Syllabus/achievement requirements

 

Achievement requirements

Achievement requirements for master’s level (10 credits):

Knowledge

  • Thorough knowledge of the rationale for legal protection of personal data.
  • Thorough knowledge of the legal framework for data protection in the European Union (EU) and European Economic Area (EEA).
  • Knowledge of the interaction of data protection law with other fields of law, such as administrative law, labour law, human rights law and contract law.
  • Knowledge of the data protection laws in certain non-European jurisdictions, particularly the USA.
  • Thorough knowledge of the ways in which distributed computer networks such as the Internet, along with other forms of information and communication technology (ICT), challenge the application and enforcement of law on protection of personal data.
  • Good knowledge of the challenges in arriving at global consensus on legal policies for data protection.
  • Good knowledge of the relevant EU rules for determining applicable law and extra-territorial jurisdiction in the field.
  • Good knowledge of relevant soft law (guidelines and codes of practice).

Skills

  • Interpret and apply legal rules on protection of personal data, in accordance with generally accepted legal-dogmatic method.
  • Interpret and apply EU rules on applicable law and extra-territorial jurisdiction related to protection of personal data.
  • Elucidate and critically assess the efficacy of data protection law in the digital environment.

General competence

  • Ability to understand thoroughly the rationale, logic and limits of law on protection of personal data.
  • Ability to analyse critically the assumptions upon which the law is based, and to discuss sensibly alternative regulatory possibilities.
  • Ability to understand the place of data protection law in the broader legal landscape.
  • Ability to understand the EU rules for determining applicable law and extra-territorial jurisdiction pertaining to protection of personal data, and to understand why these rules are controversial.

Achievement requirements for bachelor’s level (10 credits):

Knowledge

  • Solid knowledge of the rationale for legal protection of personal data.
  • Solid knowledge of the legal framework for data protection in the European Union (EU) and European Economic Area (EEA).
  • Knowledge of the interaction of data protection law with other fields of law, such as administrative law, labour law, human rights law and contract law.
  • Knowledge of the data protection laws in certain non-European jurisdictions, particularly the USA.
  • Knowledge of the ways in which distributed computer networks such as the Internet, along with other forms of information and communication technology (ICT), challenge the application and enforcement of law on point.
  • Appreciation of the challenges in arriving at global consensus on legal policies for data protection.
  • Knowledge of relevant soft law (guidelines and codes of practice).

Skills

  • Interpret and apply legal rules on protection of personal data, in accordance with generally accepted legal-dogmatic method.
  • Elucidate and critically assess the challenges posed by ICT to data protection law.

General competence

  • Ability to understand the rationale, logic and limits of law on protection of personal data.
  • Ability to understand the place of data protection law in the broader legal landscape.
  • Ability to analyse critically the assumptions upon which the law is based, and to discuss sensibly alternative regulatory possibilities.

 

Reading assignments

Main literature

Bagger Tranberg, C.: “Proportionality and data protection in the case law of the European Court of Justice”, International Data Privacy Law, 2011, vol. 1(4), pp. 239–248 (9 pages).

Lee A. Bygrave, Data Privacy Law: An International Perspective (Oxford University Press, 2014) ( 220 p)

Bygrave, LA: “Data Protection Pursuant to the Right to Privacy in Human Rights Treaties”, International Journal of Law & Information Technology, 1998, volume 6, pp. 247–284 (37 pages).

Koops, B-J. & Leenes, R.: “‘Code’ and the Slow Erosion of Privacy”, Michigan Telecommunications and Technology Law Review, 2005, vol. 12, issue 1, pp. 115–188 (73 pages; Master’s level only).

Moerel, L.: “The long arm of EU data protection law: Does the Data Protection Directive apply to processing of personal data of EU citizens by websites worldwide?”, International Data Privacy Law, 2011, vol. 1(1), pp. 28–46 (18 pages).

Moerel, L.: “Back to basics: when does EU data protection law apply?”, International Data Privacy Law, 2011, vol. 1(2), pp. 92–110 (18 pages).

Svantesson, D.J.B.: “The regulation of cross-border data flows”, International Data Privacy Law, 2011, vol. 1(3), pp. 180–198 (18 pages).

Master's level: 393 pages

Bachelor's level: 320 pages

 

 

Supplementary literature

Bennett, C.J. & Raab, C.D.: The Governance of Privacy. Policy instruments in global perspective (MIT Press, 2006).

Bygrave, L.A.: “The Body as Data? Biobank Regulation via the ‘Back Door’ of Data Protection Law”, Law, Innovation and Technology, 2010, vol. 2, pp. 1–25 (25 pages).

Bygrave, L.A.: “Digital Rights Management and Privacy – Legal Aspects in the European Union”, in E. Bekker et al. (eds.), Digital Rights Management: Technological, Economic, Legal and Political Aspects (Berlin / Heidelberg: Springer, 2003), pp. 418–446.

Flaherty, D.H.:Protecting Privacy in Surveillance Societies (Chapel Hill / London: University of North Carolina Press, 1989).

Froomkin, A.M.: “The Death of Privacy?”, Stanford Law Review, 2000, volume 52, pp. 1461–1543. Kuan Hon, W., Millard, C. and Walden, I.: “The problem of ‘personal data’ in cloud computing: what information is regulated?—The cloud of unknowing”, International Data Privacy Law, 2011, vol. 1(4), pp. 211-228 (17 pages).

Kuan Hon, W., Millard, C. and Walden, I.: “Who is responsible for ‘personal data’ in cloud computing?—The cloud of unknowing, Part 2”, International Data Privacy Law, 2012, vol. 2(1), pp. 3-18 (15 pages).

Kuner, C.: European Data Privacy Law and Online Business (Oxford: Oxford University Press, 2007, 2nd edition).

Olsen, T. & Mahler, T.: “Identity management and data protection law: Risk, responsibility and compliance in ‘Circles of Trust’”, Computer Law & Security Report, 2007, vol. 23, nos. 4–5, pp. 342–351, 415–426.

Reidenberg, J.R.: “Resolving Conflicting International Data Privacy Rules in Cyberspace”, Stanford Law Review, 2000, vol. 52, pp. 1315–1371.

Shaffer, G.: “Globalization and Social Protection: The Impact of E.U. and International Rules in Ratcheting Up of U.S. Privacy Standards”, Yale Journal of International Law, 2000, volume 25, pp. 1–88.

Solove, D.: “Privacy and Power: Computer Databases and Metaphors for Information Privacy”, Stanford Law Review, 2001, volume 53, pp. 1393–1462.

Tene, O.: “Privacy: The New Generations”, International Data Privacy Law, 2011, vol. 1(1), pp. 15-27 (12 pages).

Westin A.F.: Privacy and Freedom (New York: Atheneum, 1970).

Relevant regulatory instruments

Council of Europe’s Convention on data protection (1981) – Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS No 108), adopted 28.1.1981; available at http://conventions.coe.int/Treaty/EN/Treaties/Html/108.htm

Additional Protocol to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data regarding supervisory authorities and transborder data flows (E.T.S. No. 181),adopted 8.11.2001; available at http://conventions.coe.int/Treaty/EN/Treaties/Html/181.htm

EC Directive on data protection (1995) – Directive 95/46/EC of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (O.J. No. L 281, 23.11.1995, 31), available at http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML

EC Directive on privacy and electronic communications (2002) – Directive 2002/58/EC of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector_ (O.J. No. L 201, 31.07.2002, 37);consolidated version available at http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CONSLEG:2002L0058:20091219:EN:HTML

Decision 2000/520/EC of 26.7.2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbor privacy principles and related frequently asked questions issued by the US Department of Commerce (O.J. L 215, 25.8.2000, 7). Available at http://eur-lex.europa.eu/LexUriServ/site/en/oj/2000/l_215/l_21520000825en00070047.pdf

Norway’s Personal Data Act (2000) – lov om behandling av personopplysninger av 14. april 2000 nr 31; http://www.datatilsynet.no/Global/english/Personal_Data_Act_20120420.pdf

OECD Guidelines on data protection (2013) – Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data,( adopted 23.9.1980) available at

http://www.oecd.org/sti/ieconomy/2013-oecd-privacy-guidelines.pdf

 UN Guidelines on data protection (1990) – Guidelines Concerning Computerized Personal Data Files, adopted 14.12.1990; available at http://www.unhcr.org/refworld/pdfid/3ddcafaac.pdf

Council Framework Decision 2008/977/JHA of 27 November 2008 on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters; available athttp://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2008:350:0060:0071:EN:PDF

Proposal for a Directive on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data (COM/2012/010 final - 2012/0010 (COD), available at http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:52012PC0010:en:NOT

Proposal for a Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (COM/2012/011 final - 2012/0011 (COD)), available at http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf

Published Nov. 18, 2014 10:16 AM - Last modified Nov. 19, 2015 12:43 PM