On Teaching My Privacy & Technology Course

A Santa Clara Law experiential privacy course that will prepare law students for privacy practice in tech

This week, I begin teaching (remotely given the pandemic) my Privacy & Technology course at Santa Clara Law’s leading privacy law program. This course has been eight months and hundreds of hours in the making, so I am very much excited and just ready to begin working with the students.

Course Objectives

My main objective in creating the course is to prepare students as privacy professionals in the tech sector. In addition, I want to introduce them to the nascent privacy tech landscape, which is near and dear to my heart. More practically, I want them to be able to identify and provide recommendations to address a tool’s privacy pitfalls, learn how to create a privacy review process and use such processes to conduct one. I want them to begin learning the technical concepts and nomenclature in privacy. They’ll learn about privacy by design and privacy engineering, product development lifecycles, privacy enhancing technologies (PETs), and so on. Lastly, I want them to cultivate the fact-finding and other practical skills needed to learn how a product collects and processes personal data.

What makes this course so special?

I’m particularly proud of this course. What makes this course so special? Well, many things, but I’d like to highlight the following, in particular:

1. It’s an experiential course that aims to prepare our privacy law students to practice as privacy professionals in the tech sector. Santa Clara already has a robust privacy offering, from an introductory privacy law course, to a comparative GDPR vs. CCPA/CPRA course, and a cybersecurity law course, to name a few. My Privacy & Technology course will demand students to apply their theoretical knowledge from previous courses and certifications to real-life facts. Given their existing background knowledge in privacy, the focus will be on doing, instead of digesting or outlining.
2. What will they be doing, exactly? The course involves consulting projects with privacy tech startups. Throughout the semester, student groups will work with Privacy Request, Privacy4Cars, SECURITI.ai, and Transcend to learn about one of their products and their related data processing, identify and provide recommendations to address privacy pitfalls, draft a product privacy data sheet to address customer questions, and create and perform a privacy review of their product, amongst other things. At the end of the semester, the students will present their startups with these compiled product privacy deliverables. I’m grateful to Peter Barbosa, Andrea Amico, Rehan Jalil, and Ben Brook for their privacy forward-thinking in participating in this course.
3. We also have amazing guest lecturers who will be sharing their decades+ experience in privacy and technology. Compliwith.Me co-founder and author of The Privacy Engineer’s Manifesto, Michelle Finneran-Dennedy, will be coming in to guest lecture about privacy engineering. R. Jason Cronk, CEO of Enterprivacy Consulting and author of Strategic Privacy by Design will cover privacy reviews. Experienced CPO Fatima Khan will help our students think about the legal and privacy pitfalls in privacy tech. Santa Clara Law alum and incoming RingCentral CPO Paola Zeni will cover product privacy data sheets.
4. We have an amazing team who supported me in the development of this course. My sincerest gratitude to Prof. Eric Goldman, Associate Dean Flynn, Managing Director Joy Peacock, Adjunct Prof. Lydia de la Torre, Interim Dean Han, and my amazing TA, Emily Ashley, for their time and feedback. Additionally and beyond Santa Clara, I’m grateful to Profs. Daniel Solove and Woodrow Hartzog for sharing their insights on privacy law teaching and academia.
5. This is my first course as an adjunct professor of law, and I’ve been told this course is the only one of its kind — I mean, it would be quite surprising if there were another like it when we just finished creating it. I’m extremely excited to be contributing this course to Santa Clara Law’s existing privacy law program.

Why this course?

I was inspired to create this course after years as a privacy practitioner in the tech sector. When I started out, I had the benefit of a comprehensive introduction to privacy law course with leading privacy thinker, Prof. Solove, whose course gave me a solid background in privacy law, theory, and policy.

But because my law school didn’t offer a practical privacy course at the time, I had to self-teach the tech side of privacy. A lot. I learned about the privacy engineering domain by reading works by Michelle Dennedy and Lorrie Cranor. I tried to keep up-to-date on the latest PETs. I took courses on the cybersecurity domain. Learning the technical side to privacy was made easier by having colleagues in Information Security, Engineering, Product Management, and R&D teams who were extremely generous with their time and knowledge.

That said, there was no substitute for doing. Years passed working with 100+ tech companies, startups, and global organizations, asking the right questions to understand a product’s data processing became natural. Working with engineers, security, and product teams became my favorite aspect of my work. (Keep those data processing agreements away from me!) Bridging the gap between law, policy, and technology suddenly became like breathing.

As I began working with new practitioners, law students, and interns, I was reminded that the gap is real and bridging it is no easy feat for those just breaking into the cross-functional privacy field. I hope to help jumpstart my students’ journeys as privacy practitioners in tech with this course.

Lastly, we could’ve chosen to work with any startup, but we chose privacy tech startups given my current work in and passion for this nascent space, and these startups’ increased incentive to prioritize product privacy.

We will share more about the Privacy & Technology course as the semester progresses, including impressions from the students, startup founders, and guest lecturers. For now, wish us luck as we embark on this adventure!