Skip to main content

Susan L. Foster, Ph.D.


[email protected]



Sue is a commercial lawyer with extensive experience advising clients regarding EU privacy regulations as well as life sciences and technology transactions. Sue is based in the UK, and her work is frequently international in nature. Sue is qualified in England & Wales and California, as well as being a Certified Information Privacy Professional/Europe. Start-ups to global companies seek her counsel on European data protection matters. For her life sciences clients, she helps structure large-scale drug development and marketing collaborations, licensing deals, spin-offs, and other agreements involving healthcare IT, consulting, R&D, manufacturing, and distribution arrangements.

Susan is qualified in England and Wales as well as California, and has experience practicing law in both the United States and the United Kingdom. She has been based in Mintz's London office since September 2007, and worked in the United Kingdom for another international law firm from 2001 to 2004. Susan is a Certified Information Privacy Professional/Europe (CIPP/E).

Susan works with clients primarily on European data protection compliance and licensing, collaborations, and commercial matters in the fields of clean tech, high tech, mobile media, and life sciences. She has represented a broad range of clients, from start-up companies to international industry leaders, and has significant experience with cross-border transactions.

Within the life sciences, Susan has assisted biotech, pharmaceutical, diagnostic, and medical device companies with licenses, collaborations, spin-offs, and agreements relating to consulting services, R&D, manufacturing, and distribution.

Within the high-tech and mobile media fields, Susan has advised clients on deals involving the sale and licensing of intellectual property rights; multi-tier distribution arrangements; OEM and value-added reseller arrangements; research, development, and consulting activities; and the provision and outsourcing of technology services. She has assisted mobile media and Internet services clients with service agreements and content licenses, including user-generated content and web-to-mobile deals.

Susan’s clean tech experience includes advising on a joint venture for the development and marketing of electric cars and various agreements relating to the development and sale of fuel cells.

She has spoken on data protection, open source software, European antitrust and technology transfer law, and other intellectual property and technology law issues at a number of webinars and conferences in the United States and the United Kingdom.

During law school, Susan was on the executive board for the Stanford Technology Law Review.


  • Stanford University (JD)
  • Cornell University (PhD)
  • Cornell University (MA)
  • Princeton University (BA)

Recognition & Awards

  • Phi Beta Kappa

Recent Insights

News & Press



Viewpoint General

Brexit and UK-US data transfers: What’s the plan?

March 26, 2019 | Blog | By Susan Foster

Despite the overall political uncertainty about Brexit, worries about a sudden stop to personal data transfers from the UK to the US are misplaced, deal or no deal.  There is, in fact, a plan, and it’s a reasonable, practical plan.
Viewpoint General
Companies based outside of the European Union sometimes find it challenging to determine whether the General Data Protection Regulation (GDPR) applies to them.  And if they finally work out that the GDPR applies, they then have the challenge of finding a local representative as required by Art. 27. 
The European Parliament passed a resolution today strongly criticizing Privacy Shield and recommending that Privacy Shield be suspended as of September 1, 2018, if the US doesn’t shape up by that deadline.  Should US companies that rely on Privacy Shield panic?


May 25, 2018 | Blog | By Cynthia Larose, Susan Foster

If you glance at the “countdown clock” in the left hand sidebar of our blog, you’ll see that it has reached 00:00:00. GDPR Day is here. But, unlike Y2K (for those of you old enough to remember the near-hysteria), 25 May 2018 is only the beginning of the GDPR compliance road and not a “completion date.”

Practical GDPR Steps for US-Headquartered Life Sciences Companies

February 12, 2018 | Blog | By Susan Foster, Cynthia Larose

In case you had not heard, the European Union is replacing its current privacy laws with a new, comprehensive General Data Protection Regulation (GDPR), which takes effect May 25, 2018.

GDPR - European Commission Unveils Guidance Website

January 26, 2018 | Blog | By Susan Foster

The European Commission has launched a new data protection website aimed at educating the public and helping businesses and other organizations comply with their new obligations under the General Data Protection Regulation.
The European Union is replacing its current privacy laws with a new, comprehensive General Data Protection Regulation (GDPR), which takes effect May 25, 2018. The essential principles of the EU’s privacy laws are unchanged, but the new Regulation imposes many new obligations on many more entities – all backed up by fines modeled on European antitrust laws.

Consent under the GDPR: Official Guidance Now Available

December 19, 2017 | Blog | By Susan Foster

One of the most striking changes to EU privacy law under the EU’s General Data Protection Regulation (which goes into effect May 25, 2018) is the very strict approach to user consent.

EU General Data Protection Regulation Webinar Series – Recordings

December 4, 2017 | Blog | By Cynthia Larose, Susan Foster

Since last September, the Mintz Levin Privacy Webinar Series has focused on the upcoming EU General Data Protection Regulation (GDPR) to help businesses understand the reach and scope of the GDPR and prepare for the potentially game-changing privacy regulation.
The Article 29 Working Party (WP29) advisory group, which will soon become the more transparently-named (and very powerful) European Data Protection Board, is busy drafting and issuing guidance documents to help organizations understand how European data protection authorities will interpret various requirements of the General Data Protection Regulation (GDPR). 

News & Press

Member Sue Foster, part of the firm’s Privacy & Cybersecurity group, provides commentary in this feature article discussing the Privacy Shield data transfer mechanism which is facing a new, series test in the form of a second review from U.S. and European officials.
Susan Foster, a Member in the Mintz London office, primarily works with clients on European data protection compliance and licensing in the fields of clean tech, high tech, mobile media, and life sciences.
Mintz advised biotechnology company BeiGene, Ltd. on a collaboration with Celgene Corporation to develop and commercialize BeiGene’s investigational anti-programmed cell death protein 1 inhibitor, BGB-A317.
This Law360 feature article focuses on a draft of Regulation on Privacy and Electronic Communications that would impose stricter privacy rules on electronic communications to tech companies outside the traditional telecom space.

EU watchdogs temporarily green-light Privacy Shield

July 27, 2016 | Compliance Week

Member Susan Foster provides commentary in this Compliance Week article on how the European Union data protection authorities adopted a final version of the EU-U.S. Privacy Shield (WP29).
This article notes that Europe’s privacy regulators are backing the new EU-U.S. Privacy Shield data transfer deal. Authorities, according to the article, qualified that while they still carry some concerns about the framework, they will not challenge the Shield further for at least one year.
Member Susan Foster provides commentary in this article on how though fears of global market fallout resulting from the Brexit vote have largely gone unrealized, companies handling personal data are now facing similar concerns with regards to privacy regulation.
Member Sue Foster, a Certified Information Privacy Professional, provides commentary in this Business Insider article discussing the potential Brexit vote and the potential impact this could have on the European technology industry.
Member Sue Foster provides commentary in this The Hill article on the long-awaited Privacy Shield – a data-sharing deal between the United States and the European Union. The deal would allow tech companies to legally handle European citizens’ data.
Member Susan Foster provides commentary in this article on the Privacy Shield agreement between the United States and the European Union.
Member Susan Foster provides commentary in this article on how the transatlantic data exchange deal stands to be seriously threatened unless the U.S. “overhauls its national security laws.”
Member Susan Foster is quoted in this article on the upcoming deadline for the transatlantic Privacy Shield agreement, which will ensure the viability of data transfers between the U.S. and the European Union.
Member Susan Foster is quoted in this Law360 article on the importance for employers in the European Union to follow their surveillance policies and protocols carefully when monitoring their employees’ online activities.



Who Owns the IP? The Situation in the U.S.

Association of Corporate Counsel

Tel Aviv, Israel