Skip to Content


Last modified: 31 May 2022 13:30

Course Overview

The course aims to introduce students to the core aspects of privacy and data protection law, exploring its international, European, and national dimension.

The course addresses the role of data privacy regulation in the digital environment, critically discussing key global challenges, such as: international data transfers; the balance between the right to data protection and other fundamental interests; the explainability of artificial intelligence.  

Course Details

Study Type Postgraduate Level 5
Session First Sub Session Credit Points 30 credits (15 ECTS credits)
Campus Aberdeen Sustained Study No
  • Dr Rossana Ducato

What courses & programmes must have been taken before this course?

  • Any Postgraduate Programme (Studied)
  • One of Llm in International Commercial Law with Professional Skills or Master of Laws in International Commercial Law with Dissertation or Master of Laws (General Law)

What other courses must be taken with this course?


What courses cannot be taken with this course?


Are there a limited number of places available?


Course Description

We live in the information society. We produce 2.5 quintillion bytes of data every day through our economic activity, online behaviours, interaction on social media, use of smart objects, and other means. Due to cloud computing and the developments in the field of Big Data, we have the computational resources to extract value from this information.

Still, there are important issues remaining to be discussed:

  • How all this information is processed and governed?
  • Who can use it and for what legitimate purposes?
  • And what rights do we enjoy as “data subjects”?

The right to privacy and the right to data protection offer a first primer for understanding how the law regulates personal information and its free movement.

The knowledge of such areas of the law is crucial not only for becoming aware our digital rights and the fundamental mechanics of the Internet. The processing of personal data is also an essential activity in any business organisation and public institution, creating the need for new figures and legal professions (e.g., the data protection officer).

The course aims to introduce students to the core aspects of privacy and data protection law, exploring its international, European, and national dimension. Against this backdrop, it will tackle the most pressing issues emerging in the policy and doctrinal debate by critically discussing the role of data privacy regulation in the digital environment.  

The course will be divided in two parts. The first one will be dedicated to privacy and data protection law fundamentals, and it will revolve around core topics, such as:

1) The right to privacy and the right to data protection: an international overview.

  • The international legal sources;
  • Privacy and data protection as fundamental rights;
  • The interplay with human rights protection.

2) GDPR (part I): fundamental principles, key concepts, and rationale.

  • Notion of personal data/sensitive data;
  • Lawful grounds for processing;
  • Data subjects’ rights.

 3) GDPR (part II): procedures and remedies.

  • The obligations of the data controller;
  • The Data Protection Impact Assessment (DPIA);
  • The role of supervisory authorities;
  • The system of sanctions.

In the second part of the course, students will be asked to apply their knowledge and critically engage with key global data privacy challenges, such as:

4) International data transfers (after the Schrems II decision and after Brexit);

5) Privacy and Data Protection at the time of Covid-19 (e.g., the legal issues emerging in contact-tracing apps);

6) Explainable artificial intelligence (XAI).

Contact Teaching Time

Information on contact teaching time is available from the course guide.

Teaching Breakdown

More Information about Week Numbers

Details, including assessments, may be subject to change until 31 August 2023 for 1st half-session courses and 22 December 2023 for 2nd half-session courses.

Summative Assessments

Exam 60%

Case Comment 40%


Resit: Exam 100%

Formative Assessment

There are no assessments for this course.

Course Learning Outcomes

Knowledge LevelThinking SkillOutcome
ProceduralUnderstandTo gain knowledge and understanding of the foundations of Privacy and Data Protection Law at the international, European, and UK level.
ProceduralApplyTo apply the knowledge and concepts acquired in concrete case scenarios, such as international data transfer, the explainability of artificial intelligence, sharing data in the public interest.
ReflectionCreateTo communicate orally and in writing information, advice and choices in an effective and persuasive manner.
ReflectionAnalyseTo analyse the conflict between data protection and other fundamental rights and interests.
ReflectionEvaluateTo evaluate the legal implications of emerging technologies, their impact on society, policymaking, and the future of legal professions.

Compatibility Mode

We have detected that you are have compatibility mode enabled or are using an old version of Internet Explorer. You either need to switch off compatibility mode for this site or upgrade your browser.