The course promotes an in-depth analysis of one of the most challenging and multidisciplinary legal topics of the time. The course addresses students with different backgrounds such as law, economics, statistics, digital and engineering management, marketing and advertising, PR and further sectors intensely affected by the employment of personal data, who intend to develop the knowledge and the attitude of privacy compliance in their activities. There will be lectures, presentations of case studies, interviews to experts and professionals who deal on a daily base with both theoretical and practical issues produced by the implementation of data protection legislation in current market practices. Data flows are nowadays the actual fuel of economical, political and social research and strategical planning, providing continuous and rich information about singular profiles of present or potential customers, electors and stakeholder and with a thorough detail and update degree. On the other hand, such a deepened scrutiny has its severe repercussion on the side of data subjects trying to defend private information about themselves against illegitimate excessive intrusions. Innovation and technologies like big-data and AI represent unmissable chances for businesses, enterprises and governments, but also a permanent menace towards the rights and the liberties of individuals. Contemporary data protection legislations are specifically aimed to balance the reasonable needs of the market with the impact of digital technologies over personalities. The goal of the course is to give a thorough overview of the European General Data Protection Regulation (GDPR), its principles, its rules, its implementations method, its risk-based approach and the activity of the institutions it calls on. The analysis will focus on the pivotal concept of “accountability” of data controllers and processors, the very keystone of the brand-new data protection legal system, which specifically requires aware and responsible actors. The confrontation with realities dealing with the necessity to manage the fulfillment of practical needs in term of data processing within a strict legal framework will grant the students the development of that then-intuitive sensitiveness to the data protection compliance as one of the most precious strategical assets of an enterprise. Data governance is made of the ability both of mining and interpreting salient information but most of all being able to give an account of one’s choices when it comes to design data processing in order to minimize the risk of unnecessary or disruptive interference with another one’s personal and intimate life. Another goal of the class is to study and understand the different approaches towards data flows regulation held by Europe’s commercial partners overseas and how the profound conceptual distinction between “privacy” and “data protection” still affects them. Comparison will be an integral part of the teaching method for this subject. Students will also be presented with all the draft Acts of the EU Digital Package (DSA, DMA, DGA, Data Act, AI Regulation, and Privacy Regulation) currently under discussion in Brussels as fundamental elements of the future European legal framework of digital. environment. In addition, students will be presented with studies and applications of the most disruptive technologies and their impact on the future of data protection.

Knowledge and understanding: By the end of the course, students should be able to: • know all the principles and concepts applying to data control and processing; • follow-up the non-stop engineering innovation in data processing and comprehend the significant characteristics of relevant technologies such as the application of big-data and AI technologies in several business sectors; • master the tools and the institutions compatible with the new legal framework regulating data protection. Applying knowledge and understanding: Upon completing the study program, students will be able to: • assess the impact of data processing towards the right and liberties of data subjects; • elaborate and plan different privacy-by-design and privacy-by default solutions depending on specific processing purposes and situations; • effectively communicate and work, as an expert in data protection issues. Making judgements: Upon completing the study program, students will be able to: • apply the rules required by specifical data processing schemes; • recognize data protection risks within a processing and identify proper and effective measures to minimize them; • prepare original reports and impact assessment of specifical data processing simulations. Communications Skills: Upon completing the study program, students will be able to: • develop the ability to communicate in written form through completing the assignment and oral form through the final exam and the class debate; • use the notions and the communication of data protection law; • develop the ability to provide legal advice to data controllers and processors. Learning skills: Upon completing the study program, students will be able to: • build an analytic toolbox from data protection and privacy regulations; • solve problems in dynamics settings and develop critical positions. This ability will be acquired through: class participation, class debate, and research carried out for the drafting of the written assignment.

I. Privacy and Personal Data Protection fundamentals II. The GDPR discipline III. Comparative Privacy and Data Law around the Globe IV. Other relevant EU legislation on the governance of the digital environment. V. Technological, political and economical challenges for Data Protection

In order to have a general and analytical view on data protection law and the impact of digital technology on individual rights, students can refer to: Council of Europe, European Court of Human Rights, European Data Protection Supervisor, European Union Agency for Fundamental Rights, 2018, Handbook on European Data Protection Law, EU Publications, Luxembourg, available at https://op.europa.eu/en/publication-detail/-/publication/5b0cfa83-63f3-11e8-ab9c-01aa75ed71a1/language-en A book of the following chosen by the individual student: (TBD) Students are also expected to read the papers/articles assigned each week as well as the EDPB Guidelines indicated during the lessons and selected case law of the European Court of Human Rights and the Court of Justice of the European Union.

Slides will be available after the lesson covering each of the specific topics addressed in the course. Experts and professionals of data protection will give lectures on their specific field of research and practical experience (names to be announced).

The LDIS inquiry based-protocol requires that a continuous assessment of students learning must be guaranteed through the administration of two written tests and an oral teamwork presentation during the course, at the end of the modules. The outcome of each written test and of the oral teamwork presentation, aimed at verifying the learning of the module or modules just completed, will contribute to a single 25% of the final grade. Students who do not attend the written tests sessions will have to retrieve the verification of the relative part of the course, orally, during the final exam. The final exam, which also contributes to only 25% of the final grade, is oral and is aimed at verifying the general skills acquired by the student at the end of the course through an open discussion on the main topics of the essay chosen for reading and study, among those proposed on the syllabus. Non-attending students will have the opportunity to participate exclusively in the final exam, during which their knowledge of the full program will be verified.

Proficiency in the English language and the technological discourse. Evident interest for the subject. Intellectual appreciation of the Mentor.