As more companies adopt cloud services and as regulations governing them tighten in the US, EU and elsewhere, business is flourishing for lawyers specializing in data privacy.
Employment opportunities have bloomed, and law schools were not slow to spot the demand. They are answering the market’s call with a number of programs that specialize in data privacy and negotiating cloud contracts, which are likely to become more numerous.
“There is a significant amount of work for attorneys specializing in data privacy,” says Eileen Decker, lecturer in law at University of Southern California’s Gould School of Law. A number of US states have adopted comprehensive data privacy laws while the 2018 passing of the General Data Protection Regulation (GDPR) in Europe has “created a labyrinth of laws and issues requiring skilled and informed attorneys, who are now specializing in this complex field”, she says.
GDPR means that a company moving client data across borders must ensure its cloud service provider assumes responsibility for the process. A breach could lead to a fine of €20m or a law suit from clients, generating work for attorneys. “Business has blossomed for lawyers specializing in data privacy,” says Decker. “Most firms have dedicated practice groups who work exclusively on data privacy issues.”
She says this has created new employment opportunities in law firms, as well as with government agencies charged with enforcement, and nonprofit organizations that are monitoring the impact of the new data rules.
Timothy Banks, instructor of the LL.M. in Privacy and Cybersecurity Law at Osgoode Hall Law School in Toronto, agrees. “The demand for experienced privacy professionals, including data privacy counsel, has never been stronger and shows no signs of abating,” he says. “Not only has the move to cloud services sharply accelerated, but privacy regulation is strengthening worldwide with increasingly complex laws.”
A number of new Data Privacy LL.M. programs
Osgoode Hall is one of a number of law schools offering LL.M.s in this area in response to a rise in interest among students for content on data privacy as well as internet law and related business opportunities. University College London offers an LL.M. program in Privacy, Data and Surveillance Law while Drexel University in the US runs an online LL.M. in Cybersecurity and Data Privacy.
“[There’s] a thirst to tackle the big policy issues facing governments and societies today – such as competition issues relating to large tech companies, international cyber espionage, and right-sizing the powers of privacy regulators,” says Banks.
Osgoode Hall’s LL.M. is delivered part-time and prepares participants for roles in the data privacy field. To succeed as a privacy lawyer requires keeping up to date on the changes to data laws in key jurisdictions around the world, says David Goodis, partner at the INQ law firm and instructor of Osgoode’s LL.M.
He says it’s also important for privacy lawyers to gain a deep understanding of the often competing principles beyond privacy laws — for example, protecting individual rights versus fostering innovation. “A good privacy lawyer is adept at applying these laws and principles in a practical setting, and finding solutions to real-world problems,” says Goodis.
USC Gould’s Decker has also noticed a sizable increase in interest in data privacy among LL.M. students.
“My information privacy law class is now double the size it was when the course was first offered just three years ago,” she says. “This last semester, I had a sizable waitlist for the course.”
In addition, USC Gould now offers an online certificate program in Cybersecurity and Privacy. “The demand for that class has increased significantly in just the last year,” says Decker. “Two online [cohorts] will be offered for the certificate program during the summer of 2021 alone.”
The law school provides a practical and current curriculum that addresses evolving privacy topics, taught by experts like Decker and others. She says that attorneys practicing privacy law must be highly dedicated and adaptable. “They must follow developments in the law which are happening every day, the trends throughout the nation and the world in order to adequately assist their clients.”
Decker notes that law firms themselves are also adopting more technology such as cloud computing, further raising the importance of an education in privacy law. “Law firms around the country, large and small, have had their data breached and, in some cases, client information has been compromised,” she points out. “It is critical that law firms and lawyers protect client information and hackers have shown how easily such data can be compromised.”
