University Homepage
DRPS Homepage
DRPS Search
DRPS Contact
DRPS : Course Catalogue : School of Law : Law

Postgraduate Course: EU Data Protection Law (LAWS11384)

Course Outline
SchoolSchool of Law CollegeCollege of Arts, Humanities and Social Sciences
Credit level (Normal year taken)SCQF Level 11 (Postgraduate)
Course typeOnline Distance Learning AvailabilityNot available to visiting students
SCQF Credits20 ECTS Credits10
SummaryThis model will examine the new EU data protection regime as set out in the General Data Protection Regulation ((EU) 2016/679) on the protection of individuals with regard to the processing of personal data and the free movement of such data (GDPR). It will provide you with an overview of the terminology and underlying principles of data protection and address specific areas and requirements for data controllers and processors that are subject to the new EU regime.

The module will consider:
1. the history of EU data protection law;
2. the scope and key concepts of EU data protection law;
3. the data protection principle, including fair processing, data minimisation, purpose limitation, accuracy and data security;
4. the rights of the data subject, including the right to be forgotten, 5. the right to object to processing, the right to data portability and 6. the right to subject access;
7. the legal framework governing cross-border data transfers;
8. the sanction for data protection breaches and the challenges of enforcement at the national, regional and global level, with a particular focus on the processing of personal data in the online environment;
9. various specific contemporary challenges for data protection including cloud computing, data collection through smart devices and the Internet of Things, and Big Data.

A wide-ranging international approach will be adopted, with contributions sought from students in respect of their own jurisdictions.

The aims and objectives of this course are to:
1. Give an introduction to the history of EU data protection law
2. Provide an overview of the basic principles of data protection law in an European and international context.
3. Explore the rights of data subjects and how they have developed over time and in response to technological evolution
4. Discuss the data protection issues arising when personal data is exported to third countries.
5. Examine the special rules that apply to electronic communications
Course description Week 1: Introduction to the EU data protection framework: provides an overview of historical developments in EU data protection law and an introduction to the structure of the new regime.
Week 2: The General Data Protection Regulation: Scope and key defined terms: discusses the material and territorial scope of the GDPR and the main definitions, including data controller, data processor, data subject, etc.
Week 3: What is 'personal data'?: discusses EU and UK approaches to the concept and nature of personal data and sensitive personal data in an offline and online environment (including anonymisation, pseudonymisation, and the nature of online identifiers)
Week 4: Data protection principles I: discusses the first data protection principle ('fair and lawful processing'), focusing on the legal grounds for data processing (consent, legitimate interest and other commercial and public policy grounds)
Week 5: Data protection principles II: discusses the value of the remaining data protection principles (purpose limitation, data minimisation, accuracy, data security) and their particular relevance in the age of Big Data
Week 6: Rights of the data subject: including the right to object, the right to be forgotten and the right to subject access.
Week 7: Cross-border transfers of personal data: discusses the conditions on which personal data may be transferred outside the EEA, including recent case law and regulatory and legislative developments in this area
Week 8: Enforcement and sanctions: regulatory and civil sanctions (fines, damages, etc.) and the challenges of global enforcement of regional/national rules
Week 9: Privacy and electronic communications: considers the additional requirements imposed by the E-Privacy Directive (2002/54/EC) with regard to online consents, online behavioural tracking and profiling and the regulation of traffic and location data collected by electronic/mobile communications devices
Week 10: Contemporary issues of data protection: likely to change from year to year, but currently likely to include cloud computing, smart devices and the Internet of Things and Big Data.
Entry Requirements (not applicable to Visiting Students)
Pre-requisites Co-requisites
Prohibited Combinations Other requirements Please contact the online learning team at
Course Delivery Information
Academic year 2019/20, Not available to visiting students (SS1) Quota:  None
Course Start Semester 1
Timetable Timetable
Learning and Teaching activities (Further Info) Total Hours: 200 ( Lecture Hours 40, Programme Level Learning and Teaching Hours 4, Directed Learning and Independent Learning Hours 156 )
Assessment (Further Info) Written Exam 0 %, Coursework 100 %, Practical Exam 0 %
Additional Information (Assessment) One essay of up to 4,000 words (60%); one piece of assessed work (20%); a portfolio of contributions made to weekly online discussions throughout the semester (20%).

Requirements for all course assessments will be outlined to students within the individual courses at the start of each semester.
Feedback Students will have the opportunity to obtain formative feedback over the course of the semester. The feedback provided will assist students in their preparation for the summative assessment.

Details of the School's feedback policy will be available at the start of the course.
No Exam Information
Learning Outcomes
On completion of this course, the student will be able to:
  1. A general understanding of the fundamental principles of the EU data protection regime and information privacy
  2. A detailed and specific knowledge of data protection issues arising in the specific contexts.
  3. An appreciation of some of the current challenges faced by data controllers, data subjects, policy makers and regulators.
  4. A basic grounding in research skills and techniques in the area of data protection and information privacy.
Reading List
A detailed list of key resources will be available at the start of the course.
Additional Information
Course URL
Graduate Attributes and Skills Students will develop their skills and abilities in:
1. Research and enquiry, through e.g. selecting and deploying appropriate research techniques;
2. Personal and intellectual autonomy, e.g. developing the ability to independently assess the relevance and importance of primary and secondary sources;
3. Communication, e.g. skills in summarising and communicating information and ideas effectively in written form;
4. Personal effectiveness, e.g. working constructively as a member of an online community;
5. Students will also develop their technical/practical skills, throughout the course, e.g. in articulating, evidencing and sustaining a line of argument, and engaging in a convincing critique of another's arguments.
Special Arrangements This course is taught by online learning.
Additional Class Delivery Information This course is taught by online learning.
KeywordsNot entered
Course organiserDr Lachlan Urquhart
Course secretaryMs Clare Polson
Tel: (0131 6)51 9704
Help & Information
Search DPTs and Courses
Degree Programmes
Browse DPTs
Humanities and Social Science
Science and Engineering
Medicine and Veterinary Medicine
Other Information
Combined Course Timetable
Important Information