LL4S4      Half Unit
Digital Rights, Privacy and Security

This information is for the 2023/24 session.

Teacher responsible

Dr Sara Nogueira Silva


This course is available on the LLM (extended part-time), LLM (full-time), MSc in Regulation and University of Pennsylvania Law School LLM Visiting Students. This course is available with permission as an outside option to students on other programmes where regulations permit.

Basic knowledge of EU law is desirable, but not essential, for this course. Students who do not have this background knowledge are advised to do some preparatory reading (2-3 chapters) before the seminar begins.

This course has a limited number of places and demand is typically high. This may mean that you’re not able to get a place on this course.

Course content

Personal data is an important factor of production in data-driven economies, and the processing of personal data can generate significant economic and social benefits. However, personal data processing can also have a detrimental impact on established rights and values, such as autonomy, privacy and data protection. As a result, legal frameworks to regulate personal data processing have been enacted across the world, with the EU legal model used as a blueprint. Yet, despite the development of such legal frameworks, critical questions remain unanswered. For instance, disagreement persists regarding how the balance should be struck between effective data protection and other rights (such as freedom of expression and freedom of information) and interests (such as innovation and national security).

This course will critically evaluate the legal framework applicable to personal data processing. It will be do this predominantly with reference to the EU framework, as this has served as a model for over 100 other jurisdictions. Participants will be introduced to techniques and technologies for monitoring and processing personal data in the information society. In order to bring key issues to life, a number of case studies will be considered, including the application of data protection rules to online behavioural advertising and the use of automated decision-making in the criminal justice context.


This course has 20 hours of teaching content in Autumn Term. Students will usually have two additional hours in the Spring Term. This course includes a Reading Week in Week 6 of Autumn Term.

Formative coursework

All students are expected to contribute to a series of class exercises and to submit one piece of formative work for assessment. 

Indicative reading

• Bygrave: Data Privacy Law: An International Perspective (OUP, 2015)

• Cohen: Between Truth and Power (OUP, 2019)

• Kuner: Transborder Data Flows and Data Privacy Law  (OUP, 2013)

• Lynskey: The Foundations of EU Data Protection Law (OUP, 2015)


Exam (100%, duration: 2 hours, reading time: 15 minutes) in the spring exam period.

This is an open-book exam.

Key facts

Department: Law School

Total students 2022/23: 59

Average class size 2022/23: 30

Controlled access 2022/23: Yes

Value: Half Unit

Guidelines for interpreting course guide information

Course selection videos

Some departments have produced short videos to introduce their courses. Please refer to the course selection videos index page for further information.

Personal development skills

  • Communication
  • Specialist skills