In July 2021, three tech companies behind the coloring book app ReColor were required to pay $3 million in civil penalties for privacy violations of children’s data privacy rights. The companies, KuuHuub Inc., Kuu Huub Oy, and Recolor Oy, allegedly collected personal information from children under the age of13 without the consent of their parents, in violation of the Federal Trade Commission (FTC) Act and the Children’s Online Privacy Protection Act of 1998 (COPPA). They were also required to delete all information they collected from the children, ensure the deletion of data given to third parties, and refund payments made by underage subscribers.
Also last July, Amazon was slapped with a €746 million fine ($887 million) for targeted advertising practices that violated the European Union’s (EU) General Data Protection Regulation (GDPR).
In today’s digital age, where data transfers and transactions cross international and intercontinental borders, it’s important for companies to be compliant with state, federal, and even international data privacy laws. Individuals must also be aware of their data privacy rights, as they are most often subjects of data collection and processing.
This is where privacy lawyers come in. This article provides an overview of who is a privacy lawyer, what a privacy lawyer does, and how to start a career in privacy law.
Privacy Laws Explained
Privacy law is a broad and general area of law, most commonly defined as “the collection of laws that relate to the gathering, storage, and use of personal information.” We’ve all given personal information to government or private entities at some point in our lives, perhaps even on a daily basis. We do this when we apply for a driver’s license, buy something online with a credit card, sign up to watch our favorite shows on a streaming app, consult a doctor in a physical or virtual space, post about our latest travel adventures on social media, and more. However, this doesn’t mean that these governmental or private entities can do as they please with the information given to them.
Privacy laws impose certain limitations on what government and private entities can do with the information. The laws also impose standards in order to ensure that the data is stored and processed securely, in order to uphold each individual data subject’s right to privacy.
Privacy laws are enforced on both the state and federal levels. For cross-border transactions, a foreign jurisdiction’s data privacy laws may also be applied, even to U.S. entities, such as in the case of Amazon in the European Union.
What Does a Privacy Lawyer Do?
In a nutshell, privacy lawyers specialize in general and specific areas of privacy law. There are different ways to categorize privacy lawyers. With regards to the general areas of practice, they may be involved in either compliance, litigation, or both.
Data Privacy Lawyer: Compliance
An information privacy lawyer may either work for a law firm or in-house in order to help ensure compliance with privacy laws. They are usually responsible for creating information security policies, protocols, and processes, while ensuring compliance with state and federal privacy laws, as well as foreign jurisdictions’ and international privacy laws, if necessary.
Privacy Law Attorney: Litigation
When companies or government entities sue or get sued for breaches of privacy law, that’s when litigation attorneys come in. In the event of a data breach, for instance, the litigation attorney may advise their client on how to deal with the legal repercussions, especially when they end up being sued in court. They may also be responsible for representing their client in cross-border litigation.
What Subject Areas Should Be in the Privacy Lawyer’s Portfolio?
Privacy law encompasses various laws on the state, federal, and global levels. That’s why a privacy lawyer should ideally be knowledgeable on various areas involving the right to privacy. This includes:
- Privacy Torts
- Fair Information Practices and Principles
- Health Information
- International Frameworks
- Financial Information
- FTC Enforcement
- Law Enforcement (4th Amendment and Electronic Communications Privacy Act)
- Government Records (FOIA and Privacy Act of 1974)
- National Security
- Big Data
- Marketing and Behavioral Advertising
- Social Networking
- Children’s Privacy
- State Attorneys General Enforcement
- Information Security
- Data Breach Notification
- Workplace Privacy
- Genetic Information
- GDPR and EU-U.S. Privacy Shield framework
- Practical Obscurity and Court Records
Although it is not necessary to be an expert in all these areas, one can build a better career as a privacy lawyer with a wider area of expertise. Even general practitioners can benefit from some level of familiarity with privacy laws. That is because at one point or another, anyone dealing in any industry will inevitably have to face privacy and data security issues, whether they’re in health care, media and communications, education, technology, retail, agriculture, services, and even nonprofits and charities.
How to Become a Privacy Lawyer?
Aspiring lawyers still in law school will definitely benefit from taking tech-related courses as early as possible. Some of the most lucrative areas of privacy law involve cybersecurity and technology law. It would also be great to explore internships while still in law school.
For those who are already practicing lawyers who wish to make a career shift into privacy law, they can still take postgraduate courses or fellowships. This will open up more opportunities to apply to firms that specialize in privacy law or to government agencies that need privacy compliance lawyers.
There are various career tracks to explore in privacy law, so there isn’t a one-size-fits-all approach to starting a career in this field. Many privacy lawyers, however, start getting hands-on training by working in a law firm. As the field is constantly evolving, there is always room for growth and new opportunities.
Conclusions and Final Thoughts
Information is the new currency of this digital age. Compliance with privacy law not only shields businesses and government entities from having to pay huge fines or spend on costly litigation; it also protects individuals from privacy breaches that may compromise their personal records and financial or health privacy. Besides, an ethical business must always ensure that they respect their customers’ and users’ rights to privacy and confidentiality. Thus, privacy lawyers also play a pivotal role in upholding the integrity of their clients’ business operations.