This course is part of the ‘cyber security essentials’, open for all Security Studies and Informatics bachelor students.
Data protection and privacy are all too often confused and interchangeably used, although they are two different terms and also different rights. From the perspective of governance, this course will explain these differences and why that matters. Further, this course will dissect the notion of data protection and zoom in on all its components, what they mean, what the applicable governance framework is and what the enforcement and consequences are. The course has an introductory level and reading material is of an introductory nature but students are expected to have experience with independent study.
As components of data protection, the definitions of the basic elements (such as personal data, data processing and consent) will be dealt with as well as the principles governing data processing: the purpose limitation principle and the data retention principle. The governance framework, the policy documents and the relevant case law in the EU and the Council of Europe will be our guideline but a comparative exercise will be made with the data protection governance from other countries and regions such as the US, South America and Asia. Also data exchange between these different jurisdictions will be studied.
The course will study how data breaches are dealt with from a governance point of view and which factors play a role (role of data protection authority and data protection officer, type of organization, risk mitigation, data processing activities, etc.) in organizing data security. The theory will be illustrated with real-life cases where the applicable data protection governance framework has lead to specific consequences such as fines or required adjustments to the data processing activities of an organization.
An important part of the course will be dedicated to the tensions that arise when data protection needs to be balanced against other important interests such as the suppression of criminal offences, national security, public health and economic interests.
After successful completion of this course, students will:
have acquired knowledge and understanding of the right to data protection, the right to privacy and the difference between both;
have acquired knowledge of definitions, key principles, governance frameworks and the enforcement of data protection;
have acquired knowledge and understanding of how data breaches and data security are dealt with from a governance point of view;
be able to identify and assess differences between European data protection governance and other data protection frameworks;
be able to think independently, responsibly and critically about case law and policy on data protection and about the tensions that exist between data protection and other interests.
Check MyTimetable and use your ULCN account to login.
You will find the timetables for all the courses and degree programme in MyTimetable. This enables you to create a personal timetable. Any teaching activities that you have registered for in uSis will automatically be displayed in your timetable. Any timetables that you add will be saved and automatically displayed the next time you sign in.
Check MyTimetable (manual) and use your ULCN account to login.
Mode of instruction
7 (interactive) lectures of 3 hours each.
Attendance is mandatory.
Written individual assignment
*Grade must be compensated
*resit not possible
70 % of final grade
*Grade must be 5.50 or higher to pass the course
*Resit of a fail is possible.
*Resit will take the same form
The calculated final grade must be at least 5.50 to pass the course.
See under description how to enroll for the minor.
Dr. Els De Busser
Registration for courses is via uSis. When you register for a certain course here, you automatically receive access to the environment of this course via Brightspace.
This course takes place in The Hague.
All sessions will be in English.
All assignments and exams need to be written in English.