European and International Data Protection and Privacy Law

Course content

The globalization of the world economy, the ever-increasing importance of the Internet, and the growth of electronic commerce have made data protection and privacy law an important area of concern for businesses, governments, and individuals. At present, governments around the world are seeking ever-increasing access to personal data for law enforcement and other purposes; companies are processing more personal data than ever; and many individuals publish their personal data on the Internet on a routine basis. Consequently most lawyers will come across data protection issues sooner or later in their work. Another consequence of these developments is that data protection and privacy law have evolved from being local issues to ones of global concern. Besides the EU Directives and laws in EU Member States on data protection, the subject has spread to countries as diverse as Australia, Canada, Japan, and the US, among many others. This course will concentrate on European data protection and privacy law, while providing students with an overview of the different legal systems of data protection and privacy around the world. The course will give students insight into how to analyze international data protection issues, both from a legal and policy perspective. It will also give an overview of the historical roots of data protection privacy law, and will examine relevant human rights issues. Besides analysis of the legal rules, the course will include extensive real-world examples and issues arising in areas such as transferring personal data outside of Europe; processing personal data on online services (such as social networks); the profiling of individuals in the context of electronic commerce; the use of data for electronic marketing purposes; and others. The course may also include a presentation from a leading outside expert from the business or regulatory community.

1. The course begins with an introduction to the basic principles and instruments of data protection law around the world. It will also provide an overview of the different systems for data protection and privacy law. The following topics will be covered:
• The historical background and development of data protection and privacy law
• The most important international legal instruments
• The various systems of data protection around the world, such as the European system; systems in common law countries (particularly the US and Canada); and systems in the Asia-Pacific region
2. The second part will focus on the basic content of the European system of data protection, in particular:
• An overview of EU institutions and general rules of EU law relevant to data protection
• The two main EU Directives on data protection (EU Directives 95/46 and 2002/58)
• Other important European legal instruments (Council of Europe Convention 108 etc)
3. The third part of the course deals with data protection as a human right, with a focus on the following:
• The historical roots of data protection
• International human rights instruments
• Case law of the European Convention on Human Rights
4. The fourth part of the course deals with the international transfer of personal data, including topics such as:
• Legal issues with regard to the international transfer of personal data
• Review of legal treatment of data transfers under different legal systems
• Real-world situations involving international data transfers and the legal questions they raise
5. The fifth part of the course will focus on issues involving the processing of personal data in the Internet and in electronic commerce, such as the following:
• applicable law and jurisdiction
• application of fundamental data protection concepts to electronic commerce (e.g., consent, personal data, data controller/data processor etc)
• data protection in online social networks
• electronic marketing issues
• drafting documentation for web sites
6. The final part of the course will look at likely future developments and directions in data protection around the world.

Learning outcome

Present and explain the relevant legal sources and rules of law
Explain and put into perspective the relationship between relevant rules of law
Identify relevant legal problems and arguments on the basis of a given fact description
Analyse which rules and principles of law are relevant to the identified legal problems and apply these rules and principles in relation to the facts given
Argue and discuss the pros and cons of the different possible solutions of the identified legal problem on the basis of the identified rules and principles of law
Decide and make a valid choice among the possible solutions in a way that shows in-depth knowledge and understanding of the field
• If relevant discuss any inexpediencies and alternative regulation possibilities
Communicate and formulate her/his knowledge and arguments professionally and linguistically correct and in a structured and coherent way.

Christopher Kuner: European Data Protection Law: Corporate Compliance and Regulation (selections)
Various Article 29 Working Party papers
Various international conventions and standards (Council of Europe Convention 108, OECD Privacy Guidelines etc)
Various legal articles
Various materials from practice
Required readings cover app. 500 pages

Type of assessment
Oral examination, 20 minutes
Oral exam without preparation, 20 minutes
Marking scale
7-point grading scale
Censorship form
External censorship

Single subject courses (day)

  • Category
  • Hours
  • Seminar
  • 34
  • Preparation
  • 241
  • English
  • 275