Timetable information in the Course Catalogue may be subject to change.

University Homepage
DRPS Homepage
DRPS Search
DRPS Contact
DRPS : Course Catalogue : School of Law : Law

Postgraduate Course: Confidentiality and Data Protection in Biomedicine (LAWS11495)

Course Outline
SchoolSchool of Law CollegeCollege of Arts, Humanities and Social Sciences
Credit level (Normal year taken)SCQF Level 11 (Postgraduate)
Course typeOnline Distance Learning AvailabilityNot available to visiting students
SCQF Credits20 ECTS Credits10
SummaryThis course provides a detailed exploration of two legal regimes in the biomedical context (comprising both health care and health research, broadly defined) that are of increasing importance: data protection/privacy law and the common law duty of confidentiality. Both of these legal regimes have experienced rapid development in the 21st century. New medical innovations, greater international research collaborations, and the push for Big Data research and digitisation of society generate pertinent, complex questions about what ought to be done (if anything) with our personal (and patient) data, and under what legal and ethical conditions. As part of this exploration, brief consideration will also be given to a third related and emerging legal regime, namely a right of privacy in terms of the common law and the tort of misuse of private information. This course will enable students to explore some of the key concepts, rules, and functions of confidentiality and data protection/privacy laws as they operate in biomedicine. The central focus of the course is the interplay between UK data protection law, the common law duty of confidentiality, and wider frameworks in Europe and at the international level (including the Data Protection Act 2018, the UK GDPR and EU GDPR, European Court of Human Rights jurisprudence concerning Art. 8 ECHR, and Council of Europe and OECD data privacy frameworks). We will analyse and evaluate this interaction drawing on a range of sources, including case law, statute, policy, academic literature, advisory opinions, and domestic and international laws and practices.

The aims and objectives of the course are to:
1. develop an advanced grounding in the concepts, principles, and rules underpinning confidentiality and data protection in biomedicine;
2. foster understand of the differences and commonalities between the legal regimes of data protection law and the common law duty of confidentiality, and why these matter;
3. critically analyse emerging issues within this field from the perspective of confidentiality and data protection, including: Big Data and challenges to the data minimisation principle, international data sharing, use of NHS patient data for research purposes, the limits of data anonymisation, and blurred boundaries among clinical, research and administrative uses of personal and patient data; and
4. develop a critical awareness in students of these issues, and to promote the ability to evaluate legal and regulatory actions taken in response to new developments, including the failure to adequately protect data and ensure confidentiality in some instances.
Course description This course will consist of 10 seminars organised into three parts, covering 'Foundations', 'Core Elements' and exploration of 'Contemporary Issues':

Part 1: Foundations of the legal regimes
1. The common law duty of confidentiality: history and legal development through case studies
2. The common law duty of confidentiality: modern context and interface with ethics and practice (e.g. General Medical Council, National Data Guardian, Confidentiality Advisory Group)
3. From confidentiality to privacy (including the tort of misuse of private information) to data protection law (focusing on Art 8 ECHR and ECtHR jurisprudence)

Part 2: Core elements of data protection law in biomedicine
4. Data protection terminology and underlying principles: introduction to the GDPR and Data Protection Act 2018 (including focus on privacy notices and DPIAs)
5. The legal grounds for lawful processing of personal data in the biomedical context: a focus on consent (versus) the public interest
6. Challenges arises from Big Data and large-scale biomedical initiatives: a focus on the data minimisation principle
7. Rights of the data subject qua patient and research participant

Part 3: Contemporary issues in the biomedical context
8. Two biomedicine challenges in data protection law: Big Data and international data transfers
9. Making data protection law work for biomedical research: is reform needed?
10. Bringing the legal regimes together in biomedicine: how might the common law duty of confidentiality, tort of misuse of private information, and data protection law work better together, if at all?
Entry Requirements (not applicable to Visiting Students)
Pre-requisites Co-requisites
Prohibited Combinations Other requirements None
Course Delivery Information
Academic year 2023/24, Not available to visiting students (SS1) Quota:  None
Course Start Semester 1
Timetable Timetable
Learning and Teaching activities (Further Info) Total Hours: 200 ( Programme Level Learning and Teaching Hours 4, Directed Learning and Independent Learning Hours 196 )
Assessment (Further Info) Written Exam 0 %, Coursework 100 %, Practical Exam 0 %
Additional Information (Assessment) Formative assessment: 1,000-word policy brief«br /»
Summative assessment: 2,000-word analysis of a privacy notice (40%); 4,000-word final essay (60%)
Feedback Not entered
No Exam Information
Learning Outcomes
On completion of this course, the student will be able to:
  1. A critical understanding of the principal theories and concepts underpinning data protection law and the common law duty of confidentiality.
  2. A critical awareness of the current issues related to regulation of processing personal data in the biomedical context and using confidential patient data, particularly in the UK (but also with respect to international data sharing).
  3. A thorough understanding of how data protection law and the common duty of confidentiality sit within the broader context of medical law and ethics.
Reading List
There will be no set text for this course, but reading lists are likely to include:

Graeme Laurie, Shawn Harmon and Edward Dove, Mason and McCall Smith's Law and Medical Ethics (11th ed) (OUP, 2019).
Graeme Laurie, Genetic Privacy: A Challenge to Medico-Legal Norms (CUP, 2002)
Mark Taylor, Genetic Data and the Law: A Critical Perspective on Privacy Protection (CUP, 2012)
Peter Carey, Data Protection: A Practical Guide to UK Law (OUP, 2020).
Christopher Kuner, Lee Bygrave, Christopher Docksey (eds), The EU General Data Protection Regulation (GDPR): A Commentary (OUP, 2020).
Tanya Aplin, Lionel Bently, Phillip Johnson, Simon Malynicz, Gurry on Breach of Confidence: The Protection of Confidential Information (2nd edn, OUP, 2012).
Charles Phipps, William Harman, Simon Teasdale, Toulson & Phipps on Confidentiality (4th edn, Sweet & Maxwell, 2020).
Megan Richardson, Michael Bryan, Martin Vranken, and Katy Barnett, Breach of Confidence: Social Origins and Modern Developments (Edward Elgar, 2012).
Megan Richardson, The Right to Privacy: Origins and Influence of a Nineteenth-Century Idea (CUP, 2017).

Journal articles, case law, EDPB/ICO/NDG opinions and reports, and book chapters will be the primary assigned readings for this course. The following is an indicative list of journal titles, to which the library already holds a subscription:

International Data Privacy Law
Computer Law & Security Review
International Journal of Medical Informatics
European Data Protection Law Review
European Journal of Health Law
Medical Law International
Medical Law Review
Additional Information
Graduate Attributes and Skills 1. Students will be able to plan and execute a privacy notice analysis, a key legal instrument in data protection law and a core component of ethical practice when processing personal data of data subjects.
2. Critical research skills will be developed in preparing for the privacy notice analysis and summative essay.
3. Advanced practical application of law, policy, regulation and ethics will be acquired through the course in both group activities within the seminars and in individual research.
4. Individual assessed work will allow the students to exercise academic autonomy and rigorous delivery of research findings.
5. Advanced critical research, argumentation, and communication skills.
6. Communication of complex legal and regulatory issues to a range of audiences (as demonstrated through the privacy notice analysis assessment, which ought to be written in plain language).
7. Advanced written and oral communication of complex legal, ethical and regulatory issues through the assessments and in-class activities.
8. Plan and execute a privacy notice analysis utilising practice-relevant materials.
9. The essay at the end of the semester requires that students apply critical analysis, evaluation and synthesis of the issues discussed during the seminars. By doing so, the essay will allow students to develop original and creative responses to problems and issues in data protection law and/or the common law duty of confidentiality. They will be able to critically review, consolidate and extend knowledge, skills, practices and thinking in these legal domains.
10. Critical legal analysis. Problem-solving using real world examples from biomedicine.
11. Sophisticated use of primary and secondary materials, and the ability to articulate their meaning both orally and in writing.
12. Identify and conceptualise contemporary problems and issues in data protection law and the common law duty of confidentiality, focusing on biomedicine.

KeywordsNot entered
Course organiserMr Edward Dove
Tel: (0131 6)50 6320
Course secretaryMs Clare Polson
Tel: (0131 6)51 9704
Help & Information
Search DPTs and Courses
Degree Programmes
Browse DPTs
Humanities and Social Science
Science and Engineering
Medicine and Veterinary Medicine
Other Information
Combined Course Timetable
Important Information