XPAN is a Women-Owned international cybersecurity and data privacy law firm.

Our Recent Posts

  • Are You a Joint Controller with Facebook? The CJEU’s Judgment in Case C-210/16
    How many companies maintain business-oriented pages on Facebook?  Millions. In today’s social media driven economy — where individuals digest […]
  • Our First Year in Review
    Dear Family, Friends, Team, Colleagues, and Everyone, XPAN is celebrating its First Anniversary — and what a wild adventure it has been. On […]
  • And the Saga Continues: On The Road Again to the CJEU with Shrems II
    Facebook has been caught in a legal battle concerning the adequacy of its data protection well before the Cambridge Analytical revelations that came to light in the past few weeks. While spending a semester in the United States studying at Santa Clara University, Austrian law student Max Schrems first became aware of Facebook’s limited grasp of the severity of European Union (“EU”) data protection laws in 2011 when a privacy attorney from Facebook spoke to his class. Angered by the lack of appreciation of the EU privacy law in his home continent, Schrems decided to write his thesis paper about “Facebook’s Misunderstanding of Privacy Law in Europe.” During the course of his research, Schrems learned that Facebook had been violating strict EU privacy law, which prompted him to file numerous complaints with the Irish Data Protection Commission (DPC) in 2011. He later rescinded this set of complaints because the DPC had ignored his efforts.
  • Is Nothing Sacred? Recent Hackings on Our Governmental Entities

    Somewhere, in another country or hidden in a basement down your street, a hacker is waiting in the dark searching for the vulnerabilities in our national infrastructure.  They are scanning systems for any threat vector which can serve as their entry into our world. This past week, we were treated to two recent hacking incidents against governmental entities that are the shape of things to come.  

  • In case you missed it, the CLOUD Act is now law

    In the midst of the Microsoft case, Senators Orrin Hatch (R-Utah), Christopher Coons (D-Del.), Lindsey Graham (R-S.C.) and Sheldon Whitehouse (D-R.I.), introduced the Clarifying Lawful Overseas Use of Data Act, or “CLOUD Act” in February, to create a framework for law enforcement to access data that is stored overseas.   At the time the CLOUD Act was first introduced, we addressed some of the potential impacts the Cloud Act would have in light of the pending Microsoft case, and the jurisdiction of data generally.  

  • But, I never gave you my data? The GDPR’s impact on data subject rights

    Let us set the scene.  You receive an email: sign-up for LinkedIn! Facebook! Instagram! [Fill in your Service of Choice here.]  And, once you click to create an account, the information is mostly pre-populated: your name, your email address, your current job, your “friends”, your location/region -- a number of pieces of information that may have you shaking your head asking:  how did they compile all of this information without my input and without me even knowing it?

Who We Are

Our team is led by the dynamic duo of Jordan L. Fischer, Esq. and Rebecca L. Rakoski, Esq.