The Course will be scheduled as follows:
1) Protection of fundamental rights and protection of personal data: lectures about fundamental rights, in the national and European constitutional framework, with particular regard to the evolution of the right to privacy and protection of personal data. The teacher will guide students in reading and examinating the case-law, with reference to the Constitutional Court, the Court of Justice of the European Union and the European Court of Human Rights.
2) Focus on the Privacy Code and the new European regulation: lectures and seminars related to the legislation on protection of personal data, from a theoretical perspective:
- Legislative Decree no. 196/2003: the general principles of the Privacy Code; definition of controller, processor, recipient; transparent information and consent; data subjects' rights; the processing of personal data in the public and private sectors; duties and functions of the Data Protection Authority .
- Regulation on data protection (EU Regulation 2016/679): the approval process; material and territorial scope ; the general principles of processing personal data; protections for special categories of personal data; Relations between data protection authorities and consistency mechanism; principle of accountability (privacy by design and privacy by default, privacy impact assessment, the figure of the data protection officer.
3) Focus on Data Protection Authority: analysis of decision-making and advice of the Data Protection Authority in the most important areas; explanation of the main measures taken by the Authority to introduce safeguards and security measures, including the penalties imposed, in the following areas:
- Public and private health: electronic medical record and medical dossier, authorization on genetic data;
- Internet and electronic communication: spam and the profiling systems;
- Public administration: transparency in the light of the new FOIA;
- Journalism: guarantees for free expression including the relationship with the institutional communication.
4) Law Clinic: advice on legal issues related to data protection to the administration of the University
1) Protection of fundamental rights and protection of personal data: lectures about fundamental rights, in the national and European constitutional framework, with particular regard to the evolution of the right to privacy and protection of personal data. The teacher will guide students in reading and examinating the case-law, with reference to the Constitutional Court, the Court of Justice of the European Union and the European Court of Human Rights.
2) Focus on the Privacy Code and the new European regulation: lectures and seminars related to the legislation on protection of personal data, from a theoretical perspective:
- Legislative Decree no. 196/2003: the general principles of the Privacy Code; definition of controller, processor, recipient; transparent information and consent; data subjects' rights; the processing of personal data in the public and private sectors; duties and functions of the Data Protection Authority .
- Regulation on data protection (EU Regulation 2016/679): the approval process; material and territorial scope ; the general principles of processing personal data; protections for special categories of personal data; Relations between data protection authorities and consistency mechanism; principle of accountability (privacy by design and privacy by default, privacy impact assessment, the figure of the data protection officer.
3) Focus on Data Protection Authority: analysis of decision-making and advice of the Data Protection Authority in the most important areas; explanation of the main measures taken by the Authority to introduce safeguards and security measures, including the penalties imposed, in the following areas:
- Public and private health: electronic medical record and medical dossier, authorization on genetic data;
- Internet and electronic communication: spam and the profiling systems;
- Public administration: transparency in the light of the new FOIA;
- Journalism: guarantees for free expression including the relationship with the institutional communication.
4) Law Clinic: advice on legal issues related to data protection to the administration of the University
Curriculum
teacher profile teaching materials
1. The rules on personal data protection: lectures on fundamental rights, in the national and European constitutional framework, with particular attention to the evolution of the right to privacy and personal data protection. The lecturer will guide students in reading and examining the main provisions of EU Regulation 2016/679 and the main case law, with reference to the Constitutional Court, the Court of Justice of the European Union and the European Court of Human Rights.
In particular, there will be specific focuses on the following topics: purpose and scope; dynamic notion of personal data and the right to informational self-determination; definitions of Art. 4 GDPR; general principles of processing; principle of accountability; principle of privacy by design and privacy by default; subjects of processing; procedures for cooperation between supervisory authorities and consistency mechanism; one-stop shop; transfer of personal data to third countries; obligations of the data controller and data processor; register of processing activities; privacy impact assessment (DPIA) and prior consultation; risk analysis and security policy; data breach management.
2. Specific themes: analysis of specific topics, having regard to the main European and national case law and to the decisional and consultative practice of the Garante per la protezione dei dati personali in the following fields
- Privacy and social networks: relationship between ToS and privacy notice. The legal bases of processing and the choice between consent, contract and legitimate interest. Profiling, automated processing. Online advertising and personal data monetization. Convergence between privacy/antitrust and consumer protection: towards the protection of the digital citizen. Child protection on online platforms.
Cases and issues: Tik Tok, Facebook, WhatsApp, Telegram, Clubhouse, etc. Cyberbullying, sexting and revenge porn.
- Information and right to be forgotten: The processing of personal data in journalism: balancing the right to privacy and freedom of thought. Treviso Charter and ethical rules. Online information and the activity of the Garante. Right to be forgotten: protection of personal identity in relation with the right to memory, updating of information. The Google Spain ruling of the Court of Justice. Freedom of expression and social networks.
- Privacy, marketing and electronic communications: Online data collection through websites and data protection. Legal obligations for providers of electronic communication services: security and data retention. Privacy and unsolicited communications: spam, telemarketing and silent calls. Information requirements and legal basis for promotional activities carried out through automated and non-automated systems. Profiling and marketing. Big data and artificial intelligence. Cookies and other tracking tools. The construction of digital identity.
- Privacy and transparency: The path of anti-corruption and transparency in Italy: from l. 241/1990 to legislative decree 97/2016. The problematic relationship between transparency of administrative action and personal data protection: the processing of personal data by public entities. Documentary access, "simple" civic access and "generalised" civic access in the current regulatory framework. Limits deriving from personal data protection requirements. The rules on publication obligations. The necessary balance between privacy and transparency. Article 22 GDPR (automated decision-making process concerning natural persons). Administrative case law on algorithmic decisions and references to personal data protection.
- Privacy and labor: the regulation of personal data protection in the workplace in the light of the supranational and national regulatory framework. The legal bases of the processing of workers' data. The processing of workers' data for the purpose of managing the employment relationship. Use of technological systems within the employment relationship and remote control of workers' activities (video surveillance, geolocation, e-mail, internet and social networks). New technologies and methods of attendance recording (biometrics).
- Privacy and security: the risk-based approach and security policy. Identification of appropriate security measures. Privacy by design and by default. Anonymisation and pseudonymisation of personal data; The management of personal data breaches. Notification of data breaches to the Garante and communication to data subjects.
3. Practical cases: resolution of practical cases concerning data protection issues.
G. SCORZA, Processi al futuro. Quando la tecnologia ha incrociato il diritto, Milano, Egea, 2020.
Mutuazione: 20110048 Protezione dei dati personali e tutela dei diritti fondamentali-Clinica legale privacy in GIURISPRUDENZA LMG/01 Scorza Guido
Programme
The Course will be scheduled according to the following scheme:1. The rules on personal data protection: lectures on fundamental rights, in the national and European constitutional framework, with particular attention to the evolution of the right to privacy and personal data protection. The lecturer will guide students in reading and examining the main provisions of EU Regulation 2016/679 and the main case law, with reference to the Constitutional Court, the Court of Justice of the European Union and the European Court of Human Rights.
In particular, there will be specific focuses on the following topics: purpose and scope; dynamic notion of personal data and the right to informational self-determination; definitions of Art. 4 GDPR; general principles of processing; principle of accountability; principle of privacy by design and privacy by default; subjects of processing; procedures for cooperation between supervisory authorities and consistency mechanism; one-stop shop; transfer of personal data to third countries; obligations of the data controller and data processor; register of processing activities; privacy impact assessment (DPIA) and prior consultation; risk analysis and security policy; data breach management.
2. Specific themes: analysis of specific topics, having regard to the main European and national case law and to the decisional and consultative practice of the Garante per la protezione dei dati personali in the following fields
- Privacy and social networks: relationship between ToS and privacy notice. The legal bases of processing and the choice between consent, contract and legitimate interest. Profiling, automated processing. Online advertising and personal data monetization. Convergence between privacy/antitrust and consumer protection: towards the protection of the digital citizen. Child protection on online platforms.
Cases and issues: Tik Tok, Facebook, WhatsApp, Telegram, Clubhouse, etc. Cyberbullying, sexting and revenge porn.
- Information and right to be forgotten: The processing of personal data in journalism: balancing the right to privacy and freedom of thought. Treviso Charter and ethical rules. Online information and the activity of the Garante. Right to be forgotten: protection of personal identity in relation with the right to memory, updating of information. The Google Spain ruling of the Court of Justice. Freedom of expression and social networks.
- Privacy, marketing and electronic communications: Online data collection through websites and data protection. Legal obligations for providers of electronic communication services: security and data retention. Privacy and unsolicited communications: spam, telemarketing and silent calls. Information requirements and legal basis for promotional activities carried out through automated and non-automated systems. Profiling and marketing. Big data and artificial intelligence. Cookies and other tracking tools. The construction of digital identity.
- Privacy and transparency: The path of anti-corruption and transparency in Italy: from l. 241/1990 to legislative decree 97/2016. The problematic relationship between transparency of administrative action and personal data protection: the processing of personal data by public entities. Documentary access, "simple" civic access and "generalised" civic access in the current regulatory framework. Limits deriving from personal data protection requirements. The rules on publication obligations. The necessary balance between privacy and transparency. Article 22 GDPR (automated decision-making process concerning natural persons). Administrative case law on algorithmic decisions and references to personal data protection.
- Privacy and labor: the regulation of personal data protection in the workplace in the light of the supranational and national regulatory framework. The legal bases of the processing of workers' data. The processing of workers' data for the purpose of managing the employment relationship. Use of technological systems within the employment relationship and remote control of workers' activities (video surveillance, geolocation, e-mail, internet and social networks). New technologies and methods of attendance recording (biometrics).
- Privacy and security: the risk-based approach and security policy. Identification of appropriate security measures. Privacy by design and by default. Anonymisation and pseudonymisation of personal data; The management of personal data breaches. Notification of data breaches to the Garante and communication to data subjects.
3. Practical cases: resolution of practical cases concerning data protection issues.
Core Documentation
C. COLAPIETRO, Il diritto alla protezione dei dati personali in un sistema delle fonti multilivello. Il Regolamento UE 2016/679 parametro di legittimità della complessiva normativa italiana sulla privacy, Napoli, Editoriale Scientifica, 2018.G. SCORZA, Processi al futuro. Quando la tecnologia ha incrociato il diritto, Milano, Egea, 2020.
Type of delivery of the course
Lectures and activities carried out within the legal advisory office.Type of evaluation
The exam consists of a final oral test. Students are also required to prepare a paper on the topics covered during the course, subject to evaluation as a mid-term exam. teacher profile teaching materials
1. The rules on personal data protection: lectures on fundamental rights, in the national and European constitutional framework, with particular attention to the evolution of the right to privacy and personal data protection. The lecturer will guide students in reading and examining the main provisions of EU Regulation 2016/679 and the main case law, with reference to the Constitutional Court, the Court of Justice of the European Union and the European Court of Human Rights.
In particular, there will be specific focuses on the following topics: purpose and scope; dynamic notion of personal data and the right to informational self-determination; definitions of Art. 4 GDPR; general principles of processing; principle of accountability; principle of privacy by design and privacy by default; subjects of processing; procedures for cooperation between supervisory authorities and consistency mechanism; one-stop shop; transfer of personal data to third countries; obligations of the data controller and data processor; register of processing activities; privacy impact assessment (DPIA) and prior consultation; risk analysis and security policy; data breach management.
2. Specific themes: analysis of specific topics, having regard to the main European and national case law and to the decisional and consultative practice of the Garante per la protezione dei dati personali in the following fields
- Privacy and social networks: relationship between ToS and privacy notice. The legal bases of processing and the choice between consent, contract and legitimate interest. Profiling, automated processing. Online advertising and personal data monetization. Convergence between privacy/antitrust and consumer protection: towards the protection of the digital citizen. Child protection on online platforms.
Cases and issues: Tik Tok, Facebook, WhatsApp, Telegram, Clubhouse, etc. Cyberbullying, sexting and revenge porn.
- Information and right to be forgotten: The processing of personal data in journalism: balancing the right to privacy and freedom of thought. Treviso Charter and ethical rules. Online information and the activity of the Garante. Right to be forgotten: protection of personal identity in relation with the right to memory, updating of information. The Google Spain ruling of the Court of Justice. Freedom of expression and social networks.
- Privacy, marketing and electronic communications: Online data collection through websites and data protection. Legal obligations for providers of electronic communication services: security and data retention. Privacy and unsolicited communications: spam, telemarketing and silent calls. Information requirements and legal basis for promotional activities carried out through automated and non-automated systems. Profiling and marketing. Big data and artificial intelligence. Cookies and other tracking tools. The construction of digital identity.
- Privacy and transparency: The path of anti-corruption and transparency in Italy: from l. 241/1990 to legislative decree 97/2016. The problematic relationship between transparency of administrative action and personal data protection: the processing of personal data by public entities. Documentary access, "simple" civic access and "generalised" civic access in the current regulatory framework. Limits deriving from personal data protection requirements. The rules on publication obligations. The necessary balance between privacy and transparency. Article 22 GDPR (automated decision-making process concerning natural persons). Administrative case law on algorithmic decisions and references to personal data protection.
- Privacy and labor: the regulation of personal data protection in the workplace in the light of the supranational and national regulatory framework. The legal bases of the processing of workers' data. The processing of workers' data for the purpose of managing the employment relationship. Use of technological systems within the employment relationship and remote control of workers' activities (video surveillance, geolocation, e-mail, internet and social networks). New technologies and methods of attendance recording (biometrics).
- Privacy and security: the risk-based approach and security policy. Identification of appropriate security measures. Privacy by design and by default. Anonymisation and pseudonymisation of personal data; The management of personal data breaches. Notification of data breaches to the Garante and communication to data subjects.
3. Practical cases: resolution of practical cases concerning data protection issues.
G. SCORZA, Processi al futuro. Quando la tecnologia ha incrociato il diritto, Milano, Egea, 2020.
Mutuazione: 20110048 Protezione dei dati personali e tutela dei diritti fondamentali-Clinica legale privacy in GIURISPRUDENZA LMG/01 Scorza Guido
Programme
The Course will be scheduled according to the following scheme:1. The rules on personal data protection: lectures on fundamental rights, in the national and European constitutional framework, with particular attention to the evolution of the right to privacy and personal data protection. The lecturer will guide students in reading and examining the main provisions of EU Regulation 2016/679 and the main case law, with reference to the Constitutional Court, the Court of Justice of the European Union and the European Court of Human Rights.
In particular, there will be specific focuses on the following topics: purpose and scope; dynamic notion of personal data and the right to informational self-determination; definitions of Art. 4 GDPR; general principles of processing; principle of accountability; principle of privacy by design and privacy by default; subjects of processing; procedures for cooperation between supervisory authorities and consistency mechanism; one-stop shop; transfer of personal data to third countries; obligations of the data controller and data processor; register of processing activities; privacy impact assessment (DPIA) and prior consultation; risk analysis and security policy; data breach management.
2. Specific themes: analysis of specific topics, having regard to the main European and national case law and to the decisional and consultative practice of the Garante per la protezione dei dati personali in the following fields
- Privacy and social networks: relationship between ToS and privacy notice. The legal bases of processing and the choice between consent, contract and legitimate interest. Profiling, automated processing. Online advertising and personal data monetization. Convergence between privacy/antitrust and consumer protection: towards the protection of the digital citizen. Child protection on online platforms.
Cases and issues: Tik Tok, Facebook, WhatsApp, Telegram, Clubhouse, etc. Cyberbullying, sexting and revenge porn.
- Information and right to be forgotten: The processing of personal data in journalism: balancing the right to privacy and freedom of thought. Treviso Charter and ethical rules. Online information and the activity of the Garante. Right to be forgotten: protection of personal identity in relation with the right to memory, updating of information. The Google Spain ruling of the Court of Justice. Freedom of expression and social networks.
- Privacy, marketing and electronic communications: Online data collection through websites and data protection. Legal obligations for providers of electronic communication services: security and data retention. Privacy and unsolicited communications: spam, telemarketing and silent calls. Information requirements and legal basis for promotional activities carried out through automated and non-automated systems. Profiling and marketing. Big data and artificial intelligence. Cookies and other tracking tools. The construction of digital identity.
- Privacy and transparency: The path of anti-corruption and transparency in Italy: from l. 241/1990 to legislative decree 97/2016. The problematic relationship between transparency of administrative action and personal data protection: the processing of personal data by public entities. Documentary access, "simple" civic access and "generalised" civic access in the current regulatory framework. Limits deriving from personal data protection requirements. The rules on publication obligations. The necessary balance between privacy and transparency. Article 22 GDPR (automated decision-making process concerning natural persons). Administrative case law on algorithmic decisions and references to personal data protection.
- Privacy and labor: the regulation of personal data protection in the workplace in the light of the supranational and national regulatory framework. The legal bases of the processing of workers' data. The processing of workers' data for the purpose of managing the employment relationship. Use of technological systems within the employment relationship and remote control of workers' activities (video surveillance, geolocation, e-mail, internet and social networks). New technologies and methods of attendance recording (biometrics).
- Privacy and security: the risk-based approach and security policy. Identification of appropriate security measures. Privacy by design and by default. Anonymisation and pseudonymisation of personal data; The management of personal data breaches. Notification of data breaches to the Garante and communication to data subjects.
3. Practical cases: resolution of practical cases concerning data protection issues.
Core Documentation
C. COLAPIETRO, Il diritto alla protezione dei dati personali in un sistema delle fonti multilivello. Il Regolamento UE 2016/679 parametro di legittimità della complessiva normativa italiana sulla privacy, Napoli, Editoriale Scientifica, 2018.G. SCORZA, Processi al futuro. Quando la tecnologia ha incrociato il diritto, Milano, Egea, 2020.
Type of delivery of the course
Lectures and activities carried out within the legal advisory office.Type of evaluation
The exam consists of a final oral test. Students are also required to prepare a paper on the topics covered during the course, subject to evaluation as a mid-term exam.