Data Privacy Law

Master data privacy law worldwide. 50 deep dives across 300 lessons covering foundations (theory, fundamental right, torts, PbD, comparative systems), GDPR end-to-end (architecture, lawful bases, data subject rights, DPO, transfers, enforcement, ePrivacy, UK GDPR), US federal (HIPAA, GLBA, FERPA, COPPA, FTC), US state (CCPA/CPRA, CO, VA, CT, UT, TX, WA MHMDA, NY SHIELD), sectoral privacy, biometric privacy (BIPA, CUBI, WA), international (Canada, Brazil, China, India, Japan, Australia), and operations (PIAs/DPIAs, notices, breach response, transfers, PETs, emerging issues).

Start Learning View All Topics
50Topics
300Lessons
8Categories
100%Free

All Topics

50 privacy law topics organized into 8 categories. Each has 6 detailed lessons with statutory frameworks, templates, and case briefs.

Foundations of Data Privacy Law

🔒

Privacy Law Foundations & Theory

Master the foundations of privacy law. Learn the major privacy theories (Warren & Brandeis, Solove's taxonomy, contextual integrity), the four privacy torts, and the conceptual architecture.

6 Lessons

Privacy as a Fundamental Right

Master privacy as a constitutional/human right. Learn the US constitutional privacy framework (4A, penumbra), EU Charter (Articles 7 & 8), ECHR Article 8, and international human rights law.

6 Lessons

Privacy Tort Doctrine (US)

Master the four US privacy torts. Learn intrusion upon seclusion, public disclosure of private facts, false light, and appropriation/right of publicity, with leading cases for each.

6 Lessons
📚

Privacy by Design Legal Framework

Master Privacy by Design as a legal requirement. Learn Cavoukian's 7 principles, GDPR Article 25 obligations, FTC Section 5 application, and operationalizing PbD.

6 Lessons
🌐

Comparative Privacy Systems

Compare global privacy systems. Learn EU comprehensive vs US sectoral vs APAC mixed approaches, the convergence trends, and practical implications for global compliance.

6 Lessons
👨

Data Subject Rights Framework

Master data subject rights across regimes. Learn access, rectification, deletion, portability, restriction, objection, and automated decision rights, with operational implementation patterns.

6 Lessons

GDPR Deep Dive

🇪

GDPR Architecture & Scope

Master GDPR architecture and scope. Learn material/territorial scope, the controller/processor/joint controller framework, definitions of personal/sensitive data, and key exclusions.

6 Lessons
📚

GDPR Lawful Bases for Processing

Master the six GDPR lawful bases. Learn consent (Article 7 strict standards), contract, legal obligation, vital interests, public task, legitimate interests (LIA), and selecting the right basis.

6 Lessons
👨

Data Subject Rights Under GDPR

Master GDPR data subject rights in operational depth. Learn DSAR handling, identity verification, response timelines, fees, exemptions, and the right-to-be-forgotten case law (Google Spain).

6 Lessons
👨

DPO Role & Independence

Master the DPO role under GDPR. Learn when DPO is required (Article 37), independence requirements, conflicts of interest, reporting line, qualifications, and DPO board guidance.

6 Lessons
🌐

International Data Transfers (Schrems II)

Master international data transfers post-Schrems II. Learn adequacy decisions, EU-US Data Privacy Framework, SCCs, BCRs, derogations, transfer impact assessments (TIAs), and supplementary measures.

6 Lessons

GDPR Enforcement & DPAs

Master GDPR enforcement. Learn the major DPAs (CNIL, ICO, DPC, Garante, BfDI), one-stop-shop mechanism, EDPB role, major fines (Meta €1.2B, Amazon €746M), and litigation.

6 Lessons
📱

ePrivacy Regulation/Directive

Master ePrivacy. Learn the current Directive (2002/58/EC) cookie/tracking rules, the long-stalled ePrivacy Regulation, electronic communications confidentiality, and PECR (UK).

6 Lessons
🇬

UK GDPR Post-Brexit

Master UK GDPR post-Brexit. Learn the UK GDPR architecture, Data Protection Act 2018, ICO enforcement, UK adequacy, the Data Protection and Digital Information Bill, and divergence from EU.

6 Lessons

US Federal Privacy

🇺

US Privacy Law Landscape

Map the US privacy landscape. Learn why the US lacks a comprehensive federal privacy law, the sectoral approach, FTC's central role, federal preemption debates, and APRA proposal.

6 Lessons
🩺

HIPAA Deep Dive

Master HIPAA in depth. Learn the Privacy Rule, Security Rule, Breach Notification Rule, BAA requirements, Safe Harbor de-identification, OCR enforcement, and the HITECH Act.

6 Lessons
💵

GLBA & Financial Privacy

Master GLBA financial privacy. Learn the Privacy Rule, Safeguards Rule, Pretexting Rules, scope (financial institutions), CFPB rule on data rights (1033), and FCRA interaction.

6 Lessons
🏫

FERPA & Education Privacy

Master FERPA. Learn the educational records definition, parental/student consent, directory information, school official exception, third-party vendor agreements, and Department of Education guidance.

6 Lessons
👶

COPPA & Children's Privacy

Master COPPA. Learn scope (under 13), verifiable parental consent, notice requirements, retention limits, FTC's COPPA enforcement, the 2013 amendments, and proposed 2024 updates.

6 Lessons

FTC Section 5 & Privacy Enforcement

Master FTC Section 5 privacy enforcement. Learn unfair vs deceptive standards, consent decrees, privacy program orders, the Cambridge Analytica/Facebook order, and recent enforcement priorities.

6 Lessons

US State Privacy Laws

🇺

CCPA/CPRA Deep Dive

Master CCPA/CPRA in depth. Learn scope, consumer rights (know, delete, correct, opt-out, limit sensitive PI), CPPA regulations, ADM rules, risk assessments, and enforcement.

6 Lessons
🇽

Colorado Privacy Act

Master Colorado Privacy Act. Learn scope, consumer rights, sensitive data rules, profiling/targeted advertising opt-out, universal opt-out (Global Privacy Control), DPIA requirements.

6 Lessons
🇽

Virginia CDPA

Master Virginia CDPA. Learn scope, consumer rights, opt-in for sensitive data, controller/processor obligations, AG enforcement (no private right of action), and 30-day cure period.

6 Lessons
🇽

Connecticut & Utah Privacy Laws

Master CT CTDPA and UT UCPA. Learn the differences from CCPA/VA, Connecticut's universal opt-out and youth-related provisions, Utah's narrower scope, and dual-state compliance.

6 Lessons
🇽

Texas TDPSA

Master Texas TDPSA (effective July 2024). Learn scope, consumer rights, sensitive data opt-in, sale of sensitive data restrictions, AG enforcement, and the 30-day cure period.

6 Lessons
🇽

Washington My Health My Data Act

Master WA MHMDA. Learn the broad health data definition (including consumer health data outside HIPAA), opt-in consent requirements, geofencing prohibitions, and private right of action.

6 Lessons
🇽

NY SHIELD Act

Master NY SHIELD Act. Learn the breach notification expansion, data security requirements (administrative, technical, physical safeguards), and AG enforcement under New York law.

6 Lessons
📚

State Privacy Compliance Strategy

Master multi-state privacy strategy. Learn the strictest-state baseline approach, common framework patterns, scope thresholds, universal opt-out implementation, and ongoing monitoring.

6 Lessons

Sectoral Privacy

🩺

Health Privacy Beyond HIPAA

Master health privacy beyond HIPAA. Learn the gaps HIPAA leaves (mobile health, fitness apps, consumer wearables), state health privacy laws (CMIA, MHMDA), and FTC enforcement.

6 Lessons
💵

Financial Privacy Beyond GLBA

Master financial privacy beyond GLBA. Learn FCRA & ECOA privacy provisions, CFPB rules, FTC Red Flags Rule, state financial privacy (NY DFS), and credit card data rules (PCI DSS).

6 Lessons
🏫

Education Privacy Beyond FERPA

Master education privacy beyond FERPA. Learn PPRA (surveys/marketing), state student privacy laws (CA SOPIPA, NY Ed Law 2-D), and ed-tech vendor data agreements.

6 Lessons
📱

Telecom Privacy (CPNI)

Master telecom privacy (CPNI). Learn the FCC CPNI rules, opt-in/opt-out for marketing, breach notification, location-based services, and the 2024 FCC privacy actions.

6 Lessons
🚗

Driver Privacy Protection (DPPA)

Master Driver's Privacy Protection Act (DPPA). Learn the DMV records protection scheme, permitted uses, civil cause of action, and intersection with state DMV privacy.

6 Lessons
📹

Video Privacy (VPPA)

Master Video Privacy Protection Act (VPPA). Learn 'video tape service provider' definitions, the rise of VPPA tracking-pixel litigation, statutory damages, and current cases.

6 Lessons

Biometric Privacy

🔬

BIPA (Illinois) Deep Dive

Master BIPA in operational depth. Learn the Cothron v White Castle decision, statutory damages math, 'biometric identifier/information' definitions, written consent requirements, and major settlements.

6 Lessons
🇽

Texas CUBI

Master Texas CUBI. Learn the consent and destruction requirements, $25K per violation civil penalty, AG-only enforcement, and how CUBI compares to BIPA.

6 Lessons
🇽

Washington HB 1493

Master Washington HB 1493. Learn the consumer notice and consent requirements, scope (commercial purpose), AG-only enforcement, and Washington's biometric privacy approach.

6 Lessons
🇪

EU Biometric Rules (GDPR)

Master EU biometric privacy. Learn GDPR Article 9 special category rules, Article 9(2) lawful bases, EU AI Act biometric prohibitions, and EDPB guidance on biometrics.

6 Lessons

International Privacy

🇨

Canada PIPEDA & CPPA

Master Canadian privacy law. Learn PIPEDA structure, the 10 fair information principles, OPC enforcement, the Consumer Privacy Protection Act (CPPA proposal), and provincial laws (Quebec Law 25, BC, Alberta).

6 Lessons
🇧

Brazil LGPD

Master Brazil LGPD. Learn the 10 lawful bases (more than GDPR's 6), data subject rights, ANPD enforcement, sensitive data rules, international transfers, and major fines.

6 Lessons
🇨

China PIPL

Master China PIPL. Learn the seven lawful bases, data classification (general/sensitive/important), consent requirements, cross-border transfer rules (CAC review/SCC/certification), CAC enforcement.

6 Lessons
🇮

India DPDPA

Master India's Digital Personal Data Protection Act (DPDPA 2023). Learn scope, data fiduciary obligations, data principal rights, consent requirements, DPB enforcement, and the (still pending) Rules.

6 Lessons
🇯

Japan APPI

Master Japan's Act on the Protection of Personal Information (APPI). Learn the 2022 amendments, anonymized vs pseudonymized info, data subject rights, PPC enforcement, and EU adequacy.

6 Lessons
🇦

Australia Privacy Act

Master Australia Privacy Act. Learn the 13 Australian Privacy Principles (APPs), notifiable data breach scheme, OAIC enforcement, the 2024 reform tranches, and AI-specific provisions.

6 Lessons

Privacy Operations & Specialized

📋

Privacy Impact Assessments (PIAs/DPIAs)

Master PIAs and DPIAs. Learn when each is required, the standard PIA/DPIA template, stakeholder consultation, mitigations documentation, and integration into the SDLC.

6 Lessons
📝

Privacy Notice Drafting

Master privacy notice drafting. Learn the multi-jurisdictional notice requirements, layered notice approach, just-in-time notices, and the dark patterns prohibitions to avoid.

6 Lessons

Data Breach Response

Master data breach response. Learn incident response runbooks, multi-jurisdictional notification timelines, regulator notification (GDPR 72-hour, state laws), and class action defense.

6 Lessons
🌐

Cross-Border Transfer Mechanisms

Master cross-border transfer mechanisms. Compare GDPR (adequacy/SCCs/BCRs), UK IDTA, Brazil LGPD transfers, China CAC review, and the practical multi-mechanism approach for global data flows.

6 Lessons

Privacy Engineering & PETs

Master privacy engineering. Learn privacy-enhancing technologies (DP, federated learning, secure multi-party computation, homomorphic encryption, ZKPs, anonymization) and operational deployment.

6 Lessons
🔮

Emerging Privacy Issues

Engage with emerging privacy issues. Learn AI training data privacy, neurotech privacy (brain data), Web3/blockchain privacy, IoT privacy, location data, and privacy in the metaverse.

6 Lessons

Why a Data Privacy Law Track?

Privacy law is the most fragmented and fastest-evolving practice area globally. This track gives you a single comprehensive map.

🇪

Foundations + GDPR

14 deep dives: privacy theory (Warren & Brandeis, Solove, Nissenbaum), fundamental right, privacy torts, PbD, comparative systems, data subject rights; GDPR end-to-end (architecture, lawful bases, DSR, DPO, transfers, enforcement, ePrivacy, UK GDPR).

🇺

US Federal + State

14 deep dives: US sectoral landscape (HIPAA, GLBA, FERPA, COPPA, FTC Section 5); US state laws (CCPA/CPRA, CO, VA, CT, UT, TX, WA MHMDA, NY SHIELD, multi-state strategy).

🩺

Sectoral + Biometric + International

16 deep dives: sectoral privacy (health, financial, education, telecom, driver, video); biometric (BIPA, CUBI, WA, EU); international (Canada, Brazil LGPD, China PIPL, India DPDPA, Japan APPI, Australia).

Privacy Operations

6 deep dives: PIAs/DPIAs, privacy notice drafting, data breach response, cross-border transfer mechanisms, privacy engineering & PETs, emerging issues (AI training data, neurotech, Web3, IoT, metaverse).