Information Privacy & Data Protection (Spring 2021)


This course is an introduction to information privacy and data protection law and policy. Governments and every sector of the economy collect, use, store, and share personal data. The headlines mirror the ubiquity of data use; nearly every day there is a new story about government surveillance, location tracking, identity theft, corporate data breaches, predictive analytics, or artificial intelligence. As these concerns have grown, so has the body of law surrounding them, from the paradigm-shifting U.S. v. Carpenter case in 2018, to the EU’s General Data Protection Regulation that went into effect in 2018, and the California Privacy Rights Act, passed by ballot initiative just this past November, which itself rewrote the California Consumer Privacy Act—of 2018.

The course combines a practical approach to the daily problems that a privacy lawyer will face with the theory necessary to understand how the law is developing. We will cover the constitutional, statutory, and common law rules of privacy, as well as federal and state enforcement activity. We will learn about the policy questions arising from data-driven technologies, the theory behind them, and the questions to ask when assessing information practices. We will also examine privacy and data protection law through a critical lens, asking how the concepts interact with questions of discrimination, poverty, due process, and justice.

Course Objectives

At the end of this course you will be able to:

  • Articulate and differentiate the different concepts and values contained in the idea of privacy
  • Understand the basic structure of information privacy and data protection regulation in the United States and European Union, as well as how they interact
  • Recognize the types of problems a privacy lawyer faces in practice and how one might approach them
  • Critically evaluate the effects of data use and regulation on power relationships in society, including effects on consumers, relationships between individuals and governments, and effects on marginalized populations
  • Anticipate how the legal landscape on data protection is likely to change in the near future

Class Meetings, Review Session, Final Exam

We will meet Monday, Tuesday, and Thursday, from 10:45–12:00 PM, on Zoom (link on MyLaw page).

The review session for this course is scheduled for Thursday, May 6, 9–10:15AM. The final exam will be on Thursday, May 13. You will have a 24 hour period to complete what I expect will be a 4-hour exam. (This is what I think is most likely right now, but the specific details are subject to change with plenty of notice).


The casebook for this course will be McGeveran, Privacy and Data Protection Law. The 2019 Supplement is available in the OneDrive folder, linked to the right. Other readings, handouts, and lecture slides will also be made available there.


Regular attendance is required for all classes at UCLA Law. Pursuant to our academic standards, students who do not regularly attend class may, at my discretion, be prohibited from sitting for the final exam, resulting in a grade of “F” or being dropped from the class. Students for whom this may be an issue will receive a written warning before this final action, and may need to attend all remaining classes after the written warning is given. If you must miss a class because of a medical need, or serious familial, religious, or professional obligation, please email me at least 2 hours before class to request an excused absence. Class will be recorded and the recordings will be available for review, but attendance will be taken and watching the recording is not a substitute for attending class sessions.


Your grade will be based on your performance on the final exam (80%) and your class participation (20%).

Class Participation

I expect you to come prepared to participate in class discussion. Good preparedness requires both reading and thinking about the material before showing up in class. Because this is an upper-level course, we will not necessarily discuss every bit of the reading assignments at length. I do want you to read the material for a full understanding of the topic. I encourage questions about anything you find puzzling.

Please note that you will be assessed on the quality, not the quantity, of your participation (though there is certainly correlation). Quality does not mean giving the “correct” answer; thoughtful discussions are more important than facile answers. We will be exploring many new topics for which the answers may change year to year or even week to week, so the answer today might not be the answer tomorrow; it is much more important to learn how to reason through the issues. The key is to be prepared and engaged. Any poor assessment regarding your participation will be the result of protracted absence from class, lack of participation, disrespectful comments, or sustained evidence of lack of preparation and engagement.

You are expected to support each other as colleagues in a joint learning community. Each class member is entitled to your respect, your professionalism, and a presumption that their views are being offered in good faith—even if they are views with which you sharply disagree. My hope is that much of the conversation will proceed like a free-flowing seminar, and I expect and encourage respectful disagreement in class discussions. Such disagreement will allow us to more thoroughly address the different topics and will result in better learning opportunities.

Because you are assessed on quality, not quantity, I also ask that you also be cognizant of your speaking time. Some students will be especially keen to volunteer, which I appreciate — but sometimes I will stop calling on frequent speakers to get a diversity of voices. I will also call on students at random sometimes, because I do not want a small number of students to do the large majority of the talking. If you find that you are speaking often, please consider making space for others in the room who speak less frequently to have their turn.

Office Hours

My office hours will be Tuesday after class, in the Zoom classroom. I’ll stick around as long as you have questions, until 1PM. If you cannot make that time or want to have a private conversation, please email me to schedule another time. My office hours are subject to change if required.


Discussion, participation, and presence are essential to all law school classes. I ask that each of you please turn on your video whenever possible so we can be as fully engaged as possible while in a remote setting. If you must turn your video off for personal reasons or for bandwidth reasons, please let me know in advance where possible, and please limit it to be the exception rather than the rule. Please note that I am requesting camera usage to aid classroom discussion and presence, not as a way to introduce surveillance into the class; if you have a momentary need to turn off your camera for whatever reason, please do so at your own discretion. If the video is off for an extended period and you do not tell me ahead of time, I may come check on you, not because you’re in trouble, but because I will take that as a sign that something is wrong and I will want to see that you’re ok.


Per University policy, UCLA Student Conduct Code 102.28 says that expectations of privacy apply, and it specifically prohibits recording without the consent of all recorded parties and prohibits taking photographs where there is a reasonable expectation of privacy. In remote teaching, advising, chatting, and other engagement in course activities remotely there is a reasonable expectation that photographing, screen capture, or other copying methods or recordings will not occur without express permission from all participants. A violation subjects a student to the disciplinary process. Do not record your courses, do not take screen shots of your classes, professors, or classmates, and do not release, post, email, text, or otherwise share or sell course materials to others.


UCLA Law strives to provide accommodations in a way that supports students with disabilities while maintaining their anonymity and the fundamental nature of our law program. As such, students needing academic accommodations should not contact their professors directly, but contact Carmina Ocampo, Director of Student Life or the UCLA Center for Accessible Education (CAE) When possible, students should start this process within the first two weeks of the semester, as reasonable notice is needed to coordinate accommodations. 

Resources for Health and Wellness

Students needing assistance with medical or mental health issues, substance abuse, anxiety or depression or other health-related matters should contact the Office for Student Affairs, UCLA Counseling and Psychological Services (CAPS) at 310-825-0768 (Courtney Walters is the counselor regularly assigned to the law school) or the Ashe Student Health & Wellness Center at 310-825-4073.

Structure of the Course

  • Part I: Foundations
    • Constitutional Law
    • Tort Law
    • Consumer Protection
    • Data Protection
  • Part II: The Life Cycle of Data
    • Collection
    • Processing and Use
    • Storage and Security
    • Disclosures and Transfers
  • Part III: Sector-Specific Regulation (specific topics subject to change)
    • National Security
    • Government Data Collection
    • Employment
    • Medical Information
    • Biometric Information and Facial Recognition
  • Part IV: Information, Power, and Inequality


Reading assignments are below. Because this is my first time teaching the course, I am unsure how fast we’ll move through the material, or precisely what we will and will not cover. Accordingly, the list begins with the first two weeks, and reading assignments will be updated here as needed to match our pace. Most of the readings will be from the casebook (CB) or supplement (Supp). The supplement and other readings will be posted in the course OneDrive, along with any other handouts.

The book contains “Practice” problems in many of the sections that are meant to get you thinking about how you might advise a client on the issues presented in that chapter. I suggest that you spend some of your reading time trying to work through them. I cannot promise that we will always discuss them in class, but my intent is to do so with some frequency.

I have scanned the first two weeks of assignments and posted them in the OneDrive to give you time to buy the book. Unfortunately, due to the pandemic, the library is closed and there is no casebook reserve, a fact that surely will impact some of you, but which I can do little about; I’m not sure there’s a way around buying the book, but hopefully you can find it used.

Note: The Berkeley Center on Law and Technology is hosting a symposium on April 15–16 honoring Professor Joel Reidenberg, a pioneer in the privacy law field, who passed away last year. The event was inspired by his most important work, titled Lex Informatica: The Formulation of Information Policy Rules through Technology, which argues that the design of technology can set rules that are as binding as law, and which has been foundational to how lawyers think in law and technology. The symposium’s panels are mostly not about privacy, per se, but they touch on many ideas adjacent to our material, and include prominent scholars and lawyers whose work we will read.

Class will be canceled on April 15, and in lieu of class, I ask that you attend at least one of the panels, but hopefully, you will find it interesting enough to go to more. Please pre-register for the conference at the link above as soon as you can. There will be Q&A available, so I encourage you to ask questions as well. We will discuss what we learned the following Monday in class.

DateAssignment Topic
1/25 (Mon)CB 1; Scott Skinner-Thompson, Privacy at the Margins, Ch. 1 (pdf)

Before you read, try to come up with a defintion of “privacy.” Then as you read, think about all the ways the concept of privacy is used in the chapter, and see if they fit within your definition, and if not, consider how your defintion might change.
Introduction: Why Privacy Matters
1/26 (Tue)CB 88–97; Nissenbaum – Privacy in Context (pdf); Cohen – Configuring the Networked Self. Ch. 6 (pdf)

Heavy reading day, but you can mostly skim. The big ideas are more important than the details for today, and they will help set the stage for the rest of the term.
Introduction: Perspectives on Privacy
1/28 (Thu)CB 3–21Constitutional Law: Fourth Amendment Foundations
2/1 (Mon)Supp. 2–24Constitutional Law: Contemporary Fourth Amendment Challenges
2/2 (Thu)CB 43–66; 715–722Constitutional Law: First Amendment; Substantive Due Process
2/4 (Thu)CB 66–86Other Constitutional Systems