European Data Protection Law

Course content

Personal data is essential for data-driven economies. Bringing about the potential to bolster the economic efficiency and social benefits, processing of personal data, however, could also have a significant adverse effect on prevailing societal values and individual rights and freedoms. As echoed in Snowden revelations and the recent Cambridge Analytica case, this risk is inherent both in private and public data practices. Against this background, the regulatory approach in the field calls for a delicate balance to be struck in enabling technological advances like big data and Internet of things while respecting individuals’ rights to privacy and data protection. Recently enacted data protection Regulation in Europe stands out as an international blueprint for addressing these concerns. Yet, despite its theoretical might, it remains to be seen if it is capable of efficiently solving these issues in practice. Given the importance of data protection and privacy as fundamental human rights and recognized societal values, the knowledge and competences to deal with data protection considerations are critical for any individual, not to mention legal professionals. This course is tailored to enable students to obtain and master these essential skills.

 

The course consists of four closely linked and interdependent parts.

The first part is foundational, where respective sessions introduce the legal framework, key terms and rationale behind adopting and enforcing data protection rules in Europe.

The second part delves into substantive rules and instruments of data protection, focusing on the material and territorial scope of the Regulation, data protection principles, legal basis for processing, rights of the data subject, transfer to third countries, sanctions and compliance mechanisms.

The third part addresses some contentious issues of the current data protection regime, exploring issues such as balancing data protection and right to privacy with other human rights, considering examples of technologies and their effect on privacy (e.g. big data, blockchain, etc.)

The fourth part (“in-depth studies” module) of the course offers potential for students to carry out an independent research project where they work on two selected topics and present their findings to other students in the class.

 

The course has relations to the BA courses “Individets grundlæggende rettigheder”, “EU-ret”, “Ret, privatliv og teknologi” and, to some extent, to the introduction to data protection law given to the students in "Forvaltningsret".

Learning outcome

Competences:

The student should be capable of:

  • providing professional assessment on the applicability of data protection rules to different categories of situations;
  • arguing in favour of distinct legal qualifications and solutions from perspectives of various stakeholders in a given situation
  • identifying potential data protection and privacy concerns and risks posed by technological advances;
  • ascertaining situations of potential conflicts between data protection and privacy rights and other fundamental human rights;
  • providing reasoned opinions on issues of enforcement of data protection rules in Europe;

Skills:

The student should be able to:

  • identify the relevant legislative framework
  • correctly use the central concepts of data protection law in establishing data protection and privacy concerns
  • present and analyse relevant case law
  • have constructive discussions and efficient work in groups (both as applied to in-class work and in the course of  the “in-depth” studies module).

Knowledge:

The course provides students with the knowledge of the basic concepts and legal instruments of data protection law: whether and how data protection law is applied in various configurations.

More specifically, the students should know:

  • central terms, figures, and scope of data protection law (e.g. concepts of “personal data”, “establishment”, “controller”, etc.)
  • actual substantive rules of data protection law (e.g. rules related to data subjects rights, obligations of controllers/processors, international transfers, etc.), including the key rulings of the Court of Justice of the EU.
  • application of rules in different legal contexts (e.g. law enforcement, corporate compliance, big data, health data, etc.)

The course includes the following kinds of learning activities:

- brainstorming questions;
- in-class discussions and policy debates;
- case studies;
- student presentations;
- revision and a mock exam;

The course comprises of lectures (including guest lectures) and practical seminars.

Required readings cover app. 600 pages and include:

 

  • Handbook on European Data Protection Law (2018) European Union Agency for Fundamental Rights and Council of Europe (selection of chapters)
  • Christopher Kuner: European Data Protection Law: Corporate Compliance and Regulation (selection of chapters)
  • Opinions and guidelines of the Article 29 Working Party (European Data Protection Board)
  • Selection of academic articles
  • Judgments by the Court of Justice of the EU and case studies from the legal practice

 

A more detailed list of required reading will be published in Absalon. All the required materials are either available for a loan from the University library or will be uploaded in Absalon.

The course does not require other MA courses to be completed.
Basic knowledge of EU law is desirable.

Oral
Individual
Collective
Continuous feedback during the course of the semester
Feedback by final exam (In addition to the grade)
Peer feedback (Students give each other feedback)

 

  • Oral (Individual/Collective) on case studies and in-class group work
  • Continuous feedback in the course of the “in-depth studies” module: teacher’s feedback on students’ progress in the course of preparation for and after group presentations (in-class/via electronic communication/office drop-in session) as well as peer feedback on group presentations
ECTS
15 ECTS
Type of assessment
Oral examination, 20 minutes
Oral exam with preparation, 20 minutes
Marking scale
7-point grading scale
Censorship form
External censorship

Single subject courses (day)

  • Category
  • Hours
  • Preparation
  • 356,5
  • Seminar
  • 56
  • English
  • 412,5