Data Protection Law

A.Y. 2019/2020
Overall hours
Learning objectives
The teaching pursues the primary objective of offering students the opportunity to study the rules in a strategic sector of today's society. The knowledge of the new rules on the protection of personal data is destined to become a key competence in the workplace both in the private sector and in the public sector.
The teaching methodology is necessarily multidisciplinary while moving from a constitutional legal approach.
The expected impact is to develop a good basic knowledge of data protection rules and to highlight the challenges that are looming on the horizon with particular reference to the development of artificial intelligence.
Expected learning outcomes
At the end of the course students should have acquired: knowledge and understanding of the fundamental legal concepts of data protection; autonomous ability to read the new European regulatory standards; ability to understand the goals and technological motivations that led to their adoption; ability to understand the implementation logic of the new regulatory framework. The final exam aims to ascertain the results achieved in terms of learning, acquisition of specialized language as well as in terms of putting the rules into practice in small matters.
Course syllabus and organization

Single session

Lesson period
Second trimester
Course syllabus
I - Introduction. The evolution of the concept of privacy and the EU regulatory framework; Foundation, decision making process and material scope of Regulation 2016/679; Definitions for the purposes of the Regulation; The relevant data subjects; Territorial scope; Principles relating to processing of personal data; Conditions for consent; Processing of special categories of personal data; The privacy statement; Rights of the data subject; Right to erasure ('right to be forgotten'); General obligations of controllers and processors.
II - Data Protection Officer ("DPO"), Data security and Data breach; The Member States' Independent Supervisory Authorities and the European Data Protection Board; Competence, tasks and powers, Remedies and penalties; Transfers of personal data to third countries. Transfer to non-EU countries; New technologies and personal data protection; Data Processing for Journalistic Purposes. IA and Data protection
Prerequisites for admission
Due to the specificity of the subject it is preferable for Communication and Society students to have already taken the Information and Constitution exam.
For students of other degree courses it is preferable to have already taken the exam of Public Law (or related Constitutional Law, Institutional Public Law) or Private Law.
Teaching methods
The course is divided into lectures and seminar lessons.
The lessons are accompanied by slides
Teaching Resources
F. Pizzetti, Intelligenza artificiale, protezione dei dati personali e regolazione, Giappichelli, Torino, 2018
Assessment methods and Criteria
Attending students can take the exam in writing on the basis of two partials that will be held in the middle and at the end of the course. Both partials will be composed of multiple choice questions and one open ended question. The aim is to verify the argumentative and reasoning ability.
For non-attending students, the exam is oral. The oral exam consists of an interview on the scheduled topics, aimed at ascertaining the student's preparation and argumentative ability
IUS/08 - CONSTITUTIONAL LAW - University credits: 6
Lessons: 40 hours
Professor: Orofino Marco
Educational website(s)