This interview has been published by Anshi Mudgal and The SuperLawyer Team
With several years of experience in the legal industry, and an international practice, what initially inspired you to pursue a career in law? What experiences guided you toward specializing in this particular field of IP and Data Privacy, and how did your law school journey shape your career?
Growing up, I was the inquisitive child in the family, always asking questions like “Why?” “What does this mean?” and “How does this work?”, not to challenge authority, but out of genuine curiosity. So, when it came time to choose a career path, law felt like less of a decision and more of a natural evolution. After all, what better profession for someone who spent their childhood debating dinner table negotiations? Law gave me a way to turn that endless curiosity into something constructive, to ask better questions, find sharper answers, and help others navigate the “whys” and “what ifs” of the world.
But law was not my first choice. As a kid, I was equally captivated by science and believed I might one day become an aeronautical engineer. One of the defining moments that shifted my perspective occurred while watching Kalpana Chawla on the news during the Columbia shuttle tragedy alongside my father. I remember wondering, What happens when science fails? Who steps in when technology breaks down? That moment planted the seed for a different kind of career, one that still engages with science and innovation, but from a legal lens.
That curiosity eventually led me to intellectual property law, where science, technology, and legal reasoning collide in wonderfully complex ways. During law school in India, I immersed myself in this area through internships at prominent law firms, gaining exposure to a broad range of IP matters, including trademarks, copyright, technology, media, gaming and gambling, and entertainment law. The ever-evolving nature of IP, driven by innovation, fascinated me. I realized that IP law was not just about protecting rights, it was about fostering creativity, enabling progress, and balancing competing interests in a dynamic, global environment.
Thus, after graduation, I joined a law firm as an IP attorney to get a deeper understanding of the field, and just as I was getting comfortable, the GDPR arrived and I was hooked. The realization that lawyers have to adapt just as fast as the tech world made privacy law feel less like a compliance checklist and more like a moving target that I genuinely enjoyed chasing.
Eventually, that passion brought me to the Bay Area, the land of startups and innovation. Studying IP and data privacy here was not just about career growth; it was about being at the heart of change, surrounded by people building the future, and occasionally breaking things that lawyers then have to fix.
Looking back, my career has been shaped by one simple fact: I never stopped asking “why?” The difference now is that I have learned how to put those questions into memos, and a commitment to helping clients navigate the complex interplay between law, technology, and human creativity.
Starting your career with a prominent law firm, what were some key learning experiences during the early stages as you were mastering the fundamentals? Given the complexity and constant evolution of Data Privacy Laws, how did you develop an understanding of the field and stay ahead of emerging trends?
When I first started my career as an IP attorney at a law firm, freshly out of law school, I imagined a steady path through the world of trademarks and copyright. And for a while, that is exactly what I got: think counterfeit sneakers, branding disputes, and the occasional “no, you cannot copyright a concept” conversations.
But here is the twist no one warns you about in law school, clients do not show up with neatly categorized problems. They often bring you messy, modern dilemmas. And that is how I found myself dipping my toes into the complex pool of data privacy.
Working with clients ranging from mom-and-pop retailers to Fortune 500 tech giants, I quickly realized that every product launch or branding campaign had a digital component, and where there is data, there is drama.
Initially, my work was trademark-focused. But adjacent issues kept knocking on my door: copyright quirks, customs enforcement, and eventually, a new breed of question: “Hey, does our app accidentally violate three different international privacy laws?” Spoiler: it often did.
Slowly but surely, the law kept up to the technological development with the introduction of the General Data Protection Regulation (“GDPR”), aka “the EU’s gift to lawyers everywhere.” The Brussels effect had lawyers and tech enthusiast everywhere scrambling to understand cross-border compliance, and enough acronyms to make your head spin. What fascinated me was not just the law itself, it was the broader question of how we regulate innovation. The boundaries between intellectual property, consumer rights, and data governance began to blur, and I realized, this was the future.
What started as a curiosity has become a cornerstone of my practice. Privacy isn’t just a hot topic, it is a critical lens for understanding the intersection of innovation, ethics, and law in the digital age.
To stay updated and ahead of emerging trends, I rely on a well-balanced mix of strategies: regularly reviewing regulatory updates and key case law, tuning into insightful podcasts and panel discussions on evolving privacy topics, and subscribing to a few carefully curated newsletters. I have also joined privacy book clubs where we regularly discuss upcoming privacy regulations and challenges faced in the field.
So, while I did not imagine a career in the intersection of IP, privacy, and consumer protection, I am glad it happened. And for all the challenges this field throws at us, one thing is for sure: Privacy law is never boring.
After over four years at a law firm, you chose to pursue a Master’s degree at the University of California, Berkeley School of Law, specializing in Technology Law, Privacy Law, and Intellectual Property Law. What inspired you to focus on these areas, and how did your studies shape your understanding of data privacy laws on a global scale? Additionally, as a Research Assistant to Professor Sonia Katyal and an active member of the Women in Tech Law team, what other activities did you engage in, and how did these experiences influence your professional growth and development?
After over four years of tackling trademark disputes and navigating the growing tide of data protection concerns, I realized I wanted more than just answers. I wanted to understand the bigger picture. I was curious not just about what the law said, but why it was evolving the way it was, especially in response to rapidly shifting technologies.
Berkeley felt like the perfect fit: world-renowned faculty, cutting-edge tech-law curriculum, and if the future was being built in Silicon Valley, then Berkeley Law was clearly where it was being legally translated.
Immersing myself in this environment gave me something invaluable: perspective. Studying privacy law under experts who were helping shape legislation (rather than just interpret it) helped me move beyond the black-letter law mindset. I began to think more critically about regulatory intent, policy trade-offs, and the delicate balance between innovation and accountability.
Courses like Social Media Law and Computer Crime Law sharpened my understanding of how existing legal frameworks are being pushed by new technologies. Learning about Hollywood contracts one day and GDPR enforcement actions the next made me see just how interconnected everything is in this space, and how important it is for lawyers to be adaptable, tech-savvy, and a little creative.
Beyond academics, working as a Research Assistant to Professor Sonia Katyal was one of the most formative experiences of my time at Berkeley Law. Her work sits at the crossroads of technology, IP, and civil rights, and being part of a research project examining how copyright and trademark law intersect with identity and digital expression expanded my understanding of what the law can do, not just what it should do. It also refined my analytical skills, deepened my research capabilities, and taught me how to connect theory to real-world legal challenges.
As part of varied organizations such as Women in Tech Law and journals such as Berkeley Technology Law Journal, I had the opportunity to engage in real conversations about the future of the profession. One standout moment was interviewing Professor Jennifer Urban, Chair of the California Privacy Protection Agency (CPPA). That conversation gave me unique insight into the inner workings of a regulatory body and offered a front-row seat to the evolution of U.S. privacy enforcement.
These experiences, taken together, significantly shaped my professional growth. They helped me transition from being a subject-matter practitioner to a more holistic legal thinker. They taught me to approach problems from multiple angles: technical, ethical, regulatory, and commercial. Most importantly, they reaffirmed my passion for working at the intersection of law and technology and gave me the tools and confidence to lead in this space.
Berkeley did not just deepen my legal expertise; it expanded my entire outlook on the role lawyers can play in shaping the future.
As a student researcher at the American Civil Liberties Union (ACLU) of Northern California, you worked on the Digital Rights Project, focusing on policy research related to consumer data protection and compliance with California privacy laws, including the CCPA, CalOPPA, and the Song-Beverly Credit Card Act. How would you compare the data protection frameworks in the U.S., India, and Europe, particularly with your certification in these areas?
My time at the ACLU of Northern California’s Digital Rights Project offered invaluable insight into the nuanced and often fragmented landscape of U.S. privacy law. Unlike the European Union’s General Data Protection Regulation (GDPR) or India’s newly enacted Digital Personal Data Protection Act (DPDP), both of which adopt comprehensive, centralized frameworks grounded in fundamental privacy rights, the U.S. continues to follow a sectoral and state-by-state approach, creating significant variability and complexity in compliance.
One of the most interesting projects I worked on involved analyzing the privacy implications of QR code-based restaurant ordering systems. What initially appeared to be a straightforward user interface turned into a multi-layered compliance exercise involving the California Consumer Privacy Act (CCPA), California Online Privacy Protection Act (CalOPPA), and the Song-Beverly Credit Card Act. It served as a powerful reminder that even the most routine consumer interactions can involve intricate legal considerations, especially when sensitive data such as payment or behavioral information is collected and stored.
This experience strengthened my ability to assess data practices through a multi-jurisdictional, multi-sectoral lens, reinforcing the importance of understanding not just the legal frameworks involved, but also the underlying technical architecture of products and services. A lawyer’s ability to offer sound advice increasingly depends on their understanding of how data flows through systems, where risks lie, and how those risks intersect with evolving legal standards.
A key difference I observed between U.S. privacy laws and the GDPR lies in the scope and rigor of compliance requirements. The GDPR is both strict and expansive, there is no minimum threshold for applicability. Any company, regardless of size, that collects personal data from even a single EU resident is subject to the law. It is a deeply consumer-centric regime, with limited room for flexibility.
In contrast, while U.S. state laws like the CPRA, are also robust, they do provide some flexibility for companies, especially smaller entities and startups. Most U.S. privacy laws include applicability thresholds, based on revenue, number of consumers affected, or volume of data processed, before the obligations kick in. This approach allows smaller businesses a bit more breathing room to implement privacy compliance during their early growth stages, aligning legal obligations with business maturity. That said, it remains critical for startups to incorporate privacy-by-design from the outset, as crossing the threshold can happen sooner than anticipated. In short, the GDPR prioritizes consumer rights at every level, while U.S. laws attempt to strike a balance, offering strong consumer protections without stifling innovation and scalability.
This comparative analysis between the EU, India, and U.S. frameworks highlighted a fundamental truth: privacy compliance is not one-size-fits-all. It demands not only legal fluency but also a contextual, practical understanding of industry, technology, and jurisdiction. This foundational experience continues to shape my approach to privacy law, grounded in strong legal analysis but always mindful of the evolving global and technological landscape.
Being admitted to both the Indian Bar and the State Bar of California, how has your dual qualification benefited your practice? What advice would you give to aspiring legal professionals aiming to clear the California Bar Exam?
Being dual-qualified in both India and California, two jurisdictions that are home to some of the world’s most dynamic and disruptive startups, has significantly enhanced my ability to provide cross-border legal counsel, particularly in the areas of intellectual property and data privacy. This dual qualification allows me to advise clients navigating regulatory requirements, commercial expansion, and product launches across both legal systems. Where Indian law is rapidly evolving through legislative reform, California’s legal landscape is shaped by a combination of statutes and robust regulatory enforcement. Understanding these contrasts enables me to craft nuanced, business-oriented legal strategies that are tailored to the specific jurisdiction and sector.
As for the California Bar Exam, its reputation as one of the most challenging in the U.S. is well-earned, but not insurmountable. My advice to aspiring legal professionals is straightforward: treat it like a full-time job. Success requires consistency, discipline, and a well-structured study plan. I truly believe that the exam does not test intelligence, it is more about mastering the method, developing exam endurance, and performing under pressure. If you can commit to the process fully, passing the exam is absolutely achievable.
Ultimately, the effort is well worth it. Being admitted in California has opened up exciting opportunities to work at the intersection of law, technology, and innovation on a truly global scale.
Throughout your distinguished career, what strategies have you employed to maintain a healthy work-life balance? What guidance would you offer to others striving to manage both professional ambitions and personal responsibilities?
Let’s be honest, achieving work-life balance in the legal profession is often more aspiration than reality, something everyone talks about, but few actually manage to pin down. The nature of our work is demanding, high-stakes, and often time-sensitive. But over the years, I have learned that if you do not actively protect your personal life, your professional life will quietly take over every corner of it.
One mindset shift that has served me well is this: Don’t make work your life, make it part of your life. Law is what I do; It is not all of who I am. I have come to believe that you cannot be a high-performing professional if you are constantly running on empty. As the saying goes, you can’t pour from an empty cup!
For me, this means setting clear boundaries where possible. I carve out non-negotiable time for things that replenish me, whether that’s exercise, travel, sports, time with family and friends, or even just reading something that has nothing to do with legal theory. I also try not to romanticize the hustle. Being available 24/7 does not make you indispensable, it often just makes you exhausted. And, let us be candid: no matter how good you are, you are replaceable to your workplace, but not to your health, your loved ones, or yourself.
My advice to younger legal professionals is that ambition is important, but so is sustainability. If you are building a long-term career, you need to treat your time, energy, and wellbeing as strategic assets. Learn to say no. Take breaks without guilt. Celebrate small wins outside of work. And most importantly, define success on your own terms, not just by billable hours.
At the end of the day, being a fulfilled person makes you a better lawyer!
Get in touch with Anuja Shah –
Sumit@gmail.com
test
https://superlawyer.in/