Instructor(s): Lisa Austin, David Lie

Note: This course satisfies either the Perspective or the International/Comparative/Transnational course requirement.

This course looks at data protection law from the twin perspectives of law and engineering. We will learn about the basic obligations outlined in data protection laws such as Europe’s GDPR, Canada’s PIPEDA (and possible new privacy legislation if passed), and California’s CCPA. We will also learn about some of the key technical methodologies proposed to help with some of these obligations, including methodologies to help manage re-identification risks (such as differential privacy), and methodologies to assist with privacy policy analysis (such as AI). We will also look at current and emerging technological threats to privacy and the ways in which data protection law does, or does not, adequately respond (such as device fingerprinting). 

The core questions of this course are:  

  • How can privacy engineering and technical security measures help ensure legal compliance with privacy laws? 
  • What is the relationship between privacy and security in privacy law?  
  • Where are privacy laws misaligned with technical best practices? 
  • Where are privacy laws misaligned with technical threats to privacy? 
  • What kinds of privacy issues are not amenable to technical solutions? 

Law students will gain a basic understanding of key technologies and methodologies used by the technical community to protect privacy. They will also learn a set of critical questions to ask about these technologies and methodologies when considering their use in meeting legal obligations. Law students will also gain a basic understanding of some of the current technological threats to privacy. Engineering students will gain a basic understanding of data protection laws as well as the methodologies lawyers, regulators, and courts use to interpret those laws. They will also learn a set of critical questions to ask about these laws when considering whether their designs can assist in meeting legal obligations. Engineering students will also gain a basic understanding of some of the ways that data protection laws can fail to promote the best technical solutions for current and emerging technological threats to privacy. 

Evaluation
The course evaluation consists of: (1) 3 reflection papers, 750 words each (30%); (2) a final paper of 4000-5250 words (60%); (3) class participation (10%). There will be an option to work collaboratively with other students on a final project that will substitute for the final paper. Please note that law students will be graded according to the law school grading guidelines.
Academic year
2024 - 2025

At a Glance

Second Term
Credits
3
Hours
2
SUYRP
Perspective course
ICT

Enrolment

Maximum
50

20 JD
5 LLM/SJD/MSL/SJD U

25 Engineering students

Schedule

W: 10:30 am - 12:20 pm