Postgraduate Course: EU Data Protection Law (LAWS11384)
|School||School of Law
||College||College of Humanities and Social Science
|Credit level (Normal year taken)||SCQF Level 11 (Postgraduate)
|Course type||Online Distance Learning
||Availability||Not available to visiting students
|Summary||This course introduces students to the new EU data protection regime as set out in the Regulation on the protection of individuals with regard to the processing of personal data and the free movement of such data (General Data Protection Regulation). It begins with giving the students an overview of the terminology and underlying principles of data protection. It then addresses specific areas and requirements for data controllers and processors subject to the new EU regime, including legal grounds for lawful processing of personal data, the data protection principles, tights of the data subject (including the right to be forgotten and the right to subject access), and the legal framework governing cross-border data transfers. It will consider the challenges of enforcement at the national, regional and global level, with a particular focus on the processing of personal data in the online environment. Specific contemporary challenges for data protection like cloud computing, data collection through smart devices and the Internet of Things, and Big Data will also be addressed.
The aims and objectives of this course are to:
1. Give an introduction to the history of EU data protection law
2. Provide an overview of the basic principles of data protection law in an European and international context.
3. Explore the rights of data subjects and how they have developed over time and in response to technological evolution
4. Discuss the data protection issues arising when personal data is exported to third countries.
5. Examine the special rules that apply to electronic communications
Session 1: Introduction to the EU data protection framework: provides an overview of historical developments in EU data protection law and an introduction to the structure of the new regime.
Session 2: The General Data Protection Regulation: Scope and key defined terms: discusses the material and territorial scope of the GDPR and the main definitions, including data controller, data processor, data subject, etc.
Session 3: What is 'personal data'?: discusses EU and UK approaches to the concept and nature of personal data and sensitive personal data in an offline and online environment (including anonymisation, pseudonymisation, and the nature of online identifiers)
Session 4: Data protection principles I: discusses the first data protection principle ('fair and lawful processing'), focusing on the legal grounds for data processing (consent, legitimate interest and other commercial and public policy grounds)
Session 5: Data protection principles II: discusses the value of the remaining data protection principles (purpose limitation, data minimisation, accuracy, data security) and their particular relevance in the age of Big Data
Session 6: Rights of the data subject: including the right to object, the right to be forgotten and the right to subject access.
Session 7: Cross-border transfers of personal data: discusses the conditions on which personal data may be transferred outside the EEA, including recent case law and regulatory and legislative developments in this area
Session 8: Enforcement and sanctions: regulatory and civil sanctions (fines, damages, etc.) and the challenges of global enforcement of regional/national rules
Session 9: Privacy and electronic communications: considers the additional requirements imposed by the E-Privacy Directive (2002/54/EC) with regard to online consents, online behavioural tracking and profiling and the regulation of traffic and location data collected by electronic/mobile communications devices
Session 10: Contemporary issues of data protection: likely to change from year to year, but currently likely to include cloud computing, smart devices and the Internet of Things and Big Data.
Entry Requirements (not applicable to Visiting Students)
||Other requirements|| None
Course Delivery Information
|Academic year 2017/18, Not available to visiting students (SS1)
|Learning and Teaching activities (Further Info)
Programme Level Learning and Teaching Hours 4,
Directed Learning and Independent Learning Hours
|Assessment (Further Info)
|Additional Information (Assessment)
||One essay of up to 4,000 words (60%); one piece of assessed work (20%); contribution to online discussions (20%).
||Students can expect to receive timely feedback on their assessments
|No Exam Information
On completion of this course, the student will be able to:
- A general understanding of the fundamental principles of the EU data protection regime and information privacy
- A detailed and specific knowledge of data protection issues arising in the specific contexts.
- An appreciation of some of the current challenges faced by data controllers, data subjects, policy makers and regulators.
- A basic grounding in research skills and techniques in the area of data protection and information privacy.
|Graduate Attributes and Skills
||Developing the ability to independently assess the relevance and importance of primary and secondary sources.
|Course organiser||Ms Judith Rauhofer
Tel: (0131 6)50 2008
|Course secretary||Ms Clare Polson
Tel: (0131 6)51 9704