Timetable information in the Course Catalogue may be subject to change.

University Homepage
DRPS Homepage
DRPS Search
DRPS Contact
DRPS : Course Catalogue : School of Law : Law

Undergraduate Course: Confidentiality and Data Protection in Biomedicine (LAWS10232)

Course Outline
SchoolSchool of Law CollegeCollege of Arts, Humanities and Social Sciences
Credit level (Normal year taken)SCQF Level 10 (Year 3 Undergraduate) AvailabilityAvailable to all students
SCQF Credits20 ECTS Credits10
SummaryThis course provides a detailed exploration of two legal regimes in the biomedical context (comprising both health care and health research, broadly defined) that are of increasing importance: data protection/privacy law and the common law duty of confidentiality. Both of these legal regimes have experienced rapid development in the 21st century. New medical innovations, greater international research collaborations, and the push for Big Data research and digitisation of society generate pertinent, complex questions about what ought to be done (if anything) with our personal (and patient) data, and under what legal and ethical conditions. As part of this exploration, brief consideration will also be given to a third related and emerging legal regime, namely a right of privacy in terms of the common law and the tort of misuse of private information. This course will enable students to explore some of the key concepts, rules, and functions of confidentiality and data protection/privacy laws as they operate in biomedicine. The central focus of the course is the interplay between UK data protection law, the common law duty of confidentiality, and wider frameworks in Europe and at the international level (including the Data Protection Act 2018, General Data Protection Regulation, European Court of Human Rights jurisprudence concerning Art. 8 ECHR, and Council of Europe and OECD data privacy frameworks). We will analyse and evaluate this interaction drawing on a range of sources, including case law, statute, policy, academic literature, advisory opinions, and domestic and international laws and practices.
Course description This course will consist of 10 seminars organised into three parts, covering 'Foundations', 'Core Elements' and exploration of 'Contemporary Issues':

Part 1: Foundations of the legal regimes
1. The common law duty of confidentiality - history and legal development through case studies
2. The common law duty of confidentiality - modern context and interface with ethics and practice (e.g. General Medical Council, National Data Guardian, Confidentiality Advisory Group)
3. From confidentiality to privacy (including the tort of misuse of private information) to data protection law (focusing on Art 8 ECHR and ECtHR jurisprudence)

Part 2: Core elements of data protection law in biomedicine
4. Data protection terminology and underlying principles: introduction to the GDPR and Data Protection Act 2018 (including focus on privacy notices and DPIAs)
5. The legal grounds for lawful processing of personal data in the biomedical context: a focus on consent (versus) the public interest
6. Challenges arises from Big Data and large-scale biomedical initiatives: a focus on the data minimisation principle
7. Rights of the data subject qua patient and research participant

Part 3: Contemporary issues in the biomedical context
8. International data transfers and specific challenges in the biomedical research context
9. Making data protection law work for biomedical research: is reform needed?
10. Bringing the legal regimes together in biomedicine: how might the common law duty of confidentiality, tort of misuse of private information, and data protection law work better together, if at all?
Entry Requirements (not applicable to Visiting Students)
Pre-requisites Co-requisites
Prohibited Combinations Other requirements None
Information for Visiting Students
High Demand Course? Yes
Course Delivery Information
Academic year 2023/24, Available to all students (SV1) Quota:  0
Course Start Semester 1
Timetable Timetable
Learning and Teaching activities (Further Info) Total Hours: 200 ( Seminar/Tutorial Hours 20, Programme Level Learning and Teaching Hours 4, Directed Learning and Independent Learning Hours 176 )
Assessment (Further Info) Written Exam 0 %, Coursework 100 %, Practical Exam 0 %
Additional Information (Assessment) Drafting of a privacy notice for a hypothetical biomedical research project's website) (2000 words; 40%); Essay (4000 words; 60%).
Feedback Not entered
No Exam Information
Learning Outcomes
On completion of this course, the student will be able to:
  1. A critical understanding of the principal theories and concepts underpinning data protection law and the common law duty of confidentiality;
  2. A critical awareness of the current issues related to regulation of processing personal data in the biomedical context and using confidential patient data, particularly in the UK (but also with respect to international data sharing);
  3. A thorough understanding of how data protection law and the common duty of confidentiality sit within the broader context of medical law and ethics
Reading List
Additional Information
Graduate Attributes and Skills Graduate Attributes: Skills and abilities in Research and Enquiry:
- Students will be able to plan and execute a 'privacy notice', a key legal instrument in data protection law and a core component of ethical practice when processing personal data of data subjects.
- Critical research skills will be developed in preparing for the privacy notice and summative essay.
- Advanced practical application of law, policy, regulation and ethics will be acquired through the course in both group activities within the seminars and in individual research.
Graduate Attributes: Skills and abilities in Personal and Intellectual Autonomy:
- Individual assessed work will allow the students to exercise academic autonomy and rigorous delivery of research findings.
- Advanced critical research, argumentation, and communication skills.
Graduate Attributes: Skills and abilities in Communication
- Communication of complex legal and regulatory issues to a range of audiences (as demonstrated through the privacy notice assessment, which ought to be written in 'plain language').
- Advanced written and oral communication of complex legal, ethical and regulatory issues through the assessments and in-class activities.
Graduate Attributes: Skills and abilities in Personal Effectiveness:
- Plan and execute a privacy notice utilising practice-relevant materials.
- The essay at the end of the semester requires that students apply critical analysis, evaluation and synthesis of the issues discussed during the seminars. By doing so, the essay will allow students to develop original and creative responses to problems and issues in data protection law and/or the common law duty of confidentiality. They will be able to critically review, consolidate and extend knowledge, skills, practices and thinking in these legal domains.
Technical/practical skills:
- Critical legal analysis. Problem-solving using real world examples from biomedicine.
- Sophisticated use of primary and secondary materials, and the ability to articulate their meaning both orally and in writing.
- Identify and conceptualise contemporary problems and issues in data protection law and the common law. duty of confidentiality, focusing on biomedicine.
Keywordsbiomedicine,confidentiality,data transfer,law,data protection
Course organiserMr Edward Dove
Tel: (0131 6)50 6320
Course secretaryMiss Lauren McCrory-Irving
Help & Information
Search DPTs and Courses
Degree Programmes
Browse DPTs
Humanities and Social Science
Science and Engineering
Medicine and Veterinary Medicine
Other Information
Combined Course Timetable
Important Information