Susan L. Foster, Ph.D.

Member

[email protected]

+44.20.3868.6416

Follow:
Share:

Sue is a commercial lawyer with extensive experience advising clients regarding EU privacy regulations as well as life sciences and technology transactions. Sue is based in the UK, and her work is frequently international in nature. Sue is qualified in England & Wales and California, as well as being a Certified Information Privacy Professional/Europe. Start-ups to global companies seek her counsel on European data protection matters. For her life sciences clients, she helps structure large-scale drug development and marketing collaborations, licensing deals, spin-offs, and other agreements involving healthcare IT, consulting, R&D, manufacturing, and distribution arrangements.

Susan is qualified in England and Wales as well as California, and has experience practicing law in both the United States and the United Kingdom. She has been based in Mintz's London office since September 2007, and worked in the United Kingdom for another international law firm from 2001 to 2004. Susan is a Certified Information Privacy Professional/Europe (CIPP/E).

Susan works with clients primarily on European data protection compliance and licensing, collaborations, and commercial matters in the fields of clean tech, high tech, mobile media, and life sciences. She has represented a broad range of clients, from start-up companies to international industry leaders, and has significant experience with cross-border transactions.

Within the life sciences, Susan has assisted biotech, pharmaceutical, diagnostic, and medical device companies with licenses, collaborations, spin-offs, and agreements relating to consulting services, R&D, manufacturing, and distribution.

Within the high-tech and mobile media fields, Susan has advised clients on deals involving the sale and licensing of intellectual property rights; multi-tier distribution arrangements; OEM and value-added reseller arrangements; research, development, and consulting activities; and the provision and outsourcing of technology services. She has assisted mobile media and Internet services clients with service agreements and content licenses, including user-generated content and web-to-mobile deals.

Susan’s clean tech experience includes advising on a joint venture for the development and marketing of electric cars and various agreements relating to the development and sale of fuel cells.

She has spoken on data protection, open source software, European antitrust and technology transfer law, and other intellectual property and technology law issues at a number of webinars and conferences in the United States and the United Kingdom.

During law school, Susan was on the executive board for the Stanford Technology Law Review.

Education

  • Stanford University (JD)
  • Cornell University (PhD)
  • Cornell University (MA)
  • Princeton University (BA)

Recognition & Awards

  • Phi Beta Kappa

Contact

Offices

Admissions

  • California
  • Solicitor, England & Wales

Related Practices

Related Industries

Recent Insights

Practice Hero Privacy Cybersecurity Mintz

Privacy Shield Invalidated by Top EU Court; Standard Contractual Clauses Upheld (But There Are Still Major Challenges Ahead)

July 16, 2020 |Blog

Privacy & Thumbnail Viewpoints Thumbnail

Do you transfer personal data from the EU to the US? Important Decision due July 16

July 8, 2020 |Blog

Privacy & Thumbnail Viewpoints Thumbnail

New Feature: Mintz Privacy Professionals in the News

April 14, 2020 |Blog

News Thumbnail

COVID-19: Top Tips From Regulators on Cybersecurity

In an article published by Lexology, Mintz Member Susan L. Foster was quoted on how companies should assess their cybersecurity risk with the global increase in telework to slow the spread of COVID-19.
News Thumbnail

COVID-19 and GDPR Obligations for Companies

Mintz Member Susan L. Foster was quoted in an article published by Lexology on General Data Protection Regulation (GDPR) obligations for companies, particularly with respect to ongoing investigations or enforcement actions, as well as requirements for data sharing with other European Union data protection authorities during the coronavirus (COVID-19) pandemic.
Press Release Thumbnail

Mintz Recognized by Chambers USA 2019

Webinar Reference Image

Privacy Shield Shattered & the SCCs in Peril: Understanding the Schrems II Decision (and What to Do Next)

Webinar Reference Image

Coronavirus (COVID-19): Managing the Privacy & Cybersecurity Risks

California Consumer Privacy Act: Is the CCPA Really “GDPR-Lite”?

View All Insights

Viewpoints

Practice Hero Privacy Cybersecurity Mintz

Privacy Shield Invalidated by Top EU Court; Standard Contractual Clauses Upheld (But There Are Still Major Challenges Ahead)

July 16, 2020 | Blog | By Susan Foster

Organizations that transfer personal data from the European Union on the basis of the EU Commission-approved Standard Contractual Clauses (SCCs) may be breathing a sigh of relief on hearing that the SCCs have been upheld by the EU’s top court, the Court of Justice of the European Union in its decision in the Schrems II case.   However, the 5,378 US organizations that have certified to Privacy Shield will be deeply disappointed that the Court has invalidated Privacy Shield with immediate effect, just as it did Safe Harbor in 2015. 
Read more
Privacy & Thumbnail Viewpoints Thumbnail

Do you transfer personal data from the EU to the US? Important Decision due July 16

July 8, 2020 | Blog | By Susan Foster

Does your organization transfer personal data from the European Union to the US?  If so, keep an eye out for a key decision on July 16 from the EU’s top court, the Court of Justice of the European Union.  The Schrems II case presents a challenge to the validity of the Standard Contractual Clauses, EU Commission-approved contracts that are widely used to satisfy the GDPR’s requirements for exporting personal data from the EU to other countries. 
Read more
Privacy & Thumbnail Viewpoints Thumbnail

New Feature: Mintz Privacy Professionals in the News

April 14, 2020 | Blog | By Cynthia Larose

The Mintz Privacy team has been tracking privacy issues related to COVID-19. We have been featured in various publications talking about cybersecurity risks, GDPR regulations, the California Consumer Privacy Act, and more.
Read more
Privacy & Thumbnail Viewpoints Thumbnail

Coronavirus and Data Protection in the Workplace: The EDPB provides key guidance for companies with employees in Europe

March 23, 2020 | Blog | By Susan Foster

Companies with employees in multiple European locations may well be feeling challenged both in keeping up with public health-driven guidance – and more recently, mandates – relating to the SARS-COV2 risks in the workplace.  On top of extraordinarily urgent efforts to limit the spread of the novel coronavirus while maintaining as much business continuity as possible, companies have legitimate concerns about their data protection obligations under the General Data Protection Regulation (GDPR) and national employment laws.
Read more
Privacy & Thumbnail Viewpoints Thumbnail

Brexit Transition Period: Guidance from Information Commissioner’s Office

February 3, 2020 | Blog | By Susan Foster

Some US companies who do business in the UK are wondering whether they need to update their GDPR notices or take other steps now that the UK has officially left the European Union.  The answer is: Not yet.  The threat of a “Hard Brexit” with immediate changes to UK laws has passed.
Read more
Viewpoint Thumbnail

Revised Guidelines on the Territorial Scope of the GDPR and Local Representatives

December 2, 2019 | Blog | By Susan Foster

The European Data Protection Board (EDPB) recently published an updated version of its guidelines on the territorial scope of the GDPR, which were initially issued just over a year ago.  The revised Guidelines do not significantly change the EDPB’s essential framework for determining whether or not the GDPR applies to a given data processing activity.  The revised Guidelines do provide a few additional (and reasonably useful) examples as well clarifying a few points that were a bit hazy in the original formulation of the EDPB’s framework. 
Read more
Viewpoint Thumbnail

Brexit and UK-US data transfers: What’s the plan?

March 26, 2019 | Blog | By Susan Foster

Despite the overall political uncertainty about Brexit, worries about a sudden stop to personal data transfers from the UK to the US are misplaced, deal or no deal.  There is, in fact, a plan, and it’s a reasonable, practical plan.
Read more
Viewpoint Thumbnail

That Local Representative Problem . . . and the New Guidelines on the Territorial Scope of the GDPR (Part I)

November 29, 2018 | Blog | By Susan Foster

Companies based outside of the European Union sometimes find it challenging to determine whether the General Data Protection Regulation (GDPR) applies to them.  And if they finally work out that the GDPR applies, they then have the challenge of finding a local representative as required by Art. 27. 
Read more
Viewpoint Thumbnail

European Parliament Sets a Deadline for Reforming Privacy Shield – But Don’t Panic (Yet)

July 5, 2018 | Blog | By Susan Foster

The European Parliament passed a resolution today strongly criticizing Privacy Shield and recommending that Privacy Shield be suspended as of September 1, 2018, if the US doesn’t shape up by that deadline.  Should US companies that rely on Privacy Shield panic?
Read more

HAPPY GDPR DAY!!

May 25, 2018 | Blog | By Cynthia Larose, Susan Foster

If you glance at the “countdown clock” in the left hand sidebar of our blog, you’ll see that it has reached 00:00:00. GDPR Day is here. But, unlike Y2K (for those of you old enough to remember the near-hysteria), 25 May 2018 is only the beginning of the GDPR compliance road and not a “completion date.”
Read more

News & Press

News Thumbnail

COVID-19: Top Tips From Regulators on Cybersecurity

April 9, 2020

In an article published by Lexology, Mintz Member Susan L. Foster was quoted on how companies should assess their cybersecurity risk with the global increase in telework to slow the spread of COVID-19.
News Thumbnail

COVID-19 and GDPR Obligations for Companies

April 6, 2020

Mintz Member Susan L. Foster was quoted in an article published by Lexology on General Data Protection Regulation (GDPR) obligations for companies, particularly with respect to ongoing investigations or enforcement actions, as well as requirements for data sharing with other European Union data protection authorities during the coronavirus (COVID-19) pandemic.
Press Release Thumbnail

Mintz Recognized by Chambers USA 2019

April 26, 2019

Thirteen Mintz Attorneys Named Washington, D.C. Super Lawyers and Rising Stars

April 23, 2019

What To Watch As Privacy Shield Data Pact Scrutiny Heats Up

August 22, 2018

Member Sue Foster, part of the firm’s Privacy & Cybersecurity group, provides commentary in this feature article discussing the Privacy Shield data transfer mechanism which is facing a new, series test in the form of a second review from U.S. and European officials.

Is Trump Doing Enough To Keep This Major Privacy Agreement Alive?

October 23, 2017

Susan Foster, a Member in the Mintz London office, primarily works with clients on European data protection compliance and licensing in the fields of clean tech, high tech, mobile media, and life sciences.
Press Release Thumbnail

Mintz Advises BeiGene, LTD. in Strategic Collaboration with Celgene Corporation

July 27, 2017

Mintz advised biotechnology company BeiGene, Ltd. on a collaboration with Celgene Corporation to develop and commercialize BeiGene’s investigational anti-programmed cell death protein 1 inhibitor, BGB-A317.

EU's New E-Privacy Rules Expand Its Authority Over Tech Cos.

January 10, 2017

This Law360 feature article focuses on a draft of Regulation on Privacy and Electronic Communications that would impose stricter privacy rules on electronic communications to tech companies outside the traditional telecom space.

EU watchdogs temporarily green-light Privacy Shield

July 27, 2016

Member Susan Foster provides commentary in this Compliance Week article on how the European Union data protection authorities adopted a final version of the EU-U.S. Privacy Shield (WP29).

EU Officials OK 'Privacy Shield' Data Transfer Pact For Now

July 26, 2016

This article notes that Europe’s privacy regulators are backing the new EU-U.S. Privacy Shield data transfer deal. Authorities, according to the article, qualified that while they still carry some concerns about the framework, they will not challenge the Shield further for at least one year.

Brexit fallout spreads to privacy

July 3, 2016

Member Susan Foster provides commentary in this article on how though fears of global market fallout resulting from the Brexit vote have largely gone unrealized, companies handling personal data are now facing similar concerns with regards to privacy regulation.

Brexit could have a devastating effect on the UK tech industry

June 3, 2016

Member Sue Foster, a Certified Information Privacy Professional, provides commentary in this Business Insider article discussing the potential Brexit vote and the potential impact this could have on the European technology industry.

Companies Await Fate of Data Sharing Deal

April 25, 2016

Member Sue Foster provides commentary in this The Hill article on the long-awaited Privacy Shield – a data-sharing deal between the United States and the European Union. The deal would allow tech companies to legally handle European citizens’ data.

US, EU Face Blowback on Data Deal

February 29, 2016

Member Susan Foster provides commentary in this article on the Privacy Shield agreement between the United States and the European Union.

Distrust of US Surveillance Threatens Data Deal

February 7, 2016

Member Susan Foster provides commentary in this article on how the transatlantic data exchange deal stands to be seriously threatened unless the U.S. “overhauls its national security laws.”

Tuesday Deadline Looms over US-EU Privacy Pact

January 29, 2016

Member Susan Foster is quoted in this article on the upcoming deadline for the transatlantic Privacy Shield agreement, which will ensure the viability of data transfers between the U.S. and the European Union.

EU Court Draws Fine Line for Employee Monitoring Programs

January 15, 2016

Member Susan Foster is quoted in this Law360 article on the importance for employers in the European Union to follow their surveillance policies and protocols carefully when monitoring their employees’ online activities.

Mintz’s Susan L. Foster, PhD Receives Prestigious European Information Privacy Professional Certification

September 03, 2013

Events

Speaker
Jul
20
2020

Privacy Shield Shattered & the SCCs in Peril: Understanding the Schrems II Decision (and What to Do Next)

View the Webinar Recording

Webinar Reference Image
Speaker
Mar
30
2020

Coronavirus (COVID-19): Managing the Privacy & Cybersecurity Risks

View the Webinar Recording

Webinar Reference Image
Speaker
Mar
27
2019

California Consumer Privacy Act: Is the CCPA Really “GDPR-Lite”?

Webinar

Speaker
Mar
14
2018

EU Data Protection GDPR for Life Sciences

Webinar

Speaker
Jan
19
2018

EU Data Protection GDPR Roadshow San Diego

Mintz Levin

San Diego, CA

Speaker
Jan
17
2018

EU Data Protection GDPR Roadshow San Francisco

Mintz Levin

San Francisco, CA

Speaker
Nov
30
2017

EU Data Protection GDPR Roadshow Washington, DC

Mintz Levin

Washington, DC

Speaker
Nov
29
2017

EU Data Protection GDPR Roadshow New York

Mintz Levin

New York, NY

Panelist
Nov
28
2017

EU Data Protection GDPR Roadshow Boston

Mintz Levin

Boston, MA

Speaker
Nov
16
2017

Getting Your Contracts Ready for GDPR

Webinar

Speaker
Oct
5
2017

Handling Human Resources Data Under Privacy Shield and the GDPR

Webinar

Speaker
Feb
16
2017

Access, Correction, and Erasure: How to Minimize the Burden

Webinar

Speaker
Jan
12
2017

Transferring Data from the EU

Webinar

Speaker
Dec
15
2016

Data Protection Officers: Do You Need One?

Webinar

Panelist
Dec
9
2016

AHLA’s Institute for Health Plan Counsel

AHLA

Speaker
Nov
10
2016

Good-bye to the Cure-all: The New Rules on Consent

Webinar

Oct
13
2016

Accountability, Data Security, Data Impact Assessments and Breach Notification Requirements

Webinar

Speaker
Sep
14
2016

One-Stop Shopping Mall? The New Regulatory Structure

Webinar

Speaker
May
8
2016

Who Owns the IP? The Situation in the U.S.

Association of Corporate Counsel

Tel Aviv, Israel

Speaker
Apr
14
2016

Privacy Shield: The Real Deal or Back to the Drawing Board?

Webinar

Speaker
Dec
22
2015

Getting to Grips with the New EU General Data Protection Regulation

Webinar

Speaker
Oct
7
2015

EU-US Safe Harbor Program and the Court of Justice of the EU’s Decision — Protect Your Business!

Webinar

Speaker
Apr
29
2015

Compliance with EU Data Protection for US Companies

Mintz Levin

Webinar