Privacy and Data protection - GDPR - Master

Postgraduate course

Course description

Objectives and Content

The course studies legal rules on data protection, that is a set of norms that govern the processing of personal data with the view of protecting the privacy of individuals whose data is being processed. The EU General Data Protection Regulation 2016/679 (GDPR) defines personal data as any information relating to an identified or identifiable natural person such as a name, an identification number, location, an online identifier or any factor specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. Given the digital technologies' encroachment into our lives, the right to privacy and the protection of personal data have become crucial to both individuals, communities and businesses. A proper understanding of the rules governing data protection is now also necessary when working with other fields of law such as administrative law, EU/EEA competition law, public procurement, intellectual property law, health law or labour law.

As regards the rules governing data protection, this course focuses on the GDPR, a landmark in both data protection law and EU/EEA law, the European Convention on Human Rights and Fundamental Freedoms (ECHR) Article 8, the EU ePrivacy Directive (Directive 2002/58/EC) and the relevant case law from the Court of Justice of the EU and the European Court of Human Rights. Students are also made aware of the necessity of consulting national legislation that supplements the GDPR.

The course provides students with a thorough knowledge of the principles governing the processing of personal data, the GDPR's territorial and material scope, rights and obligations of data subjects (i.e. individuals whose personal information is processed), controllers (natural or legal persons determining the purposes and means of the processing of personal data), processors (natural or legal person that processes personal data on behalf of the controller), Data Protection Authorities in the EU/EEA, such as the Norwegian Data Protection Authority (Datatilsynet) and the European Data Protection Board (EDPB), that issues guidelines on interpreting the GDPR.

Students will learn about the legal grounds for processing personal data, including sensitive types of such data, special considerations regarding the processing of personal data of children, data protection rules applicable in the context of employment, exceptions concerning academic, journalistic and research activities, and requirements concerning transfers of personal data to third countries, that it outside EU/EEA.

Special attention is also given to data protection issues raised by the use of Artificial Intelligence, such as the legality of technologies involving automated individual decision-making and profiling. The course also covers such topics as freedom of speech and the "right to be forgotten", global surveillance in situations such as the outbreak of COVID-19 or data protection risks raised by such technologies as face recognition.

During the course the students are encouraged to identify privacy and data protection issues that are raised in other fields of law such as the above-mentioned administrative law, EU/EEA competition law, public procurement, intellectual property law, health law or labour law.

Learning Outcomes

Knowledge

By the end of the course, the students have a solid knowledge and understanding of legal policies on privacy and data protection, particularly in the context of the rapid process of digitalization, implementing Artificial Intelligence solutions in both public and private sectors, not to mention the distributed computer networks such as the Internet.

The students have a solid knowledge and understanding of the principles, rules and logic governing the GDPR and its role in the EU's policy on digitalisation.

The students have a thorough knowledge of the interplay between the GDPR and national regulations on data protection as well as other fields such as labour law.

Skills

Given the two-fold aim of the GDPR, that is the protection of personal data and contributing to the accomplishment of the EU/EEA internal market, the students are able to correctly balance the right to data protection with other rights, freedoms and interests.

The students are able to apply the GDPR provisions to technologies that could not have been specifically addressed by the GDPR when it was adopted in 2016.The students can communicate the results of their work both orally and in writing.

The students are able to detect and formulate the relevant data protection issues when presented with a case, identify the relevant legal provisions (international and national, if applicable), and apply them in a correct way. They are also able to provide arguments in favour of their assessment.

The students can update the acquired knowledge.

General competence

By the end of the course, students are expected to engage in critical assessment of the GDPR, including its abstract terms and vagueness that are still waiting for the interpretation by the EU Courts and challenges created by new technologies or unexpected events such as the COVID-19 outbreak.

The students are familiar with working in a timely and efficient manner in groups involving persons from different legal cultures and with different background, including persons with no legal education, as well as present the results of their work.

The students can apply their knowledge on data protection issues in other fields of law.

ECTS Credits

10 ECTS

Level of Study

Master level

Semester of Instruction

Spring

Place of Instruction

Faculty of Law, University of Bergen.
Required Previous Knowledge
Three years of law studies.
Recommended Previous Knowledge
Good level of English language.
Credit Reduction due to Course Overlap

Combined with JUS294-2-A Privacy and Data Protection - GDPR or JUS2303 Privacy and Data Protection - GDPR, this course will generate no new credits.

Emnet er særlig godt egnet i kombinasjon med

JUS2305/JUS3505 Law, Regulation, and Technology

Access to the Course

The course is available for the following students:

  • Admitted to the five-year master programme in law
  • Admitted to the two-year master programme in law
  • Admitted to the Master of Laws (LLM) in EU and EEA Law
  • Exchange students at the Faculty of Law

The pre-requirements may still limit certain students' access to the course.

The number of students which can be admitted to the course is limited to 30. Of the 30 places, 15 is initially reserved for students from the two-year and five-year master programmes in law (MAJUR, MAJUR-2), while 15 places are offered to international exchange students at the Faculty of Law. If the number of applicants exceeds capacity, admission will be decided by way of lottery within each category of students.

The number of places for each category of students will be adjusted from 2024/2025 onwards to include students admitted to the Master of Laws (LLM) in EU and EEA Law.

Teaching and learning methods

Lectures and seminars

Teaching involves: 9 ordinary lectures during which students are presented with theory and its application (short assignments), one lecture dedicated to a presentation of student projects that had been developed by TekLab/Media City Bergen students, two master class seminars with an assigned supervisor that assists students in their work on the chosen project.

Active participation by the students is expected and necessary. This includes lectures, seminars, group work and activities related to project design and development.

The lectures combined with self-studying are the first step in the learning process that provide knowledge of data protection law and policies.

The seminars and group work promote active learning that allows for applying the theoretical knowledge in practice, makes the learning process both more effective and more efficient and develop the skills as described previously.

Students learn not only how to use the knowledge they already have, but also how to acquire more knowledge by using relevant sources and through cooperation with others.

The lectures combined with self-studying are the first step in the learning process that provide knowledge of data protection law and policies.

The seminars and group work promote active learning that allows for applying the theoretical knowledge in practice, makes the learning process both more effective and more efficient and develop the skills as described previously.

Students learn not only how to use the knowledge they already have, but also how to acquire more knowledge by using relevant sources and through cooperation with others.

Compulsory Assignments and Attendance

Participating in the lecture with presentation given by TekLab/Media City Bergen students.

Participating in the two master class seminars.

Forms of Assessment

Submitted and approved group assignment (report) and a final individual oral exam.

The two parts will count 49 and 51% (respectively) toward the final grade.

Grading Scale
A-to E for passed, F for failed.
Assessment Semester
Spring
Reading List
The reading list will be ready 1 December for the spring semester.
Course Evaluation
According to the administrative arrangements for course evaluation at the Faculty of Law
Examination Support Material

See section 3-8 of the¿Supplementary Regulations¿for Studies at the Faculty of Law at the University of Bergen.

In addition: A printed out copy of the GDPR (in English) will be provided by the Faculty of Law for the exam.

¿

Special regulations about dictionaries:

  • According to the Regulations for Studies, one dictionary is permitted support material during the examination. Bilingual dictionaries containing for example¿both¿Norwegian-English and English-Norwegian are considered as one dictionary.
  • Bilingual dictionaries to/from the same two languages - for example Norwegian-English/English-Norwegian - in¿two¿different volumes are also considered as one dictionary (irrespective of publisher or edition).
  • Dictionaries as described above cannot be combined with any other types of dictionaries.
  • Any kind of combination which makes up¿more than¿two physical volumes is forbidden.

In case a student has a special need for any other combination than the above mentioned, such combination has to be clarified with/approved by the course coordinator¿minimum two weeks¿before the exam. Students who have not been granted permission to have a special combination¿minimum¿two weeks¿before the exam will be subject to the¿usual regulations¿(Section 3-5) about examination support materials.

Programme Committee
The Academic Affairs Committee (Studieutvalget) at the Faculty of Law is responsible for ensuring the material content, structure and quality of the course.
Course Coordinator
Associate Professor Malgorzata Agnieszka Cyndecka
Course Administrator
The Faculty of Law¿s section for students and academic affairs (Studieseksjonen) is responsible for administering the programme.