XPAN Law Group
Privacy • Discovery • Cyber Security • Data Management
Banner Background.png

Data Privacy Series

Global Data Privacy Compliance

The GDPR and Higher Education #4: International Data Transfers

We are concluding our series on the Impact of the European Union’s General Data Protection Regulation (“GDPR”) on Higher Education Institutions located in the United States.  The first post frames the application of the GDPR to higher-education institutions; the second post focuses on the two key roles under the GDPR:  data controllers and data processors; and the third post focuses on data processing and key rights under the GDPR.  This final post in the series discusses the data transfer provisions under the GDPR:  key to US-based institutions that intend to transfer data related to EU data subjects to the United States.

Read More
XPAN Law Group, LLC
The GDPR and Higher Education #2: Universities as Data Controllers & Data Processors

As we discussed in our first blog post framing the impact of the European Union’s General Data Protection Regulation (“GDPR”) on higher education, there are a number of key GDPR provisions that higher education institutions should be aware of when contemplating GDPR compliance.  This second blog post will focus on data controllers and data processors, key definitions and roles under the GDPR.

Read More
XPAN Law Group, LLC
The Impact of the GDPR on Higher Education in the United States Blog Series

Colleges, universities, institutions of higher education-- however you want to frame it -- are organizations devoted to the development of academic subjects. They create environments ripe for intellectual exploration and the exchange of information. They provide a platform for individuals from across the globe to collaborate on ideas and develop the innovations of tomorrow. These institutions are a treasure-trove of data.  Inherent in the functioning of any higher-education organization is the free flow of ideas (i.e. data):  data related to the individual students, data related to studies conducted by these institutions, data related to research and development.  Basically, they are institutions of data.

Read More
XPAN Law Group, LLC
A Funny Thing Happened on the Way to the Office

I try to make most of my blog posts about current legal issues in the area of cybersecurity and data privacy because so many businesses do not fully understand cybersecurity, how it works and what they can do to protect their company. As my law partner often says, cybersecurity is like pandora’s box and many companies do not want to open that box because they are scared and do not know what is inside.  However, this is not that kind of post. I am angry. And really, more than angry, I am upset. And why may you ask?? Simply because I received a telephone call. HUH???

Read More
XPAN Law Group, LLC
Biometric Data under the GDPR

With the launch of the iPhone X, the debate around using biometric data as an authentication method has become mainstream.  To recap, the iPhone X is making thumbprint access to a mobile device a thing of the past:  now, all you need is your face (and, of course, the iPhone X).  While thumbprint access has become standard in most mobile devices, the use of facial recognition is new for most consumers.

Read More
XPAN Law Group, LLC
Sticking Your Head in the Sand: How NOT to Approach the GDPR

In speaking with entities, of all sizes and all industries, we are often confronted with the same series of questions over and over again regarding the EU’s General Data Protection Regulation (“GDPR”):  why do I need to comply?  Is the EU really going to enforce this?  What are the odds (as if we have a Magic 8-Ball) that the EU will actually sanction me?  That is in essence like saying: what are the odds I will be hit by a car?  I don’t know, but I still look both ways before crossing the street and I have insurance because I don’t want to risk it.  The doubters, the deniers, the wait-and-see’ers;  these are the entities that will get hit by the GDPR.  They hope that the GDPR will not be as extensive, or as intrusive, or as devastating as privacy experts are saying and while we don’t have a Magic 8-Ball, the response we give these naysayers is, “All signs point to Yes!”.

Read More
XPAN Law Group, LLC
An Active Europe: Driving the Data Protection Conversation

Today, Europe is increasingly being seen as driving the conversation on privacy protections in the age of technology.  The CJEU is a particularly vocal participant in this conversation:  from 2000 to 2015, the CJEU has decided thirty-one (31) decisions related to data protection, often defining the individual’s right to privacy contra government and commercial entities.  

Read More
XPAN Law Group, LLC