EU Data Protection Law

Taught by Professor Paul M. Schwartz
Thursday, May 12, 2017 in Washington, DC
CLE credit is available


Course Description

This course will examine privacy law in the European Union. Professor Schwartz will analyze the regulatory principles of EU data protection law. The course includes a comprehensive look at the major building blocks of EU privacy law and a deeper dive into topics of the greatest practical importance for US privacy lawyers.   Professor Schwartz will explain the historical roots of EU law, the conflict between the EU and US around international data transfers, and the latest important developments in this area. This course also discusses the available means for companies to meet the EU’s adequacy standard for private sector transfers of personal data from the EU to the US. It will examine the GDPR in depth and the different obligations that it places on U.S. companies that wish to do business in the EU. This examination will consider its jurisdictional scope, its requirements for Data Protection Officials, data breach notification, and its other significant aspects.


Course Objectives

  1. To develop a deep understanding of the comparative differences and similarities between the approaches to information privacy in the EU and U.S.
  1. To learn about the role of constitutional courts and of different EU agencies.
  1. To learn about the interplay between the European Union law and the data protection law in its Member States.
  1. To learn about the ways in which both omnibus and sectoral laws in the EU regulate European data protection.
  1. To explore the most important aspects of the Data Protection Directive, effective until 2018, and the General Data Protection Regulation, which takes effect on May 25, 2018.
  1. To be able to determine how various products, services, and practices might trigger EU privacy laws.
  1. To understand obligations of U.S. companies that enter into the Privacy Shield.
  1. To understand how various EU privacy laws apply to concrete situations and how to facilitate compliance with these laws.


Course Outline

PART I: EU Privacy Law Foundations

  1. Introduction: Data Protection as a Human Right
  2. EU Institutions and Key Regulations
  3. Defining “Personal Data”
  4. The EU’s Fair Information Practice Principles (FIPPs)


PART II: Overarching Themes in EU Privacy Law

  1. The General Data Protection Regulation
  2. Sectoral Laws in an Omnibus System
  3. Enforcement Methods and Practices
  4. The Remaining Role for Member State Law
  5. EU Law in Practice


PART III: International Data Transfers

  1. The Adequacy Requirement
  2. The Privacy Shield
  3. Binding Corporate Rules
  4. Model Contractual Clauses
  5. The Role of Brussels, the Role of Member States

Advance Reading Assignments

Daniel J. Solove & Paul M. Schwartz, International Privacy Law (stand-alone chapter from Information Privacy Law casebook)

The General Data Protection Regulation (GDPR)


Evaluation and Certification (Optional)

Take home essay exam to evaluate proficiency in identification of issues and practical application of law.


About Professor Paul M. Schwartz

Paul Schwartz is a leading international expert on information privacy law. He is the Jefferson E. Peyser Professor at UC Berkeley School of Law and a Director of the Berkeley Center for Law and Technology. Schwartz is also a Special Advisor at Paul Hastings, where he works in the Privacy and Data Security Practice.

Schwartz has testified before Congress and served as an advisor to the Commission of the European Union and other international organizations. He assists numerous corporations and international organizations with regulatory, policy, and governance issues relating to information privacy. He is a frequent speaker at technology conferences in the United States and abroad.

Schwartz is the author of many books, including the leading casebook, Information Privacy Law, and the distilled guide, Privacy Law Fundamentals, each with Daniel Solove. His over fifty articles have appeared in journals such as the Harvard Law Review, Yale Law Journal, Stanford Law Review, and Chicago Law Review. Fluent in German, he contributes to German legal reviews.

Schwartz is co-reporter of the American Law Institute’s Restatement of Privacy Law Principles. He is a past recipient of the Berlin Prize Fellowship at the American Academy in Berlin and a Research Fellowship at the German Marshall Fund in Brussels. He is an organizer of the Privacy + Security Forum.

Schwartz is also a recipient of grants from the Alexander von Humboldt Foundation, Fulbright Foundation, the German Academic Exchange, and the Harry Frank Guggenheim Foundation. He is a member of the organizing committee of the Privacy Law Salon and of the American Law Institute.

Course Fees

Course Fee Exam & Certificate Fee
Regular $999 $299
Academic / NGO / Government / Independent (paid for personally rather than by an institution) $599 $299