Skip to main navigation Skip to main content Skip to page footer
Menu

DATA PROTECTION LAW

Optional Module (5 ECTS)

Description

This module explores the legal framework for protecting individuals in relation to the processing of their personal data. It begins with a brief overview of the chronological development of relevant legislation before examining key concepts, roles, and general principles of data protection, tracing the evolution from the Data Protection Directive 95/46 to the EU’s General Data Protection Regulation (GDPR).

The module then provides an in-depth analysis of the GDPR, with particular emphasis on the new rights granted to Data Subjects and the four key obligations introduced for Controllers:

  1. Accountability,
  2. Necessary procedural changes,
  3. System modifications, including the principles of "privacy by design" and "privacy by default", and
  4. Data Protection Impact Assessment (DPIA).

To illustrate the practical application of these principles, case law from the Court of Justice of the European Union (CJEU), the European Court of Human Rights (ECHR), the European Data Protection Board (EDPB), and national Authorities is examined in each session.

Objectives

Upon completion of the course, the students will be able to:

  • identify main areas of Data Protection Law
  • understand and use the main concepts of Personal Data / Data Subject / Processing / Consent / Profiling
  • understand and distinguish the roles of Controller / Processor / Data Protection Officer
  • elaborate on the system of GDPR
  • analyse and critically assess case-law applying GDPR
  • begin to utilise theoretical concepts and insights in order to respond to practical situations

Contents

The following themes will be taught:

  1. Introduction to the Course - History of data protection / legislation - Comparison with the similar concepts (privacy / freedom of information).
  2. The main concepts and actors in Data Protection Law.
  3. The eight principles of Data protection.
  4. The system of protection under the GDPR.
  5. The new rights of Data Subjects.
  6. The new obligations for Controllers.
  7. The new tools for compliance.
  8. Case law.

The module will emphasize on practical questions and implementation of legal regulation. Therefore, following the above taught modules, essays / case studies will be presented in the class. Essays will mainly focus on the analysis and critical assessment of case-law of the CJEU and the ECHR.

Academic Requirements

It is recommended (not required) that participants take IT law course in the winter semester. It is also recommended to have some basic knowledge of technology and the Internet.

Teaching method

The course will run under seminar format, which requires a high degree of student activity. Materials will be distributed in electronic form. Students are expected to have studied each session’s material before class and to actively participate during class.

Lecturers

The course is taught by Professors K. Christodoulou and G. Yannopoulos

Assessment and testing

  • Written exam, open materials (i.e. notes, legislation & case law but not textbooks), 2 hours (70%)
  • Written essay / case study (4000 words) / presentation in the class (30%)

LL.M. COURSES: