Director, Legal AI & Data Gov

About The Position

Requirements

• A J.D. from an accredited law school and an active license to practice law in at least one U.S. state
• 10+ years of experience in privacy, compliance, legal, or technology policy roles. At least 3 years dedicated to AI/ML governance or emerging technology regulation.
• Deep knowledge of global privacy laws (GDPR, CCPA and other state privacy laws) and their intersection with AI
• Strong understanding of the EU AI Act, NIST AI Risk Management Framework, and emerging US state AI regulations
• Experience developing governance frameworks, policies, and compliance programs
• Understanding of AI/ML technologies, their applications, limitations, and associated risks
• Experience with data governance principles and data lifecycle management
• Practical understanding of common digital advertising and marketing campaign models—including affiliate marketing (e.g., partner networks), brand advertising, performance marketing, and user acquisition—across both web and mobile environments. Ability to assess how data flows, identifiers, consent requirements, and regulatory risk vary by campaign type and platform.
• Excellent interpersonal skills with proficiency in presenting complex regulatory concepts to technical and non-technical audiences
• Proven track record to work cross-functionally and influence collaborators at all levels

Nice To Haves

• Familiarity with AI governance tools and platforms (model registries, model cards/system cards, explainability frameworks, compliance monitoring systems)
• Experience engaging with regulators and participating in industry standards development
• Demonstrated expertise in the digital advertising ecosystem, including programmatic advertising models and the associated privacy and data governance risks across DSPs, SSPs, ad exchanges, and measurement providers.
• Strong familiarity with bid stream data, clean room technologies (e.g., Snowflake, InfoSum, Habu), and identity and onboarding solutions (e.g., LiveRamp, UID2.0, hashed email, MAIDs).
• Experience in e-commerce, marketplace platforms, or consumer technology companies
• Background in litigation or regulatory enforcement related to technology or data
• Understanding of international AI regulatory frameworks beyond EU/US (e.g., UK, Canada, Brazil)

Responsibilities

• AI Governance Framework Development Establish and maintain a comprehensive AI governance framework by developing policies, standards, and risk assessment methodologies that align with regulatory requirements and eBay’s core values. Establish AI risk classification methodology and work cross-functionally to maintain an enterprise AI inventory/registry Established history of applying AI tools and capabilities and integrating AI into workflows
• Regulatory Compliance & Risk Management Monitor (in partnership with Government Relations) and interpret global AI regulatory developments, including the EU AI Act, existing and emerging US state AI laws (including Colorado, Texas, and California), and sector-specific requirements Conduct legal AI risk assessments and impact analyses for new and existing AI applications Develop and implement compliance strategies that address evolving regulatory requirements while enabling innovation Advise teams on legal and regulatory implications of AI initiatives and impact of current and emerging laws Translate complex privacy consumer protection regulations—including GDPR, ePrivacy, CCPA/CPRA, U.S. state privacy laws, and global marketing regulations—into practical mentorship for advertising use cases such as real-time bidding (RTB), audience matching, measurement, attribution, frequency capping, and cross-context behavioral advertising.
• Privacy & Data Governance Integration Coordinate AI governance with existing privacy and data frameworks in partnership with the Privacy team to address specific considerations such as automated decision-making, profiling, and data minimization. Lead all aspects of data lifecycle management considerations specific to AI/ML systems, including training data governance, model documentation, and data retention Experience in drafting, reviewing, and negotiating advertising and data partnership agreements, including Data Processing Addenda (DPAs), privacy exhibits, data use restrictions, audit rights, and security schedules. Established experience in crafting agreements that prevent downstream data leakage, limit secondary use, and clearly delineate controller/processor and “service provider”/“contractor” roles. Partner with Privacy team to address AI-specific privacy considerations (e.g., automated decision-making, profiling, data minimization)
• Partner Engagement Serve as the internal subject matter authority on AI governance, providing mentorship to business units, product teams, and executive leadership Participate in development and delivery of AI governance training programs for employees across technical and non-technical functions Establish relationships with internal partners and external collaborators including regulators, industry groups, and standards organizations