The next big thing: data and privacy law
Read, network and don’t be deterred by a lack of understanding of technology, says Prof Woody Hartzog, a privacy expert who helped design a new data regulation course on the new Northeastern University Online LLM
“We will look back at the Cambridge Analytica debacle as a turning point for the world and certainly for the US and UK,” says Woody Hartzog, professor of law and computer science at Northeastern University, Boston, which has just launched an Online LLM open to students from the UK. “We saw for the first time how vulnerable we are, and how much information they had and, perhaps, the lengths to which some companies would go.”
For anyone who needs reminding, British political consultancy Cambridge Analytica rode into scandal in May 2018 when media outlets reported the company had acquired and used the personal data of up to 87 million Facebook users without their permission. The company, which worked on various campaigns including Donald Trump’s presidential bid and for Leave.EU, filed for insolvency two months later. The scandal is a perfect illustration not only of the speed of travel but the high stakes nature of data and technology law. “It’s about far more than privacy — it’s about democracy, it affects the workforce, it has an environmental impact, it’s about how we govern ourselves,” says Woody. “Data is now at the core of our modern lives.”
Data and technology is also an area that’s “booming” for law firms looking to hire, says Woody, which is why it features strongly in the online LLM program. Courses on the LLM are arranged into three clusters: intellectual property and technology law; international business law; and preparation for the California Bar Exam. The clusters were selected after holding extensive meetings with law firms. “We asked them what skills they wanted their employees to focus on and what skills they were looking for, and chose accordingly.”
Students in the online LLM program can explore data privacy laws in the US and Europe, the GDPR (the EU’s General Data Protection Regulation introduced last year) and its impact, content moderation, the ‘fake news’ phenomenon, the ability or willingness to tackle hate speech and the complex set of laws governing what social media can and should be taken down. Blockchain and copyright systems are another big area, as are issues surrounding data portability. “We want students to see the big picture and not just how these rules work but why they matter and how they might change,” he says.
For UK students considering the LLM, one of its attractions is that it covers both the US and Europe regulatory systems as well as giving students a foundational knowledge of US laws. “GDPR really changed the game worldwide for anyone practicing data privacy law,” says Woody. “There are two dominant models of privacy and data protection. One, the European model of GDPR, which focuses on processing rules, on rights of deletion and access. Two, the US model, led by the Federal Trade Commission, which focuses on consumer protection. It looks at where the harm is and whether there has been any deception. It is very valuable to have fluency in both models. If you can do that then you’re in a good position re-hiring.”
Woody began his career as an intellectual property litigator in private practice in 2003 and served as Clerk at EPIC (the Electronic Privacy Information Centre), a public interest research organisation that focuses on emerging privacy and civil liberties issues. He moved to the US Patent and Trademark Office in 2005 to work as a trademark attorney. He gained a PhD in mass communications at North Carolina at Chapel Hill in 2011, and taught at Samford University, where he was the Starnes Professor of Law, before joining Northeastern two years ago. He is widely published on privacy and data issues, and is the author of Privacy’s Blueprint: The Battle to Control the Design of New Technologies.
So, what advice does he have for someone wanting to forge a career in data and technology law?
He tells us: “There is a lot you can do. Employers have told us this is where they want to hire. Data privacy is booming and there are many opportunities. Many people think that they are not fit for a career in this because they don’t understand technology. My advice is that you don’t need a Bachelors in computer science to forge a career in this area. Don’t be discouraged if you don’t have a super-technical background. All you need is passion about the subject and that will drive you to do the necessary digging to master it.”
“Second, read as much as you can about the area. There are a lot of great books about data privacy. One really valuable thing to be able to do is to speak the common language used in this community, so read to become familiar with it, and look for opportunities to find out more. The IAPP (International Association of Privacy Professionals), for example, runs education events and certification programmes, and there are other similar organisations.”
He adds: “Third, because data privacy is a relatively new field, it is not as stuck in tradition as some other fields so people are typically quite friendly and approachable. This makes it easy to network, and the industry organises learning events and social events. Attend these and jump into the community feet first because my experience is that it’s a welcoming community. It doesn’t have the barriers that we sometimes see in other communities.”
About Legal Cheek Careers posts.