Timetable information in the Course Catalogue may be subject to change.

University Homepage
DRPS Homepage
DRPS Search
DRPS Contact
DRPS : Course Catalogue : School of Law : Law

Postgraduate Course: EU Data Protection Law (LAWS11384)

Course Outline
SchoolSchool of Law CollegeCollege of Arts, Humanities and Social Sciences
Credit level (Normal year taken)SCQF Level 11 (Postgraduate)
Course typeOnline Distance Learning AvailabilityNot available to visiting students
SCQF Credits20 ECTS Credits10
SummaryThis course will examine the EU data protection regime as set out in the General Data Protection Regulation ((EU) 2016/679) on the protection of individuals with regard to the processing of personal data and the free movement of such data (GDPR). It will provide you with an overview of the terminology and underlying principles of data protection and address specific areas and requirements for data controllers and processors that are subject to the new EU regime.

The course will consider:
1. the history of EU data protection law;
2. the scope and key concepts of EU data protection law, in particular, the concept of personal data;
3. the data protection principles, including fair processing, data minimisation, purpose limitation, accuracy and data security;
4. the rights of the data subject, including the right to be forgotten,
5. the right to object to processing and the right to data portability
6. the right to subject access;
7. the legal framework governing cross-border data transfers;
8. the sanction for data protection breaches and the challenges of enforcement at the national, regional and global level, with a particular focus on the processing of personal data in the online environment;
9. various specific contemporary challenges for data protection including data collection through Adtech and in the context of surveillance capitalism, ¿Big Data¿ and the use of data in the context of artificial intelligence.
A wide-ranging international approach will be adopted, with contributions sought from students in respect of their own jurisdictions.

The aims and objectives of this course are to:
1. Give an introduction to the history of EU data protection law
2. Provide an overview of the basic principles of data protection law in an European and international context.
3. Explore the rights of data subjects and how they have developed over time and in response to technological evolution
4. Discuss the data protection issues arising when personal data is exported to third countries.
5. Examine the special rules that apply to electronic communications
Course description Week 1: Introduction to the EU data protection framework: provides an overview of historical developments in EU data protection law and an introduction to the structure of the EU regime.
Week 2: The General Data Protection Regulation: Scope and key defined terms: discusses the material and territorial scope of the GDPR and the main definitions, including data controller, data processor, data subject, etc.
Week 3: What is 'personal data'?: discusses EU and UK approaches to the concept and nature of personal data and sensitive personal data in an offline and online environment (including anonymisation, pseudonymisation, and the nature of online identifiers)
Week 4: Data protection principles I: discusses the first data protection principle ('fair and lawful processing'), focusing on the legal grounds for data processing (consent, legitimate interest and other commercial and public policy grounds)
Week 5: Data protection principles II: discusses the purpose limitation and data minimisation principles, and their particular relevance in the context of Big Data and AI.
Week 6: Data protection principles III: discusses the accuracy, data security and accountability principles and the obligations they impose on controllers and processors
Week 7: Rights of the data subject: discusses the right to object, the right to rectification and erasure, the right to automated individual decision-making and the right to subject access.
Week 8: Cross-border transfers of personal data: discusses the conditions on which personal data may be transferred to countries, territories and organisations, outside the EEA, including recent case law and regulatory and legislative developments in this area
Week 9: Enforcement and sanctions: discusses regulatory and civil sanctions (fines, damages, etc.) for breaches of the GDPR and the challenges of global enforcement of regional/national rules
Week 10: Contemporary issues of data protection: likely to change from year to year, but currently likely to include surveillance capitalism, Big Data, data use and discrimination in an AI context.
Entry Requirements (not applicable to Visiting Students)
Pre-requisites Co-requisites
Prohibited Combinations Other requirements Please contact the online learning team at
Additional Costs Students must have reliable access to the internet.
Course Delivery Information
Academic year 2023/24, Not available to visiting students (SS1) Quota:  None
Course Start Semester 1
Timetable Timetable
Learning and Teaching activities (Further Info) Total Hours: 200 ( Lecture Hours 40, Programme Level Learning and Teaching Hours 4, Directed Learning and Independent Learning Hours 156 )
Assessment (Further Info) Written Exam 0 %, Coursework 100 %, Practical Exam 0 %
Additional Information (Assessment) One essay of up to 4,000 words (60%); one piece of assessed work (20%); a portfolio of contributions made to weekly online discussions throughout the semester (20%).

Requirements for all course assessments will be outlined to students within the individual courses at the start of each semester.
Feedback Students will have the opportunity to obtain formative feedback over the course of the semester. The feedback provided will assist students in their preparation for the summative assessment.

Details of the School's feedback policy will be available at the start of the course.
No Exam Information
Learning Outcomes
On completion of this course, the student will be able to:
  1. A general understanding of the fundamental principles of the EU data protection regime and information privacy
  2. A detailed and specific knowledge of data protection issues arising in the specific contexts.
  3. An appreciation of some of the current challenges faced by data controllers, data subjects, policy makers and regulators.
  4. A basic grounding in research skills and techniques in the area of data protection and information privacy.
Reading List
A detailed list of key resources will be available at the start of the course.
Additional Information
Course URL
Graduate Attributes and Skills Students will develop their skills and abilities in:
1. Research and enquiry, through e.g. selecting and deploying appropriate research techniques;
2. Personal and intellectual autonomy, e.g. developing the ability to independently assess the relevance and importance of primary and secondary sources;
3. Communication, e.g. skills in summarising and communicating information and ideas effectively in written form;
4. Personal effectiveness, e.g. working constructively as a member of an online community;
5. Students will also develop their technical/practical skills, throughout the course, e.g. in articulating, evidencing and sustaining a line of argument, and engaging in a convincing critique of another's arguments.
Special Arrangements This course is taught by online learning.
Additional Class Delivery Information This course is taught by online learning.
KeywordsGDPR,personal data,Data protection law,information privacy
Course organiserMs Judith Rauhofer
Tel: (0131 6)50 2008
Course secretaryMs Clare Polson
Tel: (0131 6)51 9704
Help & Information
Search DPTs and Courses
Degree Programmes
Browse DPTs
Humanities and Social Science
Science and Engineering
Medicine and Veterinary Medicine
Other Information
Combined Course Timetable
Important Information