Module: EU Data Protection Law

Latest Module Specifications

Current Academic Year 2025 - 2026

Module Title	EU Data Protection Law
Module Code	LAW1063 (ITS: LG5045)
Faculty	Law & Government	School	Humanities & Social Sciences
NFQ level	9	Credit Rating	10

Description

Europe has been a pioneer in the protection of personal data. From the 1970’s, the Council of Europe, OECD, and the EU have progressively developed a complex body of norms to protect personal data. The EU Charter of Fundamental Rights now recognises a fundamental right to the protection of personal data, which is autonomous from the right to privacy. Numerous high-profile cases on the right to data protection have come before the Court of Justice of the European Union and the European Court of Human Rights. In 2016, the EU has updated its data protection legislation by introducing a general regulation on data protection (GDPR), a single legal instrument which is directly binding in all member states. This module will examine in detail the principles and mechanisms established by the GDPR. It will also provide students with a systematic understanding of the relevant case law and practical training on how to apply general norms to factual situations. The module co-ordinator will offer additional time to computing students, who have not before studied law, and will endeavour to ensure those students have the support necessary to complete the module.

Learning Outcomes

1. Critically assess the relationship between the right to privacy and the right to data protection in Europe.
2. Analyse and have a systematic understanding of the data protection law of the EU, its emergence, evolution and sources, with particular attention to the General Data Protection Regulation.
3. Analyse and have a systematic understanding of the relevant European case law on data protection.
4. Apply fundamental principles of EU data protection law to factual situations.
5. Critically assess the impact of technological change on data protection law.

*Type*	*Hours*	*Description*
Workload	Full time hours per semester
Lecture	24	2 hour lecture, class participation expected
Fieldwork	70	Preparatory readings for lectures and background reading for assessments
Independent Study	156	Research, reading, completeing assessments
Total Workload: 250

Section Breakdown
CRN	10908	Part of Term	Semester 1
Coursework	0%	Examination Weight	0%
Grade Scale	40PASS	Pass Both Elements	Y
Resit Category	RC1	Best Mark	N
Module Co-ordinator	Edoardo Celeste	Module Teacher	John Quinn

Type	Description	% of total	Assessment Date
Assessment Breakdown
Group project	Students on the Law and computing stream will work together on common research project and present it to the class.	20%	n/a
Research Paper	Practical research exercise on EU Data Protection Law	80%	n/a

Reassessment Requirement Type
Resit arrangements are explained by the following categories; RC1: A resit is available for both^* components of the module. RC2: No resit is available for a 100% coursework module. RC3: No resit is available for the coursework component where there is a coursework and summative examination element. ^* ‘Both’ is used in the context of the module having a coursework/summative examination split; where the module is 100% coursework, there will also be a resit of the assessment

Pre-requisite	None
Co-requisite	None
Compatibles	None
Incompatibles	None

All module information is indicative and subject to change. For further information,students are advised to refer to the University's Marks and Standards and Programme Specific Regulations at: http://www.dcu.ie/registry/examinations/index.shtml

Indicative Content and Learning Activities

Indicative content
Introduction to general concepts of law and overview of the Irish and European legal system.

Introduction to the right to privacy; overview of the main case-law in Europe.

The right to the protection of personal data in Europe: emergence, evolution and sources.

The General Data Protection Regulation, analysis of its scope of application and relevant case-law. Material scope of application: the notion of personal data, data subjects, identifiability, privacy by design, anonymization and pseudonymization, particular categories of data (e.g. sensitive data), the notion of processing. Territorial scope of application; extra-territorial application.

Overview of the actors involved: controllers, joint controllers, processors, representatives, data protection officer, third parties, recipients, international organisations, supervisory authorities. Relevant case-law.

Principles relating to processing of personal data: lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, accountability. Relevant case-law.

Legal basis for lawful processing of personal data: consent (conditions, children, special categories of data), contract, legal obligation, vital interests of the data subject, public interest, legitimate interest of a third party. Relevant case-law.

Rights of the data subjects: information obligations, right of access, right to rectification, right to erasure, right to restriction, notification obligations, data portability, automated decision making and profiling. Relevant case-law.

Obligations of controllers and processors: accountability, data protection by design and by default, records, security of processing, data breaches, impact assessment, the role of the data protection officer, codes of conduct, certification.

International data transfers: historical overview, general principle, adequacy decisions, appropriate safeguards, binding corporate rules, standard contractual clauses, derogations. EU-US data transfers: Safe Harbour, the Schrems case, Privacy Shield.

Supervisory authorities: competences, tasks, powers; cooperation mechanisms; consistency mechanism; the European Data Protection Board.

Remedies. Liability and penalties. Overview of Irish data protection law.

Indicative Reading List

Books:

D. Kelleher and K. Murray: 0, 2018, Bloomsbury Professional,

Articles:
None

Other Resources

None