LEARNING OBJECTIVES
To learn about the key documents and institutions of European and EU privacy regulation, to understand the GDPR’s scope, applicability, and enforcement, to learn how the GDPR defines personal and sensitive data, to understand the permissible grounds under the GDPR for processing personal data.
Length: Approximately 1 hour
Written by: Professors Daniel J. Solove and Paul M. Schwartz
Instructor: Professor Daniel J. Solove
COURSE DESCRIPTION
This course provides an overview of the European system of privacy law and the key structural elements of the General Data Protection Regulation (GDPR).  The course begins with essential background about the European and EU regulatory systems, which will further understanding of the GDPR. The course introduces the key documents and institutions of European Privacy Law and EU Privacy Law, including the European Convention and EU Charter, as well as the relevant executive, legislative, and judicial entities. The course also discusses the EU Data Protection Directive and other directives. After providing this background, the course then analyzes the structural elements of the GDPR – its scope and applicability, how it defines personal data and sensitive data, the grounds for lawful processing of personal data, how GDPR handles consent, the rules for codes of conduct and certification, and how the GDPR is enforced.
Although this course can stand alone, it is recommended that this course be taken along with its companion course: GDPR and European Privacy Law Part II: GDPR Rights, Obligations, and Data Transfer.Â
CERTIFICATE
To obtain a broad overview of privacy law, to understand the key issues involved, to learn how privacy law works, and to understand the differences and similarities between various privacy laws.
COURSE OUTLINEÂ
About this Course
Introduction
European Privacy Law
Omnibus vs. Sectoral Regulation
Divergence or Convergence?
European Convention on Human Rights
ECHR Article 8
ECHR Article 10
European Court of Human Rights
Council of Europe
Council of Europe Convention on Privacy
European Union Privacy Law
EU Charter of Fundamental Rights
European Court of Justice
Council of the EU
European Parliament
European Commission
EU Data Protection Directive
Other EU Directives
ePrivacy Directive
Data Retention Directive
Law Enforcement Directive
GDPR: Scope and Applicability
Territorial Scope
The Players
Data Subjects
Data Controllers
Data Processors
Supervisory Authorities
European Data Protection Supervisor
European Data Protection Board
.
GDPR: Personal Data and Sensitive Data
Personal Data
Sensitive Data
Pseudonymous Data
GDPR: Lawful Processing of Personal Data
Grounds for Lawful Processing
Consent
Affirmative Consent
Purpose Specification
Consent of Children
Explicit Consent
GDPR: Lawful Processing of Personal Data
Grounds for Lawful Processing
Consent
GDPR: Codes of Conduct and Certification
Codes of Conduct
Certifications
GDPR: Enforcement
Fines
Effective Judicial Remedies
Conclusion
COURSE READINGS
Required Readings
Handout: European and EU Institutions and Regulations
Handout: Types of Data Under the GDPR
Handout: Grounds for Lawful Processing of Data Under the GDPR
Handout: TeachPrivacy, GDPR Whiteboard
Article: Paul Schwartz & Karl Nicholaus Peifer, Transatlantic Data Privacy,
106 Geo. L. J. 115 (2017)
.
Recommended Readings
Article: Paul M. Schwartz & Daniel J. Solove, Reconciling Personal Information in the United States and European Union,
102 Cal. L. Rev. 877 (2014)