BI450 – Data Protection/GDPR: Legal & Ethical Dimensions
Master of Science in Financial Law and International Taxation
Core Course
BI450 – Data Protection/GDPR: Legal & Ethical Dimensions
Course Unit Code: BI450
Type Of Unit: Elective
Level of Course Unit: Second cycle
Year of Study: First / second
Semester: -
Number of ECTS Credits: 3
Class Contact Hours: 14
Mode of Delivery
Face to Face
Prerequisites
None
Course Objectives
The course studies legal rules on data protection—i.e., a set of norms which specifically govern the processing of data relating to persons (personal data) in order to protect, at least partly, the privacy and related interests of those persons. Outside Europe, such norms tend to be described in terms of protecting “privacy”, “information privacy”, or increasingly, “data privacy”. The main focus is on European and international codes, primarily the European Convention on Human Rights and Fundamental Freedoms (ECHR) Article 8 and Directive 95/46/EC, along with case law pursuant to these instruments. Special attention is also given to Directives 2002/58/EC and 2006/24/EC, and to Cyprus law. The latter is used to illustrate how the international codes are nationally implemented. The themes taken up in the course may be summed up with the following key-words: privacy, data protection, surveillance, Internet, cyberspace, encryption, freedom of expression. Students should therefore gain profound insights into the numerous regulatory challenges in the field. Further, students should critically approach the increasing potentialities for technological development to both threaten and enhance privacy protection.
Learning Outcomes
- What personal data means, which represents all types of information related to the private life of a person, such as the home address or personal phone number, the bank account, e-mail address and many others. Special mention will be made to what the Cypriot legislation prescribes as definitions of the “sensitive data”. The term refers to personal information related to a persons’ ethnicity, political orientation, health, sexual orientation or religion.
- The ways in which personal data can be collected, processed and transferred. More specifically, the course seeks to illuminate the rationale and regulatory logic of such policies along with the various technological challenges that they face.
- Legal-regulatory issues related to freedom of expression, the increasing automatization of decision- making processes, the increasingly cross-national character of organisational transactions, and the interaction of legal norms with the regulatory effects of IT and other non-legal instruments, such as sectoral codes of practice.
- The main authority which controls the enforcement of the data protection law is the Office of the Commissioner for Personal Data Protection. Business entities which need to act as data controllers in Cyprus are required to register with the Office of the Commissioner for Personal Data Protection and the procedure is compulsory for all types of data controllers. This involves critically analysing and challenging the assumptions upon which the rules are based, and discussion of alternative regulatory possibilities.
Course Content
Course Features
Planned learning activities and teaching methods
Lectures; in-class discussions and exercises; team work; role-play (ethical dilemma simulation); video case studies
Assessment methods and criteria
10% Class participation
30% Group Assignments & Class Participation
60% In-class examination
Language of Instruction
English
Work Placement(s)
Not applicable
Readings
Required:
1. Moreham, NA . Protection against Intrusion. In Mark Warby QC, Nicole Moreham and Iain Christie Tugendhart and Christie The Law of Privacy and the Media (eds) (2nd ed), Oxford University Press, Oxford, 2011.
2. Moerel, E. Binding corporate rules: Fixing the regulatory patchwork of data protection. Amsterdam, 2011.
Recommended:
3. Craig, P. P., & B rca, G.. EU law: text, cases, and materials. Oxford: Oxford University Press, 2011.
English (UK) 
Ελληνικά