Nicole approaches her legal practice from both a global and a business perspective: she advises clients in a way that factors the broader ramifications of the legal issue before them, in addition to practical considerations. In this, she strives for effective and efficient advocacy.
A member of Ifrah Law’s Privacy Law team, Nicole is a certified privacy professional with expertise in European privacy law (CIPP/E), in particular the GDPR. She helps companies to navigate the changing face of privacy regulations and to keep their business practices and partnerships in compliance with the law both domestically and abroad. She regularly advises clients on:
- Public-facing privacy statements
- Internal privacy policies
- Data protection agreements
- Data retention practices
- Data breach response procedures
- Employee privacy training
Helping to serve the firm’s litigation and enforcement practices, Nicole’s work also includes federal agency investigations and enforcement, bid protests and business litigation, and white collar defense. She has worked on matters involving the Federal Trade Commission, Department of Justice, Internal Revenue Service, Offices of Inspector General of several federal agencies, and Attorneys General of numerous states. Nicole also has worked on many matters in which clients have proactively opposed government action – before administrative as well as judicial bodies. When necessary, she has taken policy issues to congressional offices and committees.
Some of her representative matters include:
- For a U.S.-based eSports company that operates in a number of jurisdictions around the globe, Nicole counseled on GDPR compliance measures and requirements, helping the company to revise its policies, notices and consents, identify E.U.-based compliance support, and strategize compliance best practices for their business.
- For a U.S.-based online advertising company that is regularly rated as one of the top CPA networks, with clients worldwide, Nicole helped the company on ground-up GDPR compliance, including internal policies, partner contracts, customer-facing notices and consents, and compliance best practices. She continues to advise the company on GDPR compliance issues as questions arise.
Professional + Community
- Certified Information Privacy Professional/Europe (CIPP/E) Certification, International Association of Privacy Professionals
- President and Member of the Board of Directors of the Alliance Francaise de Charlottesville
- Former Member of the Board of Trustees for the International School of Charlottesville
- Regular Contributor for the Foundation for Economic Education
"District of Columbia – Data Protection Overview"
OneTrust DataGuidance
Read more"FeedFront Magazine Issue 50- Affiliate Summit"
Contribution to the 50th Issue of Feedfront
Read more"The Definitive Guide to Online Gaming and Betting in the U.S."
Comprehensive eBook from Ifrah Law, available as a complimentary download
Read more"The Legal Fallout For Harvey Weinstein’s Hired Hands"
Law360
Read moreA. Jeff Ifrah, Moderator, "Mock Trial: United States v. Ginger McKenna", iGNA 2015, Planet Hollywood Resort & Casino in Las Vegas, Nevada
"You’ll Never Guess Who’s Trying to Hack Your iPhone"
FEE.org
Read more"Are You Prepared For a Government Probe?", National Defense Magazine
Securing Dismissal of a False Claims Qui Tam Suit
Jeff Ifrah successfully represented global health care leader Merck in a False Claims Act qui tam suit and got the case dismissed.
The suit involved a whistleblower that worked for a health care buying company (a group purchasing organization that purchases supplies and drugs). Terminated from the buying group, the employee alleged she was retaliated against because of issues she raised about the buying process.
The case was brought before the U.S. District Court for the Northern District of Texas, and 18 drug companies were named as defendants in an alleged bribery scheme. Jeff represented Merck, which was one of the named defendants. He filed a successful motion to dismiss the complaint, based on the former employee’s alarming lack of specificity in her claim.
Not only was our motion to dismiss successful, it was efficient: Jeff won the dismissal roughly one year after Merck and the other defendants were originally served.
(United States ex rel. Fitzgerald v. Novation LLC, et al., S.D. Tex., No. 3:03-CV-01589))
Google Play Gives Online Gaming Another Boost
We have seen commercial winners and losers in the COVID era. Online gaming has been a clear winner, with record participation during shelter-in-place times. It just received another boost thanks to a policy change at Google: Google Play recently announced it will allow gambling apps in the Google Play store starting March 1. This is a… Read More
Schrems II Screams: CJEU Decision Puts Companies in Tailspin Over EU-US Data Transfers
The privacy world is abuzz about the European Court of Justice’s July 16, 2020 decision in Schrems II: Europe’s highest court invalidated the EU-US Privacy Shield framework. The Privacy Shield provides a streamlined mechanism to facilitate personal data transfers from Europe to the U.S. It was implemented in 2016 following the invalidation of an earlier… Read More
FTC Settles with Gaming App for False Representations about Children’s Privacy
On July 6, 2020, the Federal Trade Commission announced a settlement with gaming app developer Miniclip S.A. The settlement addresses allegations that Miniclip falsely claimed membership in a Children’s Online Privacy Protection Act (COPPA) safe harbor program for the last several years. Miniclip boasts more than 1 billion downloads of its 45 “high-quality mobile games”… Read More
FTC Enforcement reminds Companies to live up their Promises
The FTC recently announced its settlement with Tapplock, Inc., a maker of smart padlocks (Internet-connected fingerprint-enabled padlocks that you can use in lieu of old-fashioned combo locks). The FTC investigated the Canadian-based company for its allegedly false claims that its Internet-connected smart locks were designed to be “unbreakable” and that the company took reasonable steps… Read More
Failure to Certify: Companies That Falsely Claim They Are Privacy Shield Certified or Let Their Certification Lapse Face Enforcement Action.
Does your company’s privacy policy include a claim that it is Privacy-Shield certified? If so, you should ensure that it is, in fact, certified and that the certification has not lapsed. Failures in this area are low-hanging fruit for government enforcement actions. A little background on the Privacy Shield Framework. The U.S. Privacy Shield framework… Read More
