Privacy, Personal Data Protection and EU General Data Protection Regulation

Print
  • Course Code ΨΣ-ΔΙ-005 Type of Course Mandatory [M]
  • Semester 2nd Semester
  • ECTS Credits 7,5

Learning Outcomes

Within the framework of the course, students will be able to:

  • Demonstrate critical understanding of the relationship between law and digital technologies
  • Understand contemporary legal issues arising from the widespread use of information and communication technologies
  • Be familiar with the concepts of privacy, informational self-determination, and personal data.
  • Have the ability to critically analyze data protection regulations at the national, EU, and international levels, and understand the relationship between technological, legal, and regulatory developments
  • Possess advanced knowledge of the General Data Protection Regulation (GDPR), its adoption framework, data categories, scope of application, legal bases for processing, and processing principle
  • Holistically understand issues related to the rights of data subjects, the roles and responsibilities of data controllers, processors, data protection officers, as well as issues of cross-border flow of personal data and related regulatory models
  • Possess an enhanced critical awareness of the evolving dynamics of knowledge fields related to privacy protection, personal data, cyber security, artificial intelligence, and how these raise new social, cultural, political, and economic issues
  • Possess state-of-the-art specialized scientific knowledge in the subjects of the course as a basis for original thinking and research activities.

Syllabus

  • Introduction to the concepts of private/family life, “home,” and digital equipment, privacy, the right to informational self-determination, and personal data.
  • Evolution of data protection law at international/EU and national levels (Council of Europe Convention 108/EU Directive 95/46/EC, GDPR, Law 2472/97, etc.) – Relationship between technological, legal, and regulatory developments.
  • General Data Protection Regulation (GDPR): Adoption framework (legal, economic, etc. dimensions), concepts, data categories, scope of application.
  • Legal bases for processing (consent, contract, vital interest, legal obligation, public interest, legitimate interest).
  • Principles of processing: lawfulness, fairness, transparency, purpose limitation, data minimization, limited data retention period, accuracy, accountability.
  • Principle of security – Security obligations – Data breaches and transparency notification obligations.
  • Issues of cross-border flow of personal data – Regulatory models/Interstate agreements.
  • Controller’s obligations: Data protection by design/by default – Impact assessment – Data Protection Officer.
  • Data subject rights – Institutional Control – Legal protection.
  • Special issues: processing and protection of personal data for the prevention, investigation, detection, or prosecution of criminal offenses – Directive 2016/680 EU.
  • Special issues: processing and protection of personal data in the context of employment relationships.
  • Special issues: processing and protection of personal data within the framework and for the purposes of the administration of justice.
  • Special issues: processing health data – Relationship with medical confidentiality. Smart health and precision medicine – Wearable health devices.