Americans today are accustomed to seeing cybersecurity in the news. Indeed, data has become a prized commodity that’s transforming the way businesses and institutions operate. But information privacy is more than a headline – it’s a dynamic, high-growth field facing a severe shortage of trained professionals. That’s why Maine Law offers a series of summer courses on critical and current information privacy issues.
Existing attorneys can leverage the session to earn CLE credits or venture into a growing and dynamic new practice area; current J.D. candidates can develop a valuable specialty while still in school. Whether you’re deeply familiar with information privacy law or new to the subject, this summer session could change your career.
2021 Information Privacy Summer Institute
The Center for Law + Innovation at the University of Maine School of Law hosted its annual summer institute in privacy and information security law from May 24 – June 11, 2021. A special one-day Privacy in Practice Conference was also held virtually on June 11, 2021 as part of the Summer Institute.
Summer 2021 Course Offerings
In 2021, leading privacy scholars gathered virtually at our 12th annual Information Privacy Summer Institute to discuss:
May 24 – 28, 2021
Personal data is the raw material for business models in industries ranging from online advertising, social networking, cloud computing, health and financial services. Governments, too, rely on personal data for purposes such as national security and law enforcement, urban planning and traffic control, public health and education. Emerging technologies greatly enhanced data collection, storage and analysis. In this context, public and commercial interests strain against individual rights, with privacy law serving as the mediator. This course will place privacy within a social and legal context and will investigate the complex grid of legal structures and institutions that govern privacy at state, national, and international levels. Students will be taught how to critically analyze privacy problems and make observations about sources of law and their interpretation, with an emphasis on the global nature of data. The final grade will be based on class attendance/participation, and a take-home exam.
Gabe Maldoff is an associate in the Privacy and Cybersecurity group at Covington & Burling LLP. He advises global clients on privacy, data protection, and technology law issues, with particular focus on international frameworks, cross-border transactions, and the privacy implications of emerging technologies. Before joining the Washington, DC, office, Gabe worked for three years in a top-ranked European data protection practice in London, UK, where he advised technology clients on compliance with the General Data Protection Regulation (GDPR) and European telecommunications and marketing laws. Gabe also served as a Westin Fellow at the International Association of Privacy Professionals. His research on U.S., Canadian and European privacy and national security laws has featured in journals in the U.S. and Europe. Gabe continues to write and speak widely on issues related to privacy and data protection, and to represent industry associations and non-profits on matters of public policy. Gabe holds a J.D. from the University of Maryland Law School and a B.Sc. from McGill University in his hometown of Montreal, Canada. In his spare time, you’ll find him on his bike, on his skis, or looking for a mountain to climb (even if it’s just the steps to the Lincoln Memorial these days). He currently serves as a member of the Arbitration Panel for the EU-U.S. Privacy Shield Framework.
June 1-2, 2021
In the United States, the Federal Trade Commission enforces not just the Federal Trade Commission Act and its prohibitions against unfair and deceptive practices, but as well laws that prohibit restraints of trade and other anti-competitive practices. In recent years, giant U.S. tech companies like Apple, Facebook, Amazon and Google have come under scrutiny – if not congressional investigation and even litigation – for allegedly monopolizing digital markets. The European Commissioner for Competition is also keenly interested in the actions of these and similar players. This course will introduce students to competition law, including a comparative look at how the EU approaches it, to prepare them for legal and policy issues their clients might face as they collect, process, and share personal information globally, and even participate in the consolidation of data assets through mergers and acquisitions. Grading will be pass/fail and based on class participation and a short in-class presentation.
Rita Heimes is the General Counsel and Chief Privacy Officer of the International Association of Privacy Professionals. Prior to joining the IAPP as its first Research Director in 2015, Rita was a law professor and academic dean at the University of Maine School of Law, where she directed the Center for Law + Innovation and developed the nation’s first Privacy Pathways program. She continues to serve as a Senior Privacy Fellow for the law school and directs the Information Privacy Summer Institute. Rita spent several years in private practice with law firms in Seattle, Boulder and Portland. She has a BA in Journalism from the University of Iowa and a JD from Drake University School of Law.
June 4-11, 2021
Privacy has been a notoriously difficult issue to pin down, and changes in law and technology have made privacy a moving legal target, especially for compliance professionals. On top of the complexities created by privacy laws, the increasing use of artificial intelligence technologies creates a new set of opportunities, and a new set of problems. This course explores the current issues in the law around privacy, artificial intelligence, and the interactions between those two fields. In addition to gaining an understanding of the state of the law, you will come away from the course with a better of understanding of what artificial intelligence actually is, how it’s used, and why it matters. After exploring these concepts, we will consider the ethical questions surrounding data use and artificial intelligence, and implications for the future. This course concludes with an all-day conference organized by the University of Maine School of Law in collaboration with Northeastern University’s Roux Institute and Law School covering topics in AI, privacy and ethics. Grading will be based upon class participation, an in-class presentation, and a final paper.
Christopher Escobedo Hart is a partner and co-chair of the Privacy and Data Security Practice in the Boston office of Foley Hoag. He has counseled and represented sovereign nations, Fortune 500 companies, start-up companies, non-profits, and individuals in a wide variety of contexts for over a decade. He represents clients before the U.S. Supreme Court, argues in appellate courts across the country, including successfully before the Massachusetts Appeals Court and Supreme Judicial Court; and advocates on behalf of clients in federal and state courts nationwide. He also frequently represents clients in significant internal investigations. Chris has a BA from Harvard University, a MA from St. John’s College, and an JD from Duke University School of Law.
Brittan Heller is Counsel in the Washington DC office of Foley Hoag. She has structured her practice at Foley Hoag around the areas of law, technology and human rights. She specializes in advising companies on privacy, freedom of expression, content moderation, online harassment, disinformation, civic engagement, cyberhate and hate speech, and online extremism. As the founding director of the Center on Technology and Society for the Anti-Defamation League, Brittan proposed new policies and implemented programs to prevent bias, racism, discrimination, and the spread of disinformation, with a focus on protecting minority populations. She also collaborated with major online platforms and gaming companies to combat cyberhate, and produced and launched new technology for good, in mediums like AI, VR/AR/XR and data visualization. Brittan has a BA and MA from Stanford University, and a JD from Yale Law School.
June 7-10, 2021
In contrast to legal regimes that restrict localization of data to a single jurisdiction, omnibus data protection laws like the EU’s GDPR generally authorize the transfer of personal data across borders under appropriate circumstances. The policy objective of data transfer rules contained in such laws is to ensure that the level of privacy protection afforded by the exporting jurisdiction shall be maintained by the importing jurisdiction, while enabling the free flow of information. In the United States, privacy advisors to cloud providers, corporate affiliates, banks and consumer internet businesses alike must learn how to implement the safeguards used to enable these global data flows. In 2020 this task was further complicated by the Court of Justice of the European Union’s decision in its landmark “Schrems II” ruling, which invalidated one commonly-used US transfer tool and created new rules for “supplemental safeguards” that are required to support transfers to various third countries, depending on the attributes of legal regimes in the countries themselves. This course will survey the international data transfer provisions contained in Chapter V of the EU’s GDPR with a special emphasis on the European Commission’s model contractual clauses, read in light of the Schrems II decision. Grading will be pass/fail and based on class participation and a short in-class presentation where each student will present their recommendations to support transfers to an assigned jurisdiction.
Justin leads data privacy within Naspers—a South African global internet group and one of the largest technology investors in the world. In his role, he supports investee companies ranging from start-ups to mature multinational players on legal compliance, M&A, contracting, policy and training. He counsels executives, corporate finance, artificial intelligence, product, engineering and public affairs teams on data policy, risk and privacy programme management, and runs the group’s data privacy secondment programme. Previously, Justin served as Assistant General Counsel for Privacy & International Policy at Yahoo!, representing the company before world governments, APEC, the COE, the EU’s Article 29 Working Party and technology-focused trade associations on regulatory matters. An experienced international practitioner, he has served as an expert privacy advisor to the OECD’s Working Party on Information Security and Privacy in its 30-year review of the OECD Privacy Principles, and currently serves as the Chairman of the Board of Directors of the International Association of Privacy Professionals.