Module Privacy Risk Trust

To learn about the key documents and institutions of European and EU privacy regulation, to understand the GDPR’s scope, applicability, and enforcement, to learn how the GDPR defines personal and sensitive data, to understand the permissible grounds under the GDPR for processing personal data.


Length: Approximately 1 hour

Written by: Professors Daniel J. Solove and Paul M. Schwartz

Instructor: Professor Daniel J. Solove


This course provides an overview of the European system of privacy law and the key structural elements of the General Data Protection Regulation (GDPR).  The course begins with essential background about the European and EU regulatory systems, which will further understanding of the GDPR.  The course introduces the key documents and institutions of European Privacy Law and EU Privacy Law, including the European Convention and EU Charter, as well as the relevant executive, legislative, and judicial entities.  The course also discusses the EU Data Protection Directive and other directives.  After providing this background, the course then analyzes the structural elements of the GDPR – its scope and applicability, how it defines personal data and sensitive data, the grounds for lawful processing of personal data, how GDPR handles consent, the rules for codes of conduct and certification, and how the GDPR is enforced.


Although this course can stand alone, it is recommended that this course be taken along with its companion course: GDPR and European Privacy Law Part II: GDPR Rights, Obligations, and Data Transfer. 

To obtain a broad overview of privacy law, to understand the key issues involved, to learn how privacy law works, and to understand the differences and similarities between various privacy laws.


About this Course
European Privacy Law

Omnibus vs. Sectoral Regulation
Divergence or Convergence?
European Convention on Human Rights

ECHR Article 8
ECHR Article 10

European Court of Human Rights
Council of Europe
Council of Europe Convention on Privacy

European Union Privacy Law

EU Charter of Fundamental Rights
European Court of Justice
Council of the EU
European Parliament
European Commission
EU Data Protection Directive
Other EU Directives

ePrivacy Directive
Data Retention Directive
Law Enforcement Directive

GDPR: Scope and Applicability

Territorial Scope
The Players

Data Subjects
Data Controllers
Data Processors
Supervisory Authorities
European Data Protection Supervisor
European Data Protection Board


GDPR: Personal Data and Sensitive Data

Personal Data
Sensitive Data
Pseudonymous Data

GDPR: Lawful Processing of Personal Data

Grounds for Lawful Processing

Affirmative Consent
Purpose Specification
Consent of Children
Explicit Consent

GDPR: Lawful Processing of Personal Data

Grounds for Lawful Processing

GDPR: Codes of Conduct and Certification

Codes of Conduct

GDPR: Enforcement

Effective Judicial Remedies


Course Outline PDF