Careers

Diversity

With 18 offices, from New York to Los Angeles and Seattle to Orlando, we live and work in communities all over the U.S., collaborating across locations, disciplines and even borders. Our experienced, highly ranked lawyers serve businesses wherever they are and wherever they want to go.

Offices

About Us

Pages

Professionals

Thought leadership: blogs, podcasts, videos, publications, events and news

Insights

Services

Pro Bono

Am Law 100 firm with practices in Business, Digital Assets and Data Management, Intellectual Property, Labor & Employment, Litigation and Tax.

Home | BakerHostetler

John Carney Chairs and Speaks, Jimmy Fokas Speaks at PLI Basics of Accounting for Lawyers 2025

Webinar Series: Transforming Legacy Management Experience

Rebecca Schrote Presents on APEX Depositions at Columbus Bar Association CLE Session

To Help the New Administration Help Your Industry, You Need an Agency Strategy (Real Estate Finance Journal)

Carolina’s practice is focused on privacy, data protection and advertising. She has a range of experience, from international privacy and advertising compliance to data security issue spotting to business deals, including acquisition due diligence and contract drafting and negotiation. She is also skilled in a variety of coding languages, including Python and HTML. Carolina encourages companies to self-regulate and guides them in using best practices to facilitate future privacy trends.

Carolina is the founder and leader of BakerHostetler's interactive entertainment and video games team, which connects clients to the team of attorneys with video game experience, including those who are gamers themselves. She is also a member of the Video Game Bar Association. In addition to counseling business leaders in the video game and mobile app game industries, Carolina’s passion for gaming translates to an in-depth understanding of the challenges associated with XR technologies and multiverse platforms.

Carolina has experience with children’s and student data, including COPPA compliance and FERPA application, as well as biometric and genetic data, including BIPA and CUBI analysis. She also advises clients on certain advertising issues, including children’s advertising and CARU enforcement. Additionally, she has general experience in intellectual property issues, having advised companies and individuals on copyright infringement and fair use.

Before joining BakerHostetler, Carolina worked in law and policy at a number of technology-centric organizations, including the Future of Privacy Forum, Public Knowledge, Yahoo and Facebook. She also has basic reading and writing skills in Japanese.

core/freeform

J.D., Georgetown University Law Center, 2016, 

B.A., Political Science, University of California, Davis, 2012, 

New York

Carolina Alonso Provides Insight on Children’s Privacy Laws in Cybersecurity Law Report

ADventures in Law

COPPA is All Grown Up: FTC Finalizes Rule

Carolina Alonso Comments on Children’s Privacy Laws in Cybersecurity Law Report

Carolina Alonso Shares Their Journey to the Legal Profession with High School Students

Data Counsel

Year-End Review – Data Privacy Insights to Take into 2025

Trick-or-Track: Age Signals in New York’s Children’s Privacy Law

2024 DSIR Report Deeper Dive

2024 DSIR Deeper Dive: The Use of AI In Interactive Entertainment and Videogames

Deeper Dive: The Use of AI In Interactive Entertainment and Videogames

Webinar: The Privacy Strategist – The Children’s Data Life Cycle

Carolina Alonso Speaks on Panel at 2024 IAB PlayFronts

Deal Team Advises Private Equity Group on Acquisition of Specialty Logistics and Transportation Business

Data Privacy Team Speaks on Lawline.com Webcast

Carolina Alonso Participates in Fireside Chat with University of New Haven Students

10/10 Would Recommend: The FTC’s Proposed Rulemaking on Fake Reviews and Endorsements Indirectly Addresses Review Bombing in Video Games

Review of the Executive Order on Reforming Federal Funding and Support for Tribal Nations to Better Embrace Our Trust Responsibilities and Promote the Next Era of Tribal Self-Determination

AD Nauseam

AD Nauseam – Children, They are Indeed Our Future – COPPA Developments

Amy Mudge, Carolina Alonso and Tucker Sarchio Explore Children’s Online Privacy Protection Act

2023 Advertising CLE Webinar Showcase

Carolina Alonso discusses interactive gaming advertising at IAB training

DSIR Deeper Dive: Tribal Privacy Codes: Establishing Self-Governance in the Post-Internet Age

DADM Attorneys Take Part in Webinar on Cybersecurity Risks in Commercial Transactions

Carolina Alonso Presents at IAB Games Committee Meeting in New York Office

Aaron Goodman, Carolina Alonso and Jack Ferry Address Critical Marketing Issues for Businesses

Carolina Alonso Speaks at Young Lawyer Privacy and Data Security Committee Event

Carolina Alonso Speaks About What’s at Stake for Fashion in the Midterm Elections

Modeling the Privacy Catwalk: Practical Steps Forward

BakerHostetler Team Helps UK Private Equity Sponsor and Indian Portfolio Company Acquire Cians Analytics

BakerHostetler Team Assists Client with Major Acquisition

Carolina Alonso Speaks at CARU conference

Compliance concept with icons, virtual screen, businessman touching button

Leveling Up: Advertising to Children Through Video Games

Jeewon Serrato, Nichole Sterling Update Chapter on International Personal Data, Cross-Border Data Transfers

CARU’s Revised Guidelines Are Not Kid-ding Around

Melinda McLellan, Carolina Alonso, Shea Leitch, Alexandra Royal, Nichole Sterling Discuss Trends in Global Data Protection Law

Melinda McLellan, Carolina Alonso, Shea Leitch, Alexandra Royal, Nichole Sterling Join Data Protection Law Panel

Everywhere Commerce: Top Strategies for Mitigating Risk

Digital Assets and Data Management

Advertising, Marketing and Digital Media

Web3 and Digital Assets

Comprehensive State Privacy Laws

Digital Transformation and Data Economy

Privacy Governance and Technology Transactions

Employee Privacy

Industries

Media and Telecommunications

Interactive Entertainment and Videogames

Privacy and Data Security
<ul>
<li>Regularly provides counsel for the use of tracking technologies, such as cookies, on online properties (i.e., websites and apps), including considerations related to domestic and international opt in and opt out requirements, statutory and contractual obligations for disclosure of such use, tracking technology vendor contract and Data Processing Agreement review and negotiation, and reducing risk of litigation.</li>
<li>Partners with businesses owned by tribal nations on privacy-related issues, document drafting and implementation, such as privacy notices, tracking technology management, internal privacy policies, dark patterns, data mapping, data protection impact assessments, data retention and data protection contractual playbooks. This includes conducting on-site business-wide roundtables to fact-find, build internal team communication, pressure test and recommend remediation for data management and protection gaps. This also includes carefully assessing and drafting tribal privacy codes, in cooperation with tribal nations.</li>
<li>Participated in a part-time secondment at a global healthcare provider focusing on global and domestic privacy law compliance including foreign jurisdiction heat mapping considering the intersectionality of healthcare industry privacy laws and consumer privacy laws and data research and ingestion for improvement of services.</li>
<li>Participated in a three-year part-time secondment at a multinational technology conglomerate, focusing on general domestic and international privacy compliance, privacy training, privacy risk mitigations for software and hardware product launches, and biometric legal analysis and internal policy and procedure drafting. Supported products that integrate emerging issues such as machine learning and artificial intelligence, XR technologies, cryptocurrency, multiverse online experiences and youth protection and verification.</li>
<li>Participated in a six-month full-time secondment at a financial, software, data and media conglomerate, leading analysis and compliance with the CCPA, updated privacy policies and third-party agreements, assisted in launching mobile apps, assessed third-party data ingestion, implemented privacy-forward tracking technologies and conducted EU GDPR analysis.</li>
<li>Advises on general privacy-related compliance issues including the Federal Trade Commission Act’s enforcement against unfair and deceptive business practices and misrepresentations, drafting privacy policies (e.g., in line with privacy policy laws such as the California Shine the Light law and California Minor’s Privacy Right law), assessing adtech tracking technology use, implementation and compliance, drafting online service terms of use, subscription/auto-renewal terms, transaction terms, DMCA Agent registration and internal procedure, crowd privacy notices, and data service agreements for large, small, and emerging companies in various industries.</li>
<li>Advises on, drafts documents related to, and conducts compliance project plans for the EU General Data Protection Regulation (GDPR) privacy projects, including but not limited to policy gap assessments, EU Privacy Notices, Fair Processing Notices for Employees, EU data breach hotline, EU data breach notices and seeking guidance from EU regulators, EU Personal Data Breach Plans, vendor management procedure materials, EU Personal Data of children issues analysis, International Data Transfer materials (Privacy Shield/Model Clauses), Data Protection Impact Assessments, GDPR-specific contract language, and procedures for data subject requests.</li>
<li>Drafts employee training materials on privacy laws, regulations, best practices, and practical impacts (e.g., power points, internal procedures).</li>
<li>Supports projects related to biometric personal information (e.g., Biometric Information Privacy Act), including drafting application and practical advice memos and privacy notices. Has spoken on a podcast specifically about genetic privacy laws.</li>
<li>Advises clients on video game-related issues such as loot boxes, in-game purchases, digital currency, community terms, e-sports, streaming, influencers, tournaments, NFTs, gamer data privacy and security, marketing and advertising, first-party and user-generated content, sponsorships and first-party and third-party platform compliance.</li>
<li>Advises on, drafts documents related to, and conducts compliance project plans for collecting children’s personal information, the Children’s Online Privacy Protection Act (COPPA), and international children’s online service regulations (e.g., ICO’s design guidelines), including but not limited to practical application, enforcement risk and best practice memos, implementation of parental verification, user interface recommendations, COPPA privacy policies, internal COPPA procedures, data flow assessments and recommendations, and participating in speaking events. Also advises on children’s advertising issues, including enforcement by the FTC and CARU.</li>
<li>Advises on, drafts documents related to, and conducts compliance project plans for the California Consumer Privacy Act (CCPA) including but not limited to CCPA privacy policy language, data flow assessments, internal checklists (e.g., consumer request procedures), memos explaining why a businesses does not sell personal information and vendor contract remediation and negotiation.</li>
<li>Future proofs client’s policies and procedures by integrating practical advice on upcoming laws such as CPRA, VCDPA and CPA.</li>
<li>Facilitates and works with local counsel to provide global approach to privacy compliance. For example, ensuring launch of internationally-accessed mobile apps contain appropriate language relating to international arbitration and language that is not unfair and deceptive to international regulators. Also advises on cross-border issues, general privacy compliance and how to address U.S. compliance related to the EU, UK, China and other APAC jurisdictions such as Japan and South Korea.</li>
<li>Advises on various privacy and data security related laws including analysis of application of and drafting protected health information notices related to the Health Insurance Portability and Accountability Act (HIPAA), analysis of application of and drafting of contract terms related to the Family Educational Rights and Privacy Act (FERPA), analysis of, tracking of, and drafting contract language related to, state and federal employee and student privacy laws, analysis of the Fair Credit Reporting Act, analysis of the Gramm–Leach–Bliley Act, drafting of privacy policies for compliance with self-regulatory systems such as the Student Privacy Pledge, application of Racketeer Influenced and Corrupt Organizations Act (RICO) for certain data practices, general privacy ethics analysis and public relations considerations, and social media laws and e-discovery social media issues.</li>
<li>Analyzes and advises on anti-discriminatory laws including the application, best practices, and practical solutions related to the Americans with Disabilities Act of 1990’s user interface requirements and litigation threats, the California Unruh Civil Rights Act, the Equal Credit Opportunity Act, and the Robinson-Patman Act.</li>
<li>Counsels on data security incident issues, including drafting responses to incidents or breaches to those affected and to local regulators (i.e., through BakerHostetler’s Data Breach Hotline), vendor management and contract language such as data breach indemnification, and drafting Incident Response Plans.</li>
<li>Counsels on privacy issues in business transactions (e.g., mergers and acquisitions) including drafting Due Diligence Reports, supplemental material requests, and business transition privacy consideration materials.</li>
<li>Advises on employee privacy issues,, including internal product testing through employee participation and COVID tracing and recordkeeping requirements.</li>
<li>Advises on legal compliance and related privacy and cybersecurity risk issues relevant to various subject areas such as video games, cryptocurrency, NFTs, automated vehicles, connected devices, Internet of Things, interest-based advertising and other tailored advertising, and connected toys.</li>
</ul>
Media and Telecommunications
<ul>
<li>Represented a nonprofit organization focused on the rights of a group of disabled people in Federal Communications Commission (FCC) filings pertaining to media accessibility.</li>
<li>Co-authored filings with the United States International Trade Commission pertaining to the importation of mobile phone devices.</li>
</ul>
Advertising
<ul>
<li>Regularly provides counsel on domestic and international marketing issues including considerations as to blurring content, children’s advertising and COPPA, CAADC, dark patterns, subscription services, loot boxes and other user interface, service or game design.</li>
<li>For a large media company, provided insight into advertising regulations surrounding social media influencers.</li>
<li>Provided insight on false and misleading advertising in app stores to a non-profit focused on children’s advertising.</li>
<li>Advises on issues related to substantiation, sweepstakes and contest terms including drafting of such, interest-based advertising, and advertising to children.</li>
</ul>

Carolina A. Alonso

Carolina A. Alonso

Experience

Recognitions and Memberships

Insights and News

Prior Positions

Credentials

Languages

Community and Pro Bono

Areas of Focus

Industries

Services

Featured Insights