The GDPR - It Came, We Saw, But Did It Conquer?

2.0 Law & Legal and 3.5 Other CLE Credits | WSBA Activity ID #1103255

Hear from top privacy professionals on topics relating to the future of privacy laws, the GDPR’s impact on startups, the perfect privacy policy, and the ways in which the United Kingdom is working with U.S. regulators on the EU-US Privacy Shield.

GDPR 2019 Photo


Recorded:  02/01/2019
Credits:  2.0 Law & Legal and 3.5 Other CLE | WSBA Activity ID #1103255
Length: 5 hours, 40 minutes

Featured Speakers:
Alex Alben, Hannah McCausland, Steve Tapia

Seattle University Law Review and Seattle University School of Law Continuing Legal Education are pleased to present a cutting edge symposium on the impact of the GDPR on the law, technology services, cybersecurity, and data privacy in the United States of America.

Featured speakers:

Alex Alben, Chief Privacy Officer of Washington State

Hannah McCausland, United Kingdom Information Commissioner's Office

The conference will also feature speakers from Google, Microsoft, Allen Institute's AI2 Team, Yale Law School, Georgetown Law School, local startups, and Seattle's top privacy and data security firms.

Topics to be covered will include:

  • Regulating the GDPR: Perspectives from the United Kingdom
  • Privacy and Democracy
  • Advising Clients in a Rapidly Evolving Area of Law: GDPR, CCPA, and Beyond
  • Survival of the Fittest: Startups in the Age of the GDPR
  • Privacy Policies in Practice: What You Need to Know
  • The Future of Privacy: Where Do We Go from Here?
GDPR 2019 Photo


8:30 - 9:00 a.m.

Registration and Breakfast

9:00 - 9:15 a.m.

Welcome and Introductions


Professor Steve Tapia, Seattle University School of Law

9:15 - 10:30 a.m.

Session 1 -  Regulating the GDPR: Perspectives from the United Kingdom

  • Priorities of the U.K. Information Commissioner's Office
  • The expanded territorial scope of the GDPR and its impacts on U.S. companies
  • How the ICO works with the European Data Protection Board and their individual European counterparts on cross-border matters to ensure consistency in application of the GDPR
  • The ICO's work with U.S. regulatory counterparts on the EU-US Privacy Shield 

Hannah McCausland, Group Manager - International, U.K. Information Commissioner's Officer

10:30 -10:45 a.m.


10:45-11:45 a.m.

Session 2 - Privacy and Democracy

  • Free Speech and Association
  • The pressure on privacy
  • Improved governance models for corporate technology platforms
  • Consequences of privacy breaches on big corporate platforms

Alex Alben, Chief Privacy Officer of Washington State

11:45 a.m. - 1:00 p.m.


1:00 - 1:45 p.m.

Session 3 - Advising Clients in a Rapidly Evolving Area of Law: GDPR, CCPA, and Beyond

  • The GDPR and ePrivacy Regulation's impact on lead generation and marketing
  • How to handle controllers and processors with significant negotiating power
  • GDPR v. California Consumer Privacy Act: gaps and overlaps

David Rice, Partner, Miller Nash Graham & Dunn

Brian Sniffen, Partner, Miller Nash Graham & Dunn

1:45 - 2:45 p.m.

Session 4 - Startups in the Age of the GDPR: Survival of the Fittest


Professor Steve Tapia, , Seattle University School of Law


Hillery Nye, General Counsel, Zipwhip

  • The top five mistakes made by startups

Susy Mendoza, Director of Privacy and Technology Counsel, Lululemon

  • The people and resources required to facilitate GDPR compliance

Jennifer Dumas, Senior Legal Counsel, Allen Institute for Artificial Intelligence (AI2)

  • Assessing the GDPR preparation: Was it worth it?
  • The negative impacts of the GDPR's resulting restrictions
  • Understanding your industry

2:45 - 3:00 p.m.


3:00-3:30 p.m.

Session 5 - Privacy Policies in Practice: What You Need to Know

  • The unrealistic burden privacy policies place on consumers
  • Necessary policy elements
  • Important stylistic and design decisions
  • Prioritizing compliance obligations

Mike Hintze, Partner, Hintze Law PLLC

3:30 - 4:30 p.m.

Session 6 - The Future of Privacy: Where Do We Go from Here?


Professor Steve Tapia


Tiffany Li, Technology lawyer & scholar, Postdoctoral Fellow at Yale Law School's Information Society Project

  • The GDPR right to explanation and applicability to U.S. law.

Lindsey Barrett, Staff Attorney and Teaching Fellow, Communications & Technology Clinic, Institute for Public Representation

  • An information fiduciary approach to privacy regulation - why it fits America's philosophy of privacy better than the GDPR

Dr. Tracy Ann Kosa, Senior Programs Manager, Google

  • Enterprises, processors and custodians - oh my! 

Ed Britan, Senior Attorney at Microsoft, Privacy and Regulatory Affairs

  • A recommended approach to a consumer privacy framework

4:30 - 4:45 p.m.

Closing Remarks, Evaluations and Adjournment


Professor Steve Tapia, Seattle University School of Law

Leila Javanshir, Symposium Chair, Seattle University Law Review

5:00 - 7:00 p.m.


GDPR 2019 Photo



Steve Tapia

Steve Tapia has practiced entertainment, media and intellectual property law for over 30 years. As in-house counsel for DIRECTV Sports Networks, he was the primary contract negotiator and rights manager for sports programming and distribution partnerships with the Seattle Mariners, Seattle Sounders, Portland Timbers, Big Sky Conference, Mountain West Conference and many other teams and conferences. Before joining DIRECTV, he was a Senior Attorney in Microsoft's Law and Corporate Affairs department. His assignments included leading Microsoft's Copyright And Trade Secret Practice Group, and advising on Microsoft's open source licensing strategies and policies. He also was the primary counsel for MSN, MSNBC, Slate, and Microsoft's corporate marketing and advertising operations. In addition to legal positions, he also led Microsoft's business development teams for ebooks and entertainment. Prior to joining Microsoft, Professor Tapia was in-house counsel for HBO (specializing in motion picture and television production) and also KCET (Los Angeles' PBS station). He began his legal career as an intellectual property and media law litigator at Loeb and Loeb, Los Angeles. He frequently speaks on copyright law, social networking, online advertising issues, media law, first amendment issues and digital downloads of entertainment content.

He is admitted to practice before the U.S. Districts Courts for the Northern, Eastern, Central and Southern Districts of California and the U.S. Court of Appeals for the Ninth Circuit. He is a member of the California State Bar. He is a former President of the Yale Club of Southern California. He served on the Board of Trustees of the Seattle Symphony Orchestra from 2006-2009, Interim Music Director of Faith Lutheran Church (Redmond, WA) and is a professional musician.


Alex Alben

Alex Alben is Washington State's first Chief Privacy Officer, an office created by the state legislature in March of 2015. He coordinates privacy and data policy for the state and consults with the Governor and Legislature on technology issues impacting citizen privacy.

As a technology executive, Alex helped launch and, and served for six years in senior management at RealNetworks. At the outset of his career, Alben served as a researcher for CBS News covering the 1980 Presidential campaign and went on to work for Mike Wallace at CBS Reports. In the 1990's, Alben worked as an entertainment lawyer for Orion Pictures and Warner Bros. He was a candidate for the U.S. Congress from Washington State's 8th Congressional District in 2004.

A graduate of Stanford University and Stanford Law School, Alben writes for The Seattle Times and other publications on the intersection of media, technology and politics. He is the author of Analog Days-How Technology Rewrote Our Future.

As one of at least six Chief Privacy Officers in the country, Alex has initiated state-wide programs for enhanced privacy training, consumer education and "Privacy Modeling." In March of 2017, Gov Tech Magazine named him one of the country's top "Doers, Dreamers and Drivers" in state government. 

Lindsey Barrett

Lindsey Barrett is a Staff Attorney and Teaching Fellow in the Communications & Technology Clinic at the Institute for Public Representation. Before joining IPR, she was the Georgetown Policy Fellow at Future of Privacy Forum, where she worked closely with the Student Data Privacy Project. Previously, Lindsey served as a Research Assistant for the Georgetown Center on Privacy and Technology, and worked for Facebook's Privacy & Public Policy group, the Senior Advisor for Privacy at the Office of Management and Budget, the Department of Justice, FPF and and the Electronic Privacy Information Center. Her work has been published in the Santa Clara High Technology Law Journal, the NYU Review of Law & Social Change, the Georgetown Law Journal, and the Georgetown Law Technology Review, of which she was the Managing Editor and co-founder. She received her B.A. from Duke with honors, and her law degree from Georgetown.

Ed Britan

Ed Britan is a global privacy and data protection subject matter expert. He provides counsel and advocacy on a range of legal, legislative and public policy issues.  Ed has provided extensive advice and counsel on the EU General Data Protection Regulation, U.S. privacy law and legislative developments, including with respect to the California Consumer Privacy Act of 2018, and comprehensive data protection laws that have been introduced and/or passed around the world. Most recently Ed has been particularly focused on legal and policy developments in the U.S., including within the federal agencies (NTIA, NIST and FTC) and Congress, as well as in China, India, Brazil and Russia.

Ed works closely with Microsoft business and product attorneys to form the company's internal data protection policies and outward-facing positions with respect to the collection and use of personal data. Prior to joining Microsoft in 2014, Ed worked for seven years as an attorney in the Washington D.C. office of Alston & Bird, where he worked on a range of legislative and regulatory issues. 

Jennifer Dumas

Jennifer Dumas is Senior Legal Counsel at the Allen Institute for Artificial Intelligence. Ms. Dumas is the executive leader in charge of all legal affairs at AI2 and brings nearly twenty years of solving complex legal issues for high growth, disruptive companies to her role as AI2's principal legal advisor. Prior to that, she was the Vice President of Legal at Chef Software Inc., where she was the chief legal advisor from Chef's first commercial deal through seven years of exponential growth. Ms. Dumas began her career in the New York office of Paul, Weiss, Rifkind, Wharton & Garrison and still has difficulty falling asleep without horns and sirens outside her window.

Mike Hintze

Mike Hintze is a partner at Hintze Law PLLC and a recognized leader in privacy and data protection law, policy, and strategy. He advises a wide range of companies, industry associations, and other organizations - from startups to largest global technology companies. With more than 20 years of experience in privacy and data protection, Mike emphasizes pragmatic and actionable advice that enables his clients to meet their objectives while complying with the law and managing risk.

Mike also teaches privacy law at the University of Washington School of Law, is a Senior Fellow with the Future of Privacy Forum, serves as an adviser to the American Law Institute's project on Information Privacy Principles, and has served on multiple advisory boards for the International Association of Privacy Professionals and other organizations. Mike has testified before Congress, state legislatures, and European regulators; and he is a sought-after speaker and regular writer on data protection issues.

Mike was previously Chief Privacy Counsel at Microsoft, where, for over 18 years, he counselled on data protection compliance globally, and helped lead the company's strategic initiatives on privacy differentiation and public policy. Prior to joining Microsoft, he was an associate with Steptoe & Johnson LLP, which he joined following a judicial clerkship with the Washington State Supreme Court. Mike is a graduate of the University of Washington and the Columbia University School of Law.

Tracy Kosa

Dr. Tracy Ann Kosa is currently teaching privacy at Seattle University, conducting research at Stanford University, working in security at Google and serving as the Ombudsman for the AI Ethics Board for Axon. Kosa has previously held a number of privacy leadership roles at Microsoft, the Government of Ontario and related tech agencies, where she has helped multiple departments and teams pioneer measurement and assessment programs across the organizations as key components of corporate-wide privacy functions.

Kosa has been active in technology ethics, privacy, and user trust across healthcare, education, finance and the law enforcement sector for 20 years. She specializes in interdisciplinary approaches developing models, systems and processes to capture human values for computational purposes. She has specialized in privacy programs, technical solution design, privacy product development, incident response and breach notification with a focus on automation.

Kosa has been awarded degrees in computer science (Ph.D.), ethics (MA), public policy (MA) and political science (Hons.BA).

Tiffany Li

Tiffany C. Li is a technology attorney and legal scholar. She is a Postdoctoral Fellow at Yale Law School's Information Society Project, where she leads the Wikimedia/Yale Law School Initiative on Intermediaries and Information. She is a popular expert on law and policy at the forefront of new technological innovations.

Previously, Li was in-house counsel for General Assembly, a global technology education company. She has also held legal positions at the Wikimedia Foundation, Amazon,, the Federal Communications Commission, and the U.S. Department of State. Li is a licensed attorney in California, New York (pending), and New Jersey (pending). She holds CIPP/US, CIPP/E, CIPT, and CIPM certifications from the International Association of Privacy Professionals (IAPP). She is also a Women Leading Privacy Advisory Board Member for the IAPP.

Hannah McCausland

Hannah McCausland leads the International Group at the UK Information Commissioner's Office (ICO). The ICO's International Engagement function acts as the gateway to other data protection and privacy authorities on international matters, ensuring effective representation of the ICO's interests on the global stage.

Hannah is involved in the work of the EU European Data Protection Board, advising the Commissioner and Deputy Commissioners on the international positioning of the ICO and has played a key role over the past six years in the ICO's strategy on navigating the EU's data protection framework reform. Hannah has also played a major role at global level in advancing the practical tools that data protection and privacy regulators can use for enforcement cooperation.

Prior to the ICO, Hannah has worked in both Brussels and Amsterdam for almost 10 years on international data protection regulation in the media and research sectors.

Hannah holds degrees from the London School of Economics and Political Science

Susy Mendoza

Susy Mendoza began her in-house career at Nordstrom as a generalist, learning the ropes by supporting supply chain, brand divisions, e-commerce and social media. Eventually focusing her practice on technology and digital, her day-to-day includes various contract negotiations, building and managing a global privacy program, and educating business partners on standard marketing pitfalls. She is currently the Director of Privacy and Technology Counsel at Lululemon. 

Hillery Nye

Hillery Nye is an intellectual property and corporate transactions attorney with 25 years of experience representing a range of technology companies, from large institutional clients (e.g., Microsoft,, Intel, Paramount Pictures Digital and T-mobile) to start-ups and emerging companies (e.g., Glympse, Corkz, Blue Box, Yapta). Ms. Nye currently serves as General Counsel for Zipwhip, Inc. and teaches privacy law as an adjunct professor at Seattle University School of law.

David Rice

David Rice is a partner with Miller Nash Graham & Dunn LLP who advises a wide range of clients on data security, data privacy and IT/cloud infrastructure issues. He assists clients with data incident response, data security audits, issues involving new laws such as the EU's General Data Protection Regulation (GDPR) and California Consumer Privacy Act, privacy policies, privacy by design, employee training, simulated data incident exercises, and vendor contracting involving data security issues. David also negotiates a wide range of technology contracts, including agreements involving data centers, collocation, SaaS/cloud services, and networking. He has worked on transactions in over 35 different countries in North America, South America, Africa, Europe, and Asia.

David is CIPP-US certified by the International Association of Privacy Professionals. He has over twenty years of experience working with clients on data privacy and security related matters.

Brian Sniffen

Brian Sniffen is a partner on Miller Nash Graham & Dunn's business and intellectual property practice teams. Brian has assisted clients with a wide range of business and litigation matters. He now focuses his practice on helping clients manage and enforce valuable intellectual property rights and assisting clients-large and small-with the data-privacy and data-security aspects of their business. He also provides regular guidance on contract matters, reviewing and drafting a wide variety of contracts for clients.

In the privacy realm, Brian evaluates clients' existing practices and the applicability of various laws, regulations and rules, including the EU's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act. He regularly helps draft privacy policies and data-security policies, negotiate vendor agreements, and responds to data-security incidents.

GDPR 2019 Photo


General Registration - $165

Seattle University School of Law Alumni Registration - $140

Cancellation Policy: All sales of On Demand AV CLEs are final. No cancellations or refunds will be made