UC Hastings LexLab Helps Law Students, Professionals Grasp New Privacy Laws

professional people posing in a conference room
Data privacy legal expert Lothar Determann (left) moderated a panel of data privacy professionals – Jeewon Kim Serrato, Mariam Abdel-Malek, Barbara Lawler, and Leila Golchehreh (left to right) – at a Privacy Day event co-hosted by LexLab at UC Hastings on Sept. 29.

As a center focused on law and innovation, UC Hastings LexLab is tackling the most pressing technology issues of the day, including how new California privacy laws could change the way businesses handle personal data for decades to come.

To help law students and data professionals better understand the new laws, LexLab this fall co-hosted an event – Privacy Day — that brought legal and technology experts to campus. The experts helped break down the new rules, explaining what they mean for small to large business in California and across the globe.

Drew Amerson is director of LexLab at UC Hastings.

“It’s important that our students not just understand the basics of the law but see how it is actually being put into practice” said LexLab Director Drew Amerson.

LexLab teamed up with the California Lawyers Association Privacy Law Section and the Silicon Valley and San Francisco Bay Chapters of the International Association of Privacy Professionals to host the in-person and online event on Sept. 29.

Regarded by most experts as the strongest privacy protections in the United States, California passed two laws over the last few years that limit what data companies can collect, use, share, and sell. Much of the conference was focused on the impact of these two laws – the California Consumer Privacy Act (CCPA) of 2018 and the California Privacy Rights Act (CPRA) of 2020. Key provisions of the CPRA will take effect in January 2023.

man with long hair and glasses stands near table of professional women
Lothar Determann gave the keynote speech and moderated a panel of data privacy experts.

Keynote speaker Lothar Determann, the author of five books on data privacy laws, explained how the CPRA expands the definition of “personal data” and places new restrictions on certain companies. Determan has been practicing and teaching in the field since 1998.

A panel of data privacy experts discussed the practical steps businesses must take to comply and avoid harsh civil penalties. One panel member – Mariam Abdel-Malek, a director in Privacy Legal at Pinterest – said businesses will have two options: stop selling or sharing data, or continue the practice but give users the power to opt out.

Mariam Abdel-Malek is a director within Privacy Legal at Pinterest.

“Perhaps this company doesn’t want to make the statement that they sell or share data,” Abdel-Malek said. “They might prioritize the PR benefit of not having to make that statement over the revenue impact.”

Lydia de la Torre, a board member of the California Privacy Protection Agency who teaches a course on comparative privacy law at UC Hastings, discussed other recent changes to data privacy laws, including in Europe, in a conversation with Alastair MacTaggart, board chair and founder of Californians for Consumer Privacy.

UC Hastings LexLab Director Drew Amerson led a discussion between Lydia de la Torre and Alastair Mactaggart.

Mactaggart, who led efforts to pass the two California privacy laws, said he expects the regulations will shape national policy for years to come. De la Torre voiced concern about another privacy issue – the potential for law enforcement in certain states to use women’s private data to prosecute them for seeking abortion care.

Hannibal Huntley ’23, a student in the Technology and Innovation in Law concentration at UC Hastings, said he gained valuable knowledge from the exchange about an expanding field of law that promises to offer exciting careers for future lawyers.

“Privacy is a rapidly growing field of regulation, both in Europe and in California, and thus throughout the rest of the U.S.,” Huntley said. “The California Consumer Protection Act will lead to a burgeoning of in-house regulatory compliance jobs and an entire new sector of privacy compliance-focused firms.”