RemoteTips
Back to Jobs
Associate General Counsel, Privacy
Shopify
Remote - Americas, United Kingdom, Ireland
Full Time
3 hours ago
Senior LevelLegalWorldwide
Over $120K

USD per year

Job Description

Associate General Counsel, Privacy

  • Remote - Americas, United Kingdom, Ireland
  • Legal

About the role

About the team

Shopify's Regulatory and Privacy Legal team is the front line for every regulatory, privacy, and data protection issue that touches the platform. We advise product and engineering teams on how to build things that work for merchants and comply with the law — often in jurisdictions where the law is still being written. We handle regulator inquiries, manage privacy incidents, negotiate with partners on data practices, and build the internal frameworks that make all of it scale. The team sits within Legal and works closely with, well, just about every other team in the company.

About you

You're a privacy lawyer who actually likes the hard parts — the ambiguous product question where GDPR and CCPA point in different directions, the data flow that doesn't map cleanly onto any regulatory framework, the partner negotiation where the data rights in the DPA are hotly contested. You're not looking for a role where you rubber-stamp DPIAs and maintain a privacy policy. You're looking for a role where you shape how a platform used by millions of merchants handles data at scale, and where the regulatory landscape changes faster than you can update your tracker. You should be a generalist with depth. You need to be able to triage a broad range of global privacy issues — cookies in the UK, ads consent in the EU, CCPA enforcement in California, data localization in India — and go deep when it matters. You should be comfortable advising product teams who are building things with tools that didn't exist three months ago, in regulatory environments that didn't exist six months ago. Agentic commerce, AI-generated content, cross-border data flows for merchant services — these are the problems you'll work on. You use AI tools reflexively. Not as a novelty — as a baseline for how you work. If you're not already using AI to draft, research, and build, this probably isn't the right fit. Seeking high-performing team players. This role reports to the Director, Privacy Legal.

What you'll do

  • Provide privacy counsel on complex product launches, new features, and strategic partnerships — particularly where Shopify is handling merchant and buyer data in new ways.
  • Partner on managing regulatory relationships and responses for privacy-specific inquiries, including from DPAs and US state enforcement agencies.
  • Drive cross-functional privacy initiatives that move the program forward — not just maintain it. Build the resources, frameworks, and playbooks that let the privacy function scale with the business.
  • Advise on data protection aspects of commercial agreements with merchants, vendors, and partners.
  • Partner with Privacy Engineering and Trust on incident response, data governance, and compliance infrastructure.
  • Maintain subject matter expertise in evolving global privacy law — GDPR, CCPA and other state laws, UK data protection, EU AI Act privacy implications, and emerging frameworks.

What we're looking for

  • You communicate complex privacy concepts in plain language. You can explain a cross-border data transfer mechanism to an engineer and a regulator in the same week and neither feels talked down to.
  • You have strong judgment about risk. This is not a compliance checkbox role. You will make calls under uncertainty and you need to be comfortable with that.
  • You build trust across teams. Privacy touches everything — product, engineering, legal, trust & safety, finance. You need to be someone people actively seek out, not someone they route around.
  • You're pragmatic about regulatory risk. You know the difference between "the law requires this" and "a regulator might care about this" and you advise accordingly.

Qualifications

  • J.D. or LL.B. with a license to practice law in the United States or Canada.
  • 8+ years of relevant legal experience — ideally a mix of law firm, government, and/or in-house.
  • Substantial experience advising on privacy and data protection matters including both GDPR and CCPA.
  • Technical curiosity — you need to be able to understand how data flows through systems and why that matters for compliance.
  • Experience managing outside counsel.
  • A privacy certification (CIPP/US,CIPP/E,CIPM) is a plus but not required.

You'll ramp up faster if you have

  • Experience engaging with regulators or enforcement agencies on privacy matters.
  • Experience advising on AI and data governance issues.
  • Experience building or shipping something using AI tools.
How to Apply
About Shopify

Shopify is a leading global commerce company, providing trusted tools to start, grow, market, and manage a retail business of any size. Shopify makes commerce better for everyone with a platform and services that are engineered for reliability, while delivering a better shopping experience for consumers everywhere. Shopify powers millions of businesses in more than 175 countries and is trusted by brands such as Allbirds, Gymshark, PepsiCo, Staples, and many more.

Visit company website
View Company Profile
Associate General Counsel, Privacy at Shopify - RemoteTips