Justine Gottshall

Justine Gottshall


(e) jgottshall@infolawgroup.com  (P) 312.204.7199

Justine Young Gottshall is a partner at InfoLawGroup, having previously practiced at Hogan & Hartson (now HoganLovells) in Washington D.C. and as a partner with Wildman Harrold (now Locke Lord) in Chicago.   Ms. Gottshall has extensive experience counseling clients on privacy, data security, technology, information governance, consumer protection, and digital marketing and advertising issues. She serves as the Chief Privacy Officer of Signal and on the leadership committee for Stanford Women in Boards.

Ms. Gottshall was recognized in 2015 by SC Magazine as one of the 5 Women in IT Security: Women to Watch. She is recognized in Chambers USA for her work in the area of Privacy & Data Security and in Illinois for Entertainment and Media. In 2007 she was named to Chicago Lawyer and Chicago Daily Law Bulletin’s prestigious “40 Under Forty” list.

Ms. Gottshall is well suited to address the variety of compliance issues that exist in the digital age. She focuses on compliance counseling and drafting and negotiating related contracts for clients. She has extensive experience in privacy matters, including information governance and data management, online advertising, internal compliance policies, consumer policies, including web site policies, vendor management, and advising on privacy and security-related compliance strategies and programs. Ms. Gottshall also counsels clients on advertising and marketing issues, including user generated content, marketing to children, social media campaigns, co-promotions, e-mail and text message marketing, and consumer promotions. She also works closely with clients on technology matters, including e-commerce, software licensing and including “privacy by design” in the creation and launch of new products and services.

Ms. Gottshall is a CIPP and has served both on the IAPP Education Advisory Board and as a Chicago Knowledge-Net Co-Chair. She is a graduate of Stanford Law School and she graduated Phi Beta Kappa from the University of Michigan. She is a frequent speaker and author on privacy, digital marketing, and information governance.

Practice Areas

  • Privacy Compliance and Counseling
  • Digital Marketing
  • Privacy and Data Security Compliance
  • Internal and Consumer-Focused Corporate Policies
  • Information Governance
  • Advertising, Marketing, And Promotions
  • Technology Agreements
  • E-Commerce
  • Intellectual Property

Professional Associations

  • International Association of Privacy Professionals (IAPP) – CIPP; served as Education Advisory Board Member  and KnowledgeNet Co-Chair
  • Brand Activation Association
  • Illinois State Bar Association
  • Former Board Member, Emerald City Theatre


  • Stanford Law School, J.D., 1994, Symposium Editor, Stanford Law and Policy Review; 1994 Moot Court Board Vice President
  • University of Michigan, B.A. English and Theater & Drama, 1991, Phi Beta Kappa

Bar Admissions

  • Illinois
  • District of Columbia, 1995 (Inactive)
  • Maryland, 1994 (Inactive)


Subscribe to all posts by Justine Gottshall

The New CA Consumer Privacy Act: Don’t Panic (Yet)

California has pushed through an online privacy law that is sending some shockwaves through the Internet economy. On Thursday, June 29, the legislature passed the California Consumer Privacy Act of 2018 (“CCPA”), which the Governor signed swiftly. Beginning January 1, 2020, many companies that do business in California will need to make significant changes and … Continue Reading

Good News for Marketers: Federal Court Rolls-Back FCC’s 2015 TCPA Regulations

A D.C. Circuit Court has ruled that the Federal Communications Commission (FCC) under President Barack Obama overreached in part when it issued its 2015 order providing guidance and interpreting the Telephone Consumer Protection Act (TCPA) in an attempt to rein-in robocalls and unwanted text messages. This long-awaited ruling in—ACA International, et al., v. Federal Communications … Continue Reading

Cocktails and Conversation: Fran Maier Provides Insight on Lessons Learned – From Start Up to C-Suite to the Boardroom

InfoLawGroup is holding a series of popup panel discussions called “cocktails and conversations.” Our latest discussion was about what it takes for women to ascend to the upper echelons of business and featured successful entrepreneur and CEO, Fran Maier. Fran is now the CEO of one of the fastest growing gig-economy startups, Babierge, which is … Continue Reading

5 Best Practices for IoT Privacy Compliance

InfoLawGroup partner Justine Young Gottshall on IoT Privacy Compliance Best Practices in the September issue of Risk Management Magazine: 5 Best Practices for IoT Privacy Compliance. According to a January 2017 forecast from Gartner, 8.4 billion internet of things items will be in use worldwide this year—a 31% increase from 2016—to the tune of almost $2 … Continue Reading

Are You Keeping Up with COPPA? The FTC Just Updated Its Compliance Plan for Businesses

On June 21, 2017, the FTC released its updated its 6 step COPPA Compliance Plan for Businesses (“Compliance Plan”).   The changes to the Compliance Plan are intended to help businesses keep up with changes to technology and evolving business models in connection with the Children’s Online Privacy Protection Act (“COPPA”). The FTC states in its … Continue Reading

Now What? Plaintiffs Attack Popular Disclaimers in Online Terms of Use

In Short: An old New Jersey law – the Truth-in-Consumer Contract, Warranty and Notice Act or TCCWNA – is now being used to challenge website Terms of Use in a flurry of recently filed cases. These cases have not yet produced any guidance from the courts and the nebulous nature of the law complicates compliance. … Continue Reading

Developing a Privacy Compliance Program: A Roadmap

Please note this article has been updated October 2016, please see here for updated article. Developing a privacy compliance program is an essential, if often daunting, compliance step for organizations of all sizes, and across all industries.  InfoLawGroup partner Justine Young Gottshall recently co-authored an in-depth practice note on this topic, published by Practical Law and … Continue Reading

The FCC TCPA Order: What Does My Business Need To Know?

This Post Was Co-Authored by Partner, Justine Gottshall and Counsel, Brian Schaller The Federal Communications Commission (“FCC”) released its TCPA Omnibus Declaratory Ruling and Order (“Order”) regarding the Telephone Consumer Protection Act (“TCPA”) on July 10, 2015, which Chairman Tom Wheeler announced via a blog post and FAQ’s in late May. InfoLawGroup previously discussed the potential … Continue Reading

The Internet of Things: What All Companies Need To Know About the FTC Report

The FTC released its Report on the Internet of Things (“IoT”) on January 27, 2015 (“Report”).  While the Report is specific to IoT, including devices such as wearable fitness trackers and internet connected cameras and televisions, there are key takeaways for all companies operating online[1]. The FTC defines IoT as “’things’ such as devices or … Continue Reading

New California Regulation Regarding Minors Is Coming: Are You Ready? Part 2 – The Advertising Provisions

A new California statute, which originated as SB 568 and will be codified as § 22580 et seq. of the Cal. Bus. & Prof. Code, takes effect January 1, 2015.  The law has two key provisions: one addressing online advertising in connection with minors, which this post addresses, and one addressing a minor’s right to delete … Continue Reading

New California Regulation Regarding Minors Is Coming: Are You Ready? Part 1 – The “Eraser Button” Provisions

A new California statute, which originated as SB 568 and will be codified as § 22580 et seq. of the Cal. Bus. & Prof Code, takes effect January 1, 2015. Given the time it may take some sites, applications and online services to determine and implement appropriate compliance steps, now is the time to start considering … Continue Reading


By Justine Young Gottshall And Damien Wint As we approach six months since the Federal Trade Commission’s (FTC) amendments to the Children’s Online Privacy Protection Act (COPPA) Rule, 16 C.F.R. Part 312 (the “Rule” or, as amended, the “Amended Rule”) became effective, it is essential that any website or online service that is not in … Continue Reading


For operators of web sites, apps and other online services, change is definitely coming – and quickly.  On April 25, 2013, the Federal Trade Commission (“FTC”) issued updated Frequently Asked Questions (the “FAQs”) for its amended implementing rule (the “Rule”) for the Children’s Online Privacy Protection Act (“COPPA”).  The FAQs give some additional insight regarding … Continue Reading

FTC Settles With Online Advertising Network for Tracking Consumer Browser History

The FTC announced that it has settled claims against Epic Marketplace, Inc., an online advertising network, and its wholly owned subsidiary, Epic Media LLC (collectively, “Epic”) for tracking consumers’ browser history without their knowledge and without disclosing the practice in Epic’s privacy policy. According to the FTC’s complaint, Epic serves ads to approximately 45,000 websites … Continue Reading

Chesbro v. Best Buy Stores, L.P.: Court Rejects Defense of “Informational” Calls

Andrew Hoffman contributed to this post. What makes an automated call “telemarketing” versus “informational”? It might be less than you think. In a recent ruling out of the Ninth Circuit, Chesbro v. Best Buy Stores, L.P., the Court has ruled that certain calls are telemarketing calls subject to the TCPA, even if the calls do not explicitly … Continue Reading

FTC Seeks Comment on New Proposed Revisions to COPPA Rule

Co-Authored by Shannon Harell Yesterday, the Federal Trade Commission (“FTC”) released aFederal Register notice (“Notice”) seeking public comments on additional proposed revisions to the Children’s Online Privacy Protection Act Rule (“COPPA Rule”). As we blogged in September 2011, the FTC initially issued proposed revisions to the COPPA Rule and requested comments on September 15, 2011 (“2011 Notice”).  The … Continue Reading

Court Dismisses Countrywide Data Theft Suit

InfoLawGroup Counsel Andrew L. Hoffman contributed to this post. Another Court has held that plaintiff’s cannot recover for a breach of their sensitive data, absent a clear financial injury resulting directly from the breach.  On July 12, 2012, the U.S. District Court for the Western District of Kentucky dismissed a data breach lawsuit against various Countrywide Financial … Continue Reading

Text Message “Opt-Out” Case Dismissed

A recent dismissal of a plaintiff’s class action involving text messages sent to confirm the consumer has opted out should be welcome news to companies that engage in text message marketing.  Currently, the Mobile Marketing Association Guidelines require companies to send a single, final text message confirming the consumer has opted out when a “STOP” … Continue Reading

White House Released Privacy Framework Includes the Consumer Privacy Bill of Rights

The White House today released its white paper setting forth a framework for "Protecting Privacy And Promoting Innovation in The Global Digital Economy" (the " Framework"). The Framework is far reaching, touching on everything from a call for legislation, including a national standard for security breach legislation, to promoting international interoperability. The Framework centers on The Consumer Privacy Bill of Rights, which contains seven core principles relating to "personal data." Note that "personal data" is defined broadly, to encompass any data, including aggregated data, which can be linked to a specific individual, and may include data linked to a specific computer or other device. It is worth noting that the Framework includes, as an illustrative example of personal data, "an identifier on a smartphone or family computer that is used to build a usage profile." … Continue Reading

Privacy Hot Topics for 2012

As 2011 is coming to a close, many of us are thinking about what 2012 will bring. With regard to privacy, there are numerous key issues to choose from (and I am sure many privacy professionals would add to this list) - but from a corporate compliance standpoint, here are my top five picks for hot topics to address in 2012: … Continue Reading

MMA Proposes Mobile Application Privacy Policy Framework

The Mobile Marketing Association ("MMA"), an industry group, has released its Mobile Application Privacy Policy Framework ("Guidelines") for public comment, which they are accepting through November 18th. The intent of the Guidelines is to create a framework for developers to use to provide clear and functional privacy disclosures to consumers who use mobile applications.… Continue Reading