Derived from
|
20110048 Protezione dei dati personali e tutela dei diritti fondamentali-Clinica legale privacy in Law LMG/01 Scorza Guido
(syllabus)
The Course will be scheduled according to the following scheme: 1. The rules on personal data protection: lectures on fundamental rights, in the national and European constitutional framework, with particular attention to the evolution of the right to privacy and personal data protection. The lecturer will guide students in reading and examining the main provisions of EU Regulation 2016/679 and the main case law, with reference to the Constitutional Court, the Court of Justice of the European Union and the European Court of Human Rights. In particular, there will be specific focuses on the following topics: purpose and scope; dynamic notion of personal data and the right to informational self-determination; definitions of Art. 4 GDPR; general principles of processing; principle of accountability; principle of privacy by design and privacy by default; subjects of processing; procedures for cooperation between supervisory authorities and consistency mechanism; one-stop shop; transfer of personal data to third countries; obligations of the data controller and data processor; register of processing activities; privacy impact assessment (DPIA) and prior consultation; risk analysis and security policy; data breach management. 2. Specific themes: analysis of specific topics, having regard to the main European and national case law and to the decisional and consultative practice of the Garante per la protezione dei dati personali in the following fields - Privacy and social networks: relationship between ToS and privacy notice. The legal bases of processing and the choice between consent, contract and legitimate interest. Profiling, automated processing. Online advertising and personal data monetization. Convergence between privacy/antitrust and consumer protection: towards the protection of the digital citizen. Child protection on online platforms. Cases and issues: Tik Tok, Facebook, WhatsApp, Telegram, Clubhouse, etc. Cyberbullying, sexting and revenge porn. - Information and right to be forgotten: The processing of personal data in journalism: balancing the right to privacy and freedom of thought. Treviso Charter and ethical rules. Online information and the activity of the Garante. Right to be forgotten: protection of personal identity in relation with the right to memory, updating of information. The Google Spain ruling of the Court of Justice. Freedom of expression and social networks. - Privacy, marketing and electronic communications: Online data collection through websites and data protection. Legal obligations for providers of electronic communication services: security and data retention. Privacy and unsolicited communications: spam, telemarketing and silent calls. Information requirements and legal basis for promotional activities carried out through automated and non-automated systems. Profiling and marketing. Big data and artificial intelligence. Cookies and other tracking tools. The construction of digital identity. - Privacy and transparency: The path of anti-corruption and transparency in Italy: from l. 241/1990 to legislative decree 97/2016. The problematic relationship between transparency of administrative action and personal data protection: the processing of personal data by public entities. Documentary access, "simple" civic access and "generalised" civic access in the current regulatory framework. Limits deriving from personal data protection requirements. The rules on publication obligations. The necessary balance between privacy and transparency. Article 22 GDPR (automated decision-making process concerning natural persons). Administrative case law on algorithmic decisions and references to personal data protection. - Privacy and labor: the regulation of personal data protection in the workplace in the light of the supranational and national regulatory framework. The legal bases of the processing of workers' data. The processing of workers' data for the purpose of managing the employment relationship. Use of technological systems within the employment relationship and remote control of workers' activities (video surveillance, geolocation, e-mail, internet and social networks). New technologies and methods of attendance recording (biometrics). - Privacy and security: the risk-based approach and security policy. Identification of appropriate security measures. Privacy by design and by default. Anonymisation and pseudonymisation of personal data; The management of personal data breaches. Notification of data breaches to the Garante and communication to data subjects. 3. Practical cases: resolution of practical cases concerning data protection issues.
(reference books)
C. COLAPIETRO, Il diritto alla protezione dei dati personali in un sistema delle fonti multilivello. Il Regolamento UE 2016/679 parametro di legittimità della complessiva normativa italiana sulla privacy, Napoli, Editoriale Scientifica, 2018.
G. SCORZA, Processi al futuro. Quando la tecnologia ha incrociato il diritto, Milano, Egea, 2020.
|