Andy Dale, General Counsel and Chief Privacy Officer at OpenAP: Captains Of Industry

As part of our Captains of Industry Interview series, Lawrence Brown, Sr. VP Legal, Houston had the fortunate opportunity to connect with privacy and legal expert Andy Dale, General Counsel and Chief Privacy Officer at OpenAP. Andy's career path has taken him through leadership roles at major technology and media companies, including Alyce (acquired by Sendoso), SessionM (acquired by Mastercard), and dataxu (acquired by Roku). It is our immense pleasure to share Andy's invaluable insights with you. Enjoy!

Introduction:

Q: What does OpenAP do?

Founded and owned by the largest TV networks in the U.S., OpenAP is fundamentally changing the way advertising is bought and sold on television. We are powering a more sustainable model for ad-supported TV by creating technology that enables advertisers to reach their target audiences more effectively across multiple networks and platforms.

Q: And tell us about your background/path to your current role?

My career path wasn't exactly linear. After college, I spent time at ESPN as a production assistant before deciding to attend law school. After graduating, I worked at a firm doing general corporate work, clerked for a judge, and then joined TD Ameritrade, where I handled commercial and technology contracts.

My journey into privacy really took off when I joined Dataxu in 2014 as their first lawyer. I built the legal team from scratch and led their GDPR implementation as Data Protection Officer. The company was later acquired by Roku. From there, I moved to SessionM as General Counsel and VP of Global Data Privacy before it was acquired by Mastercard. I then joined Alyce as their GC and CPO, helping the company scale.  Alyce was eventually acquired by Sendoso.

Currently, I'm the General Counsel and Chief Privacy Officer at OpenAP, where I'm responsible for the legal, privacy, and people operations functions. Throughout my career, I've focused on the intersection of law, technology, and privacy, which has been an incredibly fulfilling path.

Privacy and Legal Leadership

Q: Your career has evolved from privacy-focused roles to broader GC positions. Is privacy becoming a new pathway to the GC seat?

Absolutely. Privacy has emerged as a clear pathway to the General Counsel role, particularly in technology companies. Privacy professionals develop a unique blend of skills that are invaluable for GCs. We understand complex regulatory frameworks, translate technical concepts for business leaders, work cross-functionally, and enable the business to support innovation, not just cover risk.

Privacy forces you to understand both the technical aspects of products and the commercial goals of the business. You can't be effective in privacy without understanding how systems work and how the business generates revenue. This combination of technical, business, and legal knowledge creates a solid foundation for becoming a GC.

I've seen many peers follow similar trajectories, moving from privacy-focused roles to broader legal leadership positions. As privacy becomes increasingly central to business strategy, this trend will likely continue.

Q: What would you advise a Board to consider when determining the profile of their next General Counsel?

I think it really depends on the stage and type of company. Public companies may want a very different profile than a VC or PE-backed company. So, in advising boards on the role, I would steer more towards the type of person they seek as opposed to a particular set of skills.  I think often, there can be confusion in seeking a GC to “do an IPO” and run a public legal department.  In reality, these are two different asks and may be served by the same person, or different people with unique experiences.  Ultimately, my advice is to find a person you trust to do things that they both have and have not done before. The best GCs have the ability to handle a variety of complex situations, deftly utilizing their skills, network, law firms, and peers.

Q: What advantages might privacy professionals have over other legal specialists (like commercial or IP attorneys) when pursuing GC positions?

Privacy is a part of every single business unit.  In each scenario, the lawyer is required to balance multiple challenges.  This broad cross-section provides a really unique advantage in serving a business as a leader.    

Q: What skills from your privacy background have proven most valuable in your GC role?

Three skills from my privacy background have been particularly valuable:

First, the ability to navigate ambiguity. Privacy laws are often complex and open to interpretation. Working in this space taught me to make practical decisions with incomplete information and to assess risks without clear precedents - skills that are essential for any GC.

Second, cross-functional collaboration. Privacy work requires partnerships across engineering, product, marketing, and executive teams. These collaborative skills are critical in a GC role where you need to align legal strategy with business objectives.

Third, the ability to communicate complex concepts simply. Privacy professionals must translate technical requirements and legal obligations into actionable guidance. As GC, this skill helps me ensure that legal advice is understood and implemented throughout the organization.

Q: What skills gaps do privacy professionals typically need to address when transitioning to a GC role?

I suggest seeking mentorship from GCs on how to handle leadership meetings and development of relationships with other leaders.  I also think spending time with individual members of non-legal functions to attain as much day to day knowledge of the business.

Q: In your experience, does having privacy expertise make you a more effective GC in acquisition or investment scenarios?

100% YES.  Data strategy, privacy, security, and technology are a huge part of the pre-deal consideration phase and deal due diligence. The privacy expertise resting in the GC can be a huge advantage in those conversations and projects.  The GC needs to show up as more than just the “lawyer” but as a key strategic leader in the business.  This enhances the internal value of the GC post-deal as well.

Q: How do board interactions differ between a CPO and GC role, and how can privacy leaders prepare for that expanded relationship?

I think in each case, the GC should be prepared to speak to the specific business needs and logic behind any legal questions in front of the board and ensure that the GC comes with a clear POV.  Bringing a board a recitation of “risks” or challenges without the plan of attack doesn’t create a view of the GC or legal function as a strategic partner, which should be the end goal.

Q: How have you seen the relationship between privacy and legal departments evolve over your career?

Earlier in my career, privacy was often siloed from the legal department or treated as a compliance checkbox. Today, we're seeing much closer integration. At smaller companies, the roles are frequently combined, while at larger organizations, privacy leaders typically report to the GC or sit at the same executive level.

This integration makes sense because privacy issues touch nearly every aspect of a business and require legal expertise. However, privacy also needs independence and visibility to be effective, which is why we're seeing more CPOs with direct board reporting lines.

What's most exciting is that privacy is increasingly viewed as a strategic business function rather than just a compliance exercise. Companies are recognizing that strong privacy practices build customer trust and create competitive advantages.

Building Privacy Programs

Q: You've built privacy programs at multiple companies. What are the key components of an effective privacy program?

1 Privacy needs visible support from leadership to be taken seriously across the organization. Privacy champions at the executive level can help secure necessary resources and elevate privacy considerations in strategic decisions.

2 Enable business and innovation.  Work with teams to push innovative ideas forward while considering privacy each step of the way.  Privacy by design means embedding privacy considerations into product development, marketing campaigns, sales, and data management practices. Always think and talk about how to achieve something first, rather than flagging risks immediately. You may ultimately decide not to do something, but the lens of enablement is critical.

3 Design for scale. As the company grows, its products and privacy programs need to evolve with it. Every decision in building a program needs to scale.  From data use in features to consent to record-keeping.    

Q: How do you balance innovation and compliance when it comes to new technologies like AI?

This is the million-dollar question right now! If the GC isn’t asking how the organization can leverage AI tools, then they’re missing a critical moment.

Try to build governance programs designed to ensure clear policies for data usage, model training, and deployment that incorporate privacy and ethical considerations from the beginning.

Cross-functional collaboration is essential here. When developing AI governance frameworks, I bring together privacy, legal, security, data science, and business stakeholders to ensure we're addressing all perspectives. This collaborative approach helps identify creative solutions that enable innovation while mitigating key risks.  In this instance, the privacy or legal team can be the leader of this collaboration.

Privacy Management Best Practices

Q: How do you approach building strong partnerships with engineering and product teams?

Spend time learning some of the most important technical aspects of products and the business goals driving development. Engineers and product managers appreciate legal partners who understand their challenges and constraints and iterate with them.  Any process installed needs to be clear, flexible and involve the group.  Good documentation helps as well.

Q: Are there metrics privacy pros can use to measure their impact on the business? The return on their company’s spend on privacy?

Use CRMs or call recorders like Gong to track calls where lawyers are involved.  Create a series of “touch” based metrics where legal and privacy teams have assisted in GTM efforts, product development meetings, or launches.  This type of directional data is great and can help privacy/legal show up like other teams, backed by data.

Q: The privacy landscape is constantly evolving. How do you stay current with new laws and regulations?

I rely heavily on my personally developed community of privacy-focused GCs and CPOs.  I also utilize professional networks like the IAPP and TechGC. These communities provide valuable insights and practical perspectives that go beyond what you'd find in formal legal updates.

I've built relationships with knowledgeable outside counsel who specialize in privacy. They help me track emerging trends and identify issues that might impact our business.

I participate and lead in industry working groups and standards bodies. These forums provide early insights into how regulations are being interpreted and implemented across different sectors.

Q: What advice would you give to privacy professionals looking to advance to GC roles?

For privacy professionals looking to advance to GC roles, I'd offer several pieces of advice:

First, expand your legal expertise beyond privacy. Volunteer for projects involving commercial contracts, IP, employment, or corporate governance. These experiences will broaden your skill set and demonstrate your versatility.

Second, understand your company's business model, ecosystem, revenue drivers, and strategic objectives.      

Third, build some foundational leadership/exec skills.  Practice communicating complex legal concepts clearly and concisely to non-lawyers. The ability to provide practical, business-oriented advice is essential for a GC.

Career Development

Q: What has been your most challenging privacy issue to date, and how did you address it?

The most challenging privacy issue I've faced was leading GDPR implementation at Dataxu, which was an AdTech company with complex data flows and numerous partners. The challenge was magnified by the lack of clear regulatory guidance and the potentially existential business impact.

To address it, I formed a cross-functional team with representatives from engineering, product, business, and legal. We conducted a comprehensive data mapping exercise, redesigned consent mechanisms, updated contracts with partners, and implemented new data subject rights processes.

We also worked with companies in our ecosystem on joint solutions, held roundtable meetings, and had many lawyer-to-lawyer conversations to drive the industry forward in complex times.

Q: Looking ahead, what emerging privacy trends should companies be preparing for?

First, AI regulation will accelerate. We're already seeing this with the EU AI Act and various state-level approaches in the US. Companies developing or deploying AI systems need to prepare for new compliance obligations around transparency, fairness, and human oversight.

Second, US State laws will continue to pass (we may one day get to 50), creating more and more nuance and shifting requirements for businesses to operate.  Develop conviction in approaches but be ready to shift as needed.       

Q: Anything else you'd like to share?

If you’re new to privacy or seeking to break in: Privacy offers a unique blend of legal, technical, and strategic challenges, and there's still a shortage of experienced practitioners.  If privacy is a passion, harness it in every way possible.  Show up at events, conferences and meetings.  Showing initiative and drive is half the battle!

To this end, don't underestimate the importance of community. Privacy can be complex and sometimes overwhelming, but we have an incredibly supportive professional community. Organizations like IAPP, networking groups, and mentorship relationships have been invaluable throughout my career.