2018 Privacy Institute

2018 Summer Institute in Privacy and Information Security Law

The ninth annual summer institute in privacy and information security law from 
May 29 – June 15, 2018


Global Privacy Law:

2 credits/ 12 CLEs (May 29 - June 1, 2018)
Professor Rita Heimes


Course description:
Personal data has become the raw material for business models in industries ranging from online advertising, social networking, cloud computing, health and financial services. Governments, too, rely on personal data for purposes such as national security and law enforcement, urban planning and traffic control, public health and education. Emerging technologies greatly enhance data collection, storage and analysis. In this context, privacy laws strain to continue to protect individual rights. This course will place privacy within a social and legal context and will investigate the complex mesh of legal structures and institutions that govern privacy at state, national and international levels. Students will be taught how to critically analyze privacy problems and make observations about sources of law and their interpretation, with an emphasis on the global nature of data. The course will include at least one day focused on practical applications of the European Union’s General Data Protection Regulation. The final grade will be based on class participation, attendance and an exam.


Privacy and the Federal Trade Commission

2 credits/ 12 CLEs (June 4-5 & 7-8, 2018)
Professor Woodrow Hartzog


Course description:
Since the late 1990s, the Federal Trade Commission (FTC) has been enforcing companies’ privacy policies through its authority to police unfair and deceptive trade practices. Despite over fifteen years of FTC enforcement, there is no meaningful body of judicial decisions to show for it. The cases have nearly all resulted in settlement agreements. Nevertheless, companies look to these agreements to guide their privacy practices. Thus, in practice, FTC privacy jurisprudence has become the broadest and most influential regulating force on information privacy in the United States — more so than nearly any privacy statute or any common law tort. Yet this body of law is regularly overshadowed and remains opaque to many businesses dealing with personal information and even legal and technical professionals. This course will explore the FTC’s role in privacy and data security.

The goal of this class is to equip students with an advanced understanding of the FTC’s privacy jurisprudence and the potential obligations of companies who deal with personal information within the FTC’s jurisdiction. Grades will be based on class attendance, participation and a final exam

Ethics and Operations in Privacy Law Practice

1 credit/ 5 CLEs 1 Ethics (June 11-14, 2018, 9:00AM - 12:00PM)
Professor Ginny Lee '05


Course description:
This course will cover the “how” of privacy lawyering, including professional responsibility challenges confronted by in-house privacy counsel serving roles like Chief Privacy Officer and Data Protection Officer. It will provide students with pragmatic guidance on topics such as privilege, conflicts of interest under the GDPR (General Data Protection Regulation), playing the dual role of privacy lawyer and business counsel, working with outside counsel. The course will include tips and strategies for building a privacy program and implementing privacy by design concepts. Additionally, the course will delve into privacy lawyering from the outside counsel’s perspective, including topics such as law firms as vendors, their privacy/security obligations, engagement letters and data protection agreements.

Drafting and Negotiating Privacy Contracts

1 credits/ 6 CLEs (June 11-12 & 14-15, 2018, 2:00PM - 5:00PM)
Professor Justin Weiss '06


Course Description:
External privacy counsels and in-house practitioners alike must be ready on day one to advise their clients on specialized forms of contracting – specifically, data processing agreements. The obligation for a company that will share personal data with third parties to document its instructions to such data processors or data controllers is by now well-established in data protection practice and in law, notably in the European Union’s General Data Protection Regulation. This course will serve as a practicum for students and professionals, aiming to assist them to understand, construct, draft, negotiate and ultimately execute various forms of data processing agreements from both a customer and a vendor perspective with confidence. After surveying the origins of these instruments and distinguishing them from confidentiality and non-disclosure agreements (NDAs), students will review the European statutory requirements for data protection clauses, including the specialized data processing agreements that can be used to support international data transfers to entities established in jurisdictions that lack legally-sufficient data protection frameworks of their own (such as the United States of America). Relying on diverse source material, including standard agreements promulgated by some of the world’s largest multinational Internet and cloud service providers, students will evaluate the content of the agreements topic by topic, and will explore challenges that arise in the negotiation of the details of such clauses between service providers and their clients, particularly in the context of a power imbalance between negotiating parties, with different levels of risk tolerance.

right body border
© Copyright 2017 Center for Law and Innovation | 246 Deering Avenue, Portland, ME 04102
E.mail: lawandinnovation@maine.edu