.

David brings a wealth of experience to Venable’s eCommerce, Privacy, and Cybersecurity Practice Group. Prior to joining Venable, he was senior counsel in the global privacy group of a leading retail technology company, where he served as the legal lead on cybersecurity matters, security policies, privacy compliance, and data safety. In this role, he also managed the California Privacy Rights Act (CPRA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), Utah Consumer Privacy Act (UCPA), and Virginia Consumer Data Protection Act (VCDPA) compliance efforts, which included consent management, data mapping and lineage, machine learning, ad tech, and product guidance.

For several years David also worked in-house for a Fortune 100 telecommunications, digital media, and technology company, advising on risk-based data protection and privacy operational compliance monitoring activities, including third-party certifications and reporting to regulatory agencies.

As legal director, he advised internal teams on requirements under domestic laws (e.g., California Consumer Privacy Act (CCPA); Children's Online Privacy Protection Rule (COPPA)) and international privacy laws and regulations (e.g., the European Union’s General Data Protection Regulation (EU GDPR); China’s Personal Information Protection Law (PIPL); Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)). David has responded to regulatory inquiries and litigation, worked on multiple ad tech matters, led the deployment of privacy controls across the organization using the NIST 800-53 Rev. 4 Privacy Controls Framework, conceived and developed the first use of artificial intelligence to classify child-directed websites and apps for COPPA and ad tech compliance, led the rewrite of the company’s Europe, Middle East, and Africa (EMEA) privacy policy, and was privacy lead on the development and international deployment of the company’s first privacy-friendly search product. He was also the privacy-legal lead for the company’s app analytics, search, and data mapping/data lineage efforts; M&A; and divestiture matters.

Related Practices




  • J.D. Loyola University Chicago School of Law
    • Senior editor, International Law Review
  • M.S. Biomedical Informatics Stanford University Medical School
  • Graduate Certificate International Security The Freeman Spogli Institute for International Studies at Stanford University
  • Graduate Certificate Bioinformatics Stanford University School of Engineering
  • M.Eng. Computer Science Cornell University
  • B.A. Cornell University

Bar Admissions

  • California
  • District of Columbia
  • Illinois
  • Minnesota
  • New Jersey
  • New York
  • Texas

Professional Memberships and Activities

  • Privacy Law Specialist (PLS)
  • International Association of Privacy Professionals (IAPP)
    • Fellow of Information Privacy (FIP)
    • Certified Information Privacy Manager (CIPM)
    • Certified Information Privacy Professional/Europe (CIPP/E)
    • Certified Information Privacy Professional/United States (CIPP/US)
  • International Information System Security Certification Consortium (ISC)2
    • Certified Cloud Security Professional (CCSP)
    • Certified Information Systems Security Professional (CISSP)