Privacy Rights, Data Protection in the European Single Markets in the Digital Age, 15 credits

Learning outcomes

Knowledge and comprehension
After completing the course, the student should be able to:

• understand the role of the main actors regarding data protection, including state and non-state actors,
• explain the fundamentals of the legal frameworks and their relevance to data protection,
• identify and independently analyze the interplay between data security and data protection, and
• understand legal rules and policies on privacy and data protection in the context of computer networks and technological developments that enhance and threaten privacy and data protection.

Ability and capacity
After completing the course, the student should be able to:

• independently analyze and discuss legal and ethical implications of data collection, rendition and surveillance,
• explain and analyze the interplay between digital technologies and data protection, and
• independently analyze and discuss the national, European Union and/or international fundamental rights in relation to the right to privacy.

Valuation and perspective
After completing the course, the student should be able to:

• uncover privacy risks and analyze the legal bases for processing personal data under the relevant legal frameworks, and
• critically evaluate the national, European and/or international perspective of data protection.

Content

Digital technologies present an ever-evolving set of online privacy and data protection challenges for States, businesses and individuals to face. Privacy and data protection are multifaceted concepts. Both concepts are becoming more complex with the increasing use of new digital technologies, including artificial intelligence. As a result, new legal instruments have been adopted and implemented to achieve a balance between competing interests on the international arena and within the EU as well as at the national levels. For example, the EU GDPR signified the effective and concrete work of this continuing endeavor to reform the legal framework surrounding data protection. The goal of this course is to provide students with a comprehensive understanding of the legislative framework in these areas. This includes an examination and studying of EU sources such as the GDPR, the e-Privacy Directive, and/or the proposed e-Privacy Regulation. Additionally, the course looks at the international legal frameworks and their roles in enhancing privacy and data protection. In addition, the course will look at privacy and data protection from a comparative lens to enhance a wide understanding of privacy and data protection worldwide.

Examinations and grades

Privacy and Data Protection 1, 7 credits (Code: A001)
Grades used are Fail (F), Sufficient (E), Satisfactory (D), Good (C), Very Good (B) or Excellent (A).

Privacy and Data Protection 2, 5 credits (Code: A002)
Grades used are Fail (F), Sufficient (E), Satisfactory (D), Good (C), Very Good (B) or Excellent (A).

Privacy and Data Protection 3, 3 credits (Code: A003)
Grades used are Fail (U) or Pass (G).

According to the Higher Education Ordinance, Chapter 6, Section 18, a grade is to be awarded on the completion of a course, unless otherwise prescribed by the university. The university may determine which grading system is to be used. The grade must be determined by a teacher specifically nominated by the university (the examiner).

In accordance with university regulations on grading systems for first and second-cycle courses and study programmes (Vice-Chancellor’s decision ORU 2018/00929), one of the following grades is to be used: fail (U), pass (G) or pass with distinction (VG). For courses included in an international master’s programme (60 or 120 credits) or offered to the university’s incoming exchange students, the A to F grading scale is to be used. The vice-chancellor, or a person appointed by them, may decide on exceptions from this provision for a specific course, if there are special grounds for doing so.

The grades used on this course are Fail (F), Sufficient (E), Satisfactory (D), Good (C), Very Good (B) or Excellent (A).

Comments on grades

In order to receive a passing final course grade on the entire course, the grade Pass (G) for the examination Privacy and Data Protection 3 (A003), and the minimum grade Sufficient (E) for both examinations Privacy and Data Protection 1 (A001) and Privacy and Data Protection 2 (A002) are required. The final course grade on the entire course shall be a weighted average of the grades for the examinations Privacy and Data Protection 1 (A001) and Privacy and Data Protection 2 (A002). The grades of the examination forms given to U - G grading scale are not included in the weighing of the final course grade.

Modes of assessment

Privacy and Data Protection 1, 7 credits (Code: A001)
Written exam.

Privacy and Data Protection 2, 5 credits (Code: A002)
Continuous examination.
If a student does not reach the passing grade on a written assignment, but with a limited effort is deemed to be able to reach it, the student may complete the written assignment in accordance with the examiner’s instructions. The supplement shall be completed within five working days from the time the student is assigned the instructions.

Privacy and Data Protection 3, 3 credits (Code: A003)
Written assignment.
If a student does not reach the passing grade on the written assignment, but with a limited effort is deemed to be able to reach it, the student may complete the written assignment in accordance with the examiner’s instructions. The supplement shall be completed within five working days from the time the student is assigned the instructions.

For students with a documented disability, the university may approve applications for adapted or other modes of assessment.

For further information, see the university's local examination regulations.

Specific entry requirements

180 credits at the first level out of which 90 credits with increasing depth within law, including an essay (G2E) of 15 credits. Alternatively, 180 credits at the first level in a Law Programme. Additional requirements: English Course 6/English Course B. (Swedish students)

180 credits at the first level out of which 90 credits with increasing depth within law. Alternatively, 180 credits at the first level in a Law Programme. Additional requirements: English Course 6/English Course B. (Exchange students)

For further information, see the university's admission regulations.

Other provisions

The course is given in English.

Students who have been admitted to and registered on a course have the right to receive tuition and/or supervision for the duration of the time period specified for the particular course to which they were accepted (see, the university's admission regulations (in Swedish)). After that, the right to receive tuition and/or supervision expires.

Reading list and other learning resources

Required Reading

González, Gloria; De Hert, Paul; van Brakel, Rosamunde (eds)
Research Handbook on Privacy and Data Protection Law: Values, Norms and Global Politics
Edward Elgar Publishing

Kuner, Christopher (ed.); Bygrave, Lee A (ed.); Docksey, Christopher (ed.), Drechsler, Laura (ed.)
The EU General Data Protection Regulation (GDPR): A Commentary
Oxford University Press

Yilma, Kinfe
Privacy and the Role of International Law in the Digital Age
Oxford University Press

A comparison of data protection legislation and policies across the EU
Bart Custers, Francien Dechesne, Alan M. Sears, Tommaso Tani, Simone van der Hof, Computer Law & Security Review (Volume 34, Issue 2, April 2018), Pages 234-243.

Additions and Comments on the Reading List

Always the latest edition of the books on the reading list is used.

Some literature can be found online and as E-book.

Additional materials of approximately 500 pages, such as articles, are also part of the required reading.