Data Governance: Ethical and Legal Issues

This course covers the core elements of data governance, focusing on the regulation of cybersecurity and data protection in EU and related technical and organisational measures, with special emphasis on the GDPR, the NIS 2 Directive, and the AI Act. By combining legal and technical insights, the course explores the complex legal challenges arising from personal data processing, cybersecurity incidents, and AI deployment, with a specific focus on the healthcare sector.
The course also delves into the legal aspects of cybercrime, examining offences such as illegal access, unlawful interception, and computer-related fraud. It analyses key international conventions, including the Council of Europe's Budapest Convention and the new UN Convention on Cybercrime, exploring their criminalisation requirements and the procedural tools they provide for cross-border cooperation.
Other topics covered in the course include compliance obligations in cybersecurity and data protection, as well as tort and criminal liability (including corporate criminal responsibility) for harms arising from the use and development of AI systems. The course will also examine State responsibility for cyberattacks, offering a broader perspective on accountability in the digital era.

Students will learn the legal and technical foundations of cybersecurity and data protection within the EU regulatory framework. They will be able to critically analyse and apply these regulations in complex scenarios involving personal data processing, cybersecurity incidents, and the deployment of AI systems.
Students will develop the ability to:
- analyse compliance obligations and assess cybersecurity and data protection risks in sectors such as healthcare and in relation to emerging technologies like AI;
- identify and evaluate tort and criminal liabilities (including corporate criminal responsibility), arising from data breaches, cyberattacks, or harms caused by AI systems;
- assess the adequacy of technical and organisational measures to mitigate cybersecurity risks;
- interpret international legal frameworks on cybercrime;
- understand State responsibility for cyberattacks within the broader digital accountability landscape.
They will also be prepared to design legally sound and technically feasible strategies for risk management and compliance, using an interdisciplinary and solution-focused approach.