Data Protection Legislation & Ethics
As society becomes increasingly data-driven, understanding the regulatory and ethical implications of emerging technologies, particularly AI and data analytics, is crucial for shaping the future. This course aims to equip students with the knowledge and tools needed to navigate the complex legal frameworks surrounding information technologies. From the ethical challenges posed by artificial intelligence to the legal obligations under EU regulations, students will explore how technology intersects with key principles like transparency, fairness, and accountability.
The course encourages students to critically engage with real-world scenarios and legal cases, fostering an understanding of how data-driven technologies impact society. Through case studies, students will analyse the risks and benefits of these technologies and apply risk assessment frameworks to propose ethically and legally sound solutions.
Students will be expected to produce written assignments, engage in group discussions, and conduct activities on AI regulation and ethical governance. This will include examining EU regulatory tools such as the AI Act and evaluating the implications of emerging tech on privacy, non-discrimination, and safety. The course aims to build both legal insight and ethical sensitivity toward developing and deploying responsible technologies.
Courses generally have little or no prerequisite knowledge required for a given topic, however if students face any doubts, we recommend they contact course professors to clarify.
| Week | Contents | Teaching / learning activities |
|---|---|---|
| 1 | Internet Regulation |
Origin, evolution and future of new technologies, Regulation of online content in the EU, Liability of intermediaries, Legal regime of ISPs, audiovisual services and telecommunications services. . |
| 2 | Data Protection and privacy laws |
Privacy vs security, An overview of the GDPR and its provisions, international data transfers, intellectual property rights, Cybercrimes |
| 3 | AI regulation | Notes on the new Artificial Intelligence Act, Gender, IA and data protection, Conducting AI ethical impact assessments, AI Liability |
From Monday to Friday.
From 9 a.m. to 12:30 p.m.
The evaluation will consist of 5 different activities:
- Three assignments to be conducted and submitted in class (20% each) at the end of each week
- Submission of all class activities (20%)
- Attendance and participation in class (20%).
The dates for the 3 assignments are 27 June, 4 July and 11 July 2025.
Students who for justifiable reasons have not been able to submit one of the three assignments on the specific date, may have the possibility to do an extra activity under the criteria indicated by the lecturer. The conditions of eligibility for this extra activity are strict and decided on a case-by-case basis. A student who cheats or tries to cheat in an exam will be given a 0. A student who submits a paper or a practical exercise in which evidence of plagiarism can be identified will be given a 0 and will receive a warning. The material and language of the course is English.
-
Regulation (EU) 2024/1689 of the European Parliament and of the Council on Artificial Intelligence (Artificial Intelligence Act) and amending certain Union legislative acts
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- European Data Protection Board (2020). Guidelines 05/2020 on consent under Regulation 2016/679 (Version 1.1).
- IEEE, Ethically Aligned Design: A Vision for Prioritizing Human Well-being with Autonomous and Intelligent Systems
- High-Level Expert Group on AI, Ethics Guidelines for Trustworthy AI
- Mantelero, Alessandro (2018): “AI and Big Data: A blueprint for a human rights, social and ethical impact assessment”. Computer Law & Security Review, vol. 34, Issue 4, pp. 754- 772.
- Blasi Casagran Cristina (2016): Global data protection in the field of law enforcement: An EU perspective, Routledge. Taylor & Francis Group, Oxfordshire, UK, June 2016. ISBN-10: 1138655384.
- Savin, Andrej (2013): EU Internet Law, Editorial Elgar European Law, Glos (UK), 2013.
Besides this bibliography, the lecturer will provide other appropriate and up-to-date resources, along with legal and soft-law texts. In addition, the lecturer will indicate what pieces are of obligatory reading and study, and what are recommendable.
Links web:
- Handbook on European Data Protection Law
- European Data Protection Supervisor
- Spanish Agency of Data Protection
- Spanish Institute of Cybersecurity
- Barometer Centro de Investigaciones Sociológicas
- Spanish Cryptologic Centre
- E.Signature Portal
- Spanish Cybersecurity Law
- Spanish Security Scheme
- WIPO portal
- PCI DSS Law (e-payment)
- ISO 27001 Law
Dr Cristina Blasi is Associate Professor at the Autonomous University of Barcelona (UAB). She is a researcher and lecturer of EU Law, Digital Law and Public Participation in the EU institutions at the UAB. After she completed her Law Degree in 2007, she completed a Masters degree on EU integration (Barcelona, 2008), a LL.M. on EU Law (Saarland, 2009) and a LL.M on Comparative, European and International Laws (Florence, 2011). She completed her Ph.D. in Law at the European University Institute (Florence, 2015), in which she specialised on EU privacy and data protection law. As for her professional experience, she carried out paid internships at the Legal Service of the European Commission (2010), the European Supervisor of Data Protection (2012) and Europol (2013). Dr Blasi has more than 10 years of teaching experience to undergraduate and graduate students at several universities, and she is coordinator of the the H2020 project “IT methods and tools for managing migration FLOWS” (ITFLOWS), and the Research Group 'GLOBAL security, technology and INTErnational Law' (GLOBAL INTEL).
- E-mail: cristina.blasi@uab.cat