Course: New Data Protection Legislation in the EU

« Back
Course title New Data Protection Legislation in the EU
Course code UAI/634
Organizational form of instruction Lesson
Level of course Master
Year of study not specified
Frequency of the course In academic years starting with an odd year (e.g. 2017/2018), in the winter semester.
Semester -
Number of ECTS credits 2
Language of instruction Czech
Status of course Compulsory-optional
Form of instruction Face-to-face
Work placements This is not an internship
Recommended optional programme components None
Lecturer(s)
  • Neuwirt Karel, RNDr.
Course content
The EU data protection legislation is introduced by the Lisbon Treaty, the Charter of Fundamental rights of the EU, and other legal document (directives). As regards directives the most important are is Directive 95/46/EC (on the protection of individuals with regard to the processing of personal data and on the free movement of such data). While some Directives have already been amended, Directive 95/46/EC hasn't been amended till now, however their principles don't respond to necessities and changes of current society, in particular from technology progress and globalization of data processing view. Both they create new risks to privacy of individuals. In January 2012 the EC introduced its proposal for modernisation of general data protection directive and formed new ideas in the document "Proposal for a Regulation of the European parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)". From the viewpoint of legal power is important that new document is the "Regulation", which means direct applicability of this document, reducing a legal fragmentation and provide greater legal certainty (without changes and modification during transposition process into national legislation). The text of Regulation is directly applicable and unanimously obligatory for each the EU MS. The proposal of a new legal Framework for personal data protection in the EU forms several new principles and rules as well as new obligations for controllers, processors and other bodies who participate in personal data processing. To acquaint with these new principles is necessary in order the subjects process personal data (of in both public and private sectors) be ready effectively apply these principles into daily practice. The aim of changes formed in the proposal of the regulation is strengthening of rights of data subjects, improve quality of data protection, increase responsibility of data controllers and processors, as well as toughen security measures and give new competence to supervisory authorities impose sanction for data protection breaches. The most important proposals are the principle of accountability of data controllers which impose new obligations to them. As example could be mentioned: - analysis of data processing risks to individual's privacy and to maintain relevant documentation (Data protection impact assessment principle); - designation a data protection officer in the institution ; - notication of a breach of security measures to the supervisory authority and/or data subjects; - a systematic and extensive evaluation of risks of data processing to privacy; - principles "privacy by design" and "privacy by default" in each phase of creation new systems for processing of personal data. New legislation for protection of personal data in the EU will require complex knowledge of new legal framework from all persons who assist in a processing of data. The Institute of Applied Informatics (UAI) of the University of South Bohemia at České Budějovice proposes to realize scientific seminars for computer technology and informatics students, as well as representatives from data controllers or processors. The aim of proposed seminars is to inform participants about prepared new legislative framework for the protection of personal data in the EU and its impact to daily practice in the CR.

Learning activities and teaching methods
Monologic (reading, lecture, briefing)
  • Class attendance - 30 hours per semester
  • Preparation for exam - 15 hours per semester
  • Preparation for classes - 10 hours per semester
Learning outcomes
The protection of individuals with regard to the processing of personal data is one of the fundamental rights in the EU. The Charter of Fundamental Rights of the European Union (Article 8 (1)) and the Treaty on the Functioning of the European Union (Article 1 (1)) provide that everyone has the right to the protection of personal data concerning him or her. Rapid technological developments and globalization have fundamentally changed the world around us and have brought new privacy challenges. The progressive digitization of the company has shown that existing legislation can no longer ensure effective protection of an individual's personal data, regardless of the technology used to process the data. The EU faced the challenge of developing a comprehensive and coherent approach guaranteeing full respect for the individual's fundamental right to data protection, both within and outside the EU, while taking into account the challenges posed by globalization and modern technologies. In January 2012, the European Commission presented its ideas and, four years later, the European Parliament and the Council approved a new Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, now known as "GDPR"). From the point of view of the legal force of this document, it is essential that this is a directly applicable EU legislation, i.e. without the need or possibility to transpose it into the national legislation of EU Member States. The EU regulation needs to be implemented directly and its text is uniformly binding for all Member States. The general data protection regulation is a further step in the protection of citizens' privacy. One of the objectives of the regulation is also to ensure the uniform application of data protection rules in the EU Member States, also taking into account the impact of new technologies on the rights and freedoms of persons. The new legal framework introduces a number of new principles and obligations for controllers, processors and other entities involved in the processing of personal data. Natural persons now have access to their data and have the possibility of correcting, deleting or blocking it, unless there are legitimate reasons to prevent it. Students will become acquainted with these principles, duties and rights in these lectures. The amendments formulated in the Regulation are aimed at strengthening the rights of citizens (data subjects), improving the protection of personal information, increasing the responsibilities of controllers and processors, as well as strengthening security measures and strengthening the possibility of imposing sanctions for data protection principles infringements. The most important suggestions include the "Principle of Accountability", which imposes new obligations to data controllers, such as: - Conduct and document the risks of the processing of personal data and the impact on the privacy of individuals; - Obligation to put in place effective procedures and mechanisms to ensure compliance with data protection rules; - Appoint a person responsible for the institution compliance with GDPR; - Report to the supervisory institution or data subjects, as appropriate, breaches of data protection security measures; - Conduct regular audits of the protection of personal data by independent auditors; - Apply the "privacy by design" and "privacy by default" principles at all stages of the design and operation of personal data processing systems. The new EU data protection legislation requires comprehensive knowledge of the persons involved in the processing of personal information. The Institute of Applied Informatics of the Faculty of Science of the University of South Bohemia carries out these specialized seminars for students of computer science and informatics, for representatives of personal data ...
Gaining a general overview of European legislation in the field of personal data protection.
Prerequisites
The course does not require prior knowledge.

Assessment methods and criteria
Seminar work

Attendance for min. 75 %. Submission of a seminar paper on the topic of privacy of individuals
Recommended literature
  • . Protocol amending the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data. (ETS 223), Strasbourg, October 10, 2018..
  • NAŘÍZENÍ EVROPSKÉHO PARLAMENTU A RADY (EU) 2016/679 ze dne 27. dubna 2016 o ochraně fyzických osob v souvislosti se zpracováním osobních údajů a o volném pohybu těchto údajů a o zrušení směrnice 95/46/ES (obecné nařízení o ochraně osobních údajů). (Úř. Věstník EU, L 119, 4. 5. 2016).
  • Návrh NAŘÍZENÍ EVROPSKÉHO PARLAMENTU A RADY o ochraně údajů, COM(2012) 11 final.
  • Směrnice 95/46/ES; Úmluva Rady Evropy č.108; zákon č.101/2000 Sb..
  • Úmluva Rady Evropy (ETS 108) o ochraně osob se zřetelem na automatizované zpracování osobních dat. Štrasburk, 28. 1. 1981. (Sbírka mezinárodních smluv č.115/2001)..
  • Zákon č. 110/2019 Sb., o zpracování osobních údajů..


Study plans that include the course
Faculty Study plan (Version) Category of Branch/Specialization Recommended year of study Recommended semester
Faculty: Faculty of Science Study plan (Version): Applied Informatics (1) Category: Informatics courses - Recommended year of study:-, Recommended semester: -