LEARNING OBJECTIVES
To learn about the key documents and institutions of European and EU privacy regulation, to understand the GDPR’s scope, applicability, and enforcement, to learn how the GDPR defines personal and sensitive data, to understand the permissible grounds under the GDPR for processing personal data.
Length: Approximately 1 hour
Written by: Professors Daniel J. Solove and Paul M. Schwartz
Instructor: Professor Daniel J. Solove
COURSE DESCRIPTION
This course provides an overview of the European system of privacy law and the key structural elements of the General Data Protection Regulation (GDPR).  The course begins with essential background about the European and EU regulatory systems, which will further understanding of the GDPR. The course introduces the key documents and institutions of European Privacy Law and EU Privacy Law, including the European Convention and EU Charter, as well as the relevant executive, legislative, and judicial entities. The course also discusses the EU Data Protection Directive and other directives. After providing this background, the course then analyzes the structural elements of the GDPR – its scope and applicability, how it defines personal data and sensitive data, the grounds for lawful processing of personal data, how GDPR handles consent, the rules for codes of conduct and certification, and how the GDPR is enforced.
Although this course can stand alone, it is recommended that this course be taken along with its companion course: GDPR and European Privacy Law Part II: GDPR Rights, Obligations, and Data Transfer.Â
CERTIFICATE
To obtain a broad overview of privacy law, to understand the key issues involved, to learn how privacy law works, and to understand the differences and similarities between various privacy laws.
COURSE OUTLINEÂ
About this Course
Introduction
European Privacy Law
Omnibus vs. Sectoral Regulation
Divergence or Convergence?
European Convention on Human Rights
ECHR Article 8
ECHR Article 10
European Court of Human Rights
Council of Europe
Council of Europe Convention on Privacy
European Union Privacy Law
EU Charter of Fundamental Rights
European Court of Justice
Council of the EU
European Parliament
European Commission
EU Data Protection Directive
Other EU Directives
ePrivacy Directive
Data Retention Directive
Law Enforcement Directive
GDPR: Scope and Applicability
Territorial Scope
The Players
Data Subjects
Data Controllers
Data Processors
Supervisory Authorities
European Data Protection Supervisor
European Data Protection Board
.
GDPR: Personal Data and Sensitive Data
Personal Data
Sensitive Data
Pseudonymous Data
GDPR: Lawful Processing of Personal Data
Grounds for Lawful Processing
Consent
Affirmative Consent
Purpose Specification
Consent of Children
Explicit Consent
GDPR: Lawful Processing of Personal Data
Grounds for Lawful Processing
Consent
GDPR: Codes of Conduct and Certification
Codes of Conduct
Certifications
GDPR: Enforcement
Fines
Effective Judicial Remedies
Conclusion
COURSE READINGS
Required Readings
Handout: European and EU Institutions and Regulations
Handout: Types of Data Under the GDPR
Handout: Grounds for Lawful Processing of Data Under the GDPR
Handout: TeachPrivacy, GDPR Whiteboard
Article: Paul Schwartz & Karl Nicholaus Peifer, Transatlantic Data Privacy,
106 Geo. L. J. 115 (2017)
.
Recommended Readings
Article: Paul M. Schwartz & Daniel J. Solove, Reconciling Personal Information in the United States and European Union,
102 Cal. L. Rev. 877 (2014)
LEARNING OBJECTIVES
To learn about the rights of data subjects under the GDPR, to understand the obligations that the GDPR imposes on data controllers and processors, to learn about how the GDPR handles data breach and vendor management, and to understand how data can be transferred across borders.
Length: Approximately 1 hour
Written by: Professors Daniel J. Solove and Paul M. Schwartz
Instructor: Professor Daniel J. Solove
COURSE DESCRIPTION
This course provides an overview of the GDPR’s data protection responsibilities, rights of data subjects, and data transfer requirements and methods. It discusses data subject rights including transparency, access, rectification, erasure, restriction of processing, data portability, and automated decision-making, among others. The course then covers the obligations of data controllers and processors, such as having a Data Protection Officer (DPO), data protection by design and default, records of data processing activities, and data protection impact assessments (DPIA). Additionally, the course covers the GDPR’s rules for data breach notification and vendor management. The course also covers the GDPR’s approach to international data transfer as well as the various mechanisms for such transfer, such as the model contractual clauses, BCRs, and Privacy Shield.
Although this course can stand alone, it is recommended that this course be taken along with its companion course: GDPR and European Privacy Law Part I: The European System and the Structure of GDPR.Â
CERTIFICATE
To obtain a broad overview of privacy law, to understand the key issues involved, to learn how privacy law works, and to understand the differences and similarities between various privacy laws.
COURSE OUTLINEÂ
About this Course
Introduction
GDPR: Rights of Data Subjects
Transparency
Right of Access
Right to Rectification
Right to Erasure
Right to Restriction of Processing
Right to Data Portability
Right to Object
Automated Decision-Making
GDPR: Obligations of Data Controllers and Processors
Data Protection Officer
Security
Data Protection by Design and Default
Records of Data Processing Activities
Data Protection Impact Assessments
When Is a DPIA Required?
What Must a DPIA Contain?
How Should a DPIA Be Conducted?
.
GDPR: Data Breach Notification
GDPR: Vendor Management
International Data Transfer
Adequate Level of Protection
Model Contractual Clauses
Binding Corporate Rules (BCRs)
Privacy Shield
Conclusion
COURSE READINGS
Required Readings
Handout: TeachPrivacy, GDPR Whiteboard
Handout: Rights of Data Subjects Under the GDPR
Handout: Obligations of Data Controllers and Processors Under the GDPR
Handout: EU-US Privacy Shield Principles
Article: Paul Schwartz & Karl Nicholaus Peifer, Transatlantic Data Privacy,
106 Geo. L. J. 115 (2017)
.
Recommended Readings
Handout: TeachPrivacy, GDPR Training Guide