Data Protection Legislation & Ethics
This course aims at studying the main regulatory implications of technology, as well as the EU ethical and legal framework applicable to information technologies, with a focus on the data-driven technologies. It will address issues such as ethical and legal governance, ethical and legal principles and requirements, risk assessment approaches to the design, development, deployment and use of data-driven technologies.
During the course, students will carry out different types of activities. A large part of the learning is acquired outside the classroom, through the autonomous study of the student. This study is complemented with the reading of hard-law and soft-law instruments and case-law, and specialised papers, as well as the preparation and writing of assignments and activities.
Class attendance is essential because there will be several theoretical sessions, necessary for developing the assignments and activities. In addition, a large part of these activities is performed in class hours, and consists of the participation in debates, solving questions related with the main ethical and legal issues that data-driven technologies may pose, and also giving oral presentations.
| Week | Contents | Teaching / learning activities |
|---|---|---|
| 1 | Internet Regulation |
Origin, evolution and future of new technologies. - Regulation of online content in the EU. - Legal regime of ISPs, audio-visual services and telecommunications services. - Net neutrality. - Liability of intermediaries. - Assignment 1. |
| 2 | Data Protection | The EU Data Protection Legal Framework - Case law of the CJEU. An overview of the GDPR and its provisions - EU data transfers to third countries - Assessing the risks: methodology to conduct a data protection impact assessments - Assigment 2. |
| 3 | Ethics | Overview of ethical principles applicable to data-driven technologies – the Artificial Intelligence Act - Conducting ethical and AI impact assessments – Ethical sandboxes as a framework for algorithmic governance - Assignment 3. |
From Monday to Friday.
From 9 a.m. to 12:30 p.m.
The evaluation will consist of 5 different activities:
- Three assignments to be conducted and submitted in class (20% each) at the end of each week
- Submission of all class activities (20%)
- Attendance and participation in class (20%).
The dates for the 3 assignments are 28 June, 5 July and 12 July 2024.
Students who for justifiable reasons have not been able to submit one of the three assignments on the specific date, may have the possibility to do an extra activity under the criteria indicated by the lecturer. The conditions of eligibility for this extra activity are strict and decided on a case-by-case basis. A student who cheats or tries to cheat in an exam will be given a 0. A student who submits a paper or a practical exercise in which evidence of plagiarism can be identified will be given a 0 and will receive a warning. The material and language of the course is English.
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- European Data Protection Board (2020). Guidelines 05/2020 on consent under Regulation 2016/679 (Version 1.1).
- IEEE, Ethically Aligned Design: A Vision for Prioritizing Human Well-being with Autonomous and Intelligent Systems
- High-Level Expert Group on AI, Ethics Guidelines for Trustworthy AI
- Mantelero, Alessandro (2018): “AI and Big Data: A blueprint for a human rights, social and ethical impact assessment”. Computer Law & Security Review, vol. 34, Issue 4, pp. 754- 772.
- Blasi Casagran Cristina (2016): Global data protection in the field of law enforcement: An EU perspective, Routledge. Taylor & Francis Group, Oxfordshire, UK, June 2016. ISBN-10: 1138655384.
- Savin, Andrej (2013): EU Internet Law, Editorial Elgar European Law, Glos (UK), 2013.
Besides this bibliography, the lecturer will provide other appropriate and up-to-date resources, along with legal and soft-law texts. In addition, the lecturer will indicate what pieces are of obligatory reading and study, and what are recommendable.
Links web:
- Handbook on European Data Protection Law
- European Data Protection Supervisor
- Spanish Agency of Data Protection
- Spanish Institute of Cybersecurity
- Spanish Cryptologic Centre
- E.Signature Portal
- Spanish Cybersecurity Law
- Spanish Security Scheme
- WIPO portal
- PCI DSS Law (e-payment)
- ISO 27001 Law
Dr Cristina Blasi is Associate Professor at the Autonomous University of Barcelona (UAB). She is a researcher and lecturer of EU Law, Digital Law and Public Participation in the EU institutions at the UAB. After she completed her Law Degree in 2007, she completed a Masters degree on EU integration (Barcelona, 2008), a LL.M. on EU Law (Saarland, 2009) and a LL.M on Comparative, European and International Laws (Florence, 2011). She completed her Ph.D. in Law at the European University Institute (Florence, 2015), in which she specialised on EU privacy and data protection law. As for her professional experience, she carried out paid internships at the Legal Service of the European Commission (2010), the European Supervisor of Data Protection (2012) and Europol (2013). Dr Blasi has more than 10 years of teaching experience to undergraduate and graduate students at several universities, and she is coordinator of the the H2020 project “IT methods and tools for managing migration FLOWS” (ITFLOWS), and the Research Group 'GLOBAL security, technology and INTErnational Law' (GLOBAL INTEL).
- E-mail: cristina.blasi@uab.cat