• E4J University Module Series: Cybercrime

• Module 10: Privacy and Data Protection

• Introduction and learning outcomes

• Key issues

• • Privacy: what it is and why it is important
  • Privacy and security
  • Cybercrime that compromises privacy
  • Data protection legislation
  • Data breach notification laws
  • Enforcement of privacy and data protection laws
  • Conclusion
  • References

• Exercises

• Possible class structure

• Core reading

• Advanced reading

• Student assessment

• Additional teaching tools

•  

• First published in March 2019, updated in February 2020
  

•  

 

  This module is a resource for lecturers  

 

References

 

Publications, media articles and reports

• Berlinger, Joshua, and Maegan Vazquez. (2018). US military reviewing security practices after fitness app reveals sensitive info. CNN, 29 January 2018. 
• Bernal, Paul. (2016). Data gathering, surveillance and human rights: recasting the debate. Journal of Cyber Policy, Vol. 1(2), 243-264.
• Chatelain, Yannick. (2018a). Darknet: faut-il démanteler la revente illégale de la liberté de s'exprimer et de s'informer? The Conversation, 5 July 2018.
• Chatelain, Yannick. (2018b). Principles of hacktivism and hackers: ignorance and prejudices! The Conversation, 15 May 2018.
• Cooley, Thomas. (1907). A Treatise on the Law of Torts. Callaghan and Company.
• Council of Europe. (n.d.).  Modernisation of Convention 108 .
• De Meyer, Jan. (1973). The Right to Respect for Private and Family Life, Home, and Communications in relations between individuals, and the Resulting Obligations for States Parties to the Convention. In A. H. Robertson, ed. Privacy and Human Rights. Manchester University Press.
• Douglas, Karen M., and Craig McGarty. (2001). Identifiability and Self-Presentation: Computer-Mediated Communication and Intergroup Interaction. British Journal of Social Psychology, Vol. 40(3), 399-416.
• Eissen, Marc-Andre. (1967). La protection internationale des droits de l'homme dans le cadre Européen. Dalloz.
• Fihlani, Pumza, (2017). Millions caught in South Africa's 'worst data breach'. BBC News, 20 October 2017.
• Finklea, Kristin. (2017). Dark Web. Congressional Research Service.
• Fleishman, Glenn. (2018). Milos Yiannopoulos. Jokes of Death Squads Murdering Journalists. Fortune, 26 June 2018.
• Fried, Charles. (1970). An Anatomy of Values. Harvard University Press.
• Global Partners Digital. (2017). Travel Guide to the Digital World: Encryption Policy for Human Rights Defenders .
• Gous, Nico. (2017). Top real estate company admits to being unwitting source of country's largest personal data breach. Sunday Times, 18 October 2017.
• Greenberg, Andy. (2016). Hack brief: Turkey breach spills info on more than half its citizens. Wired, 5 April 2016.
• Greenleaf, Graham. (2011). The Influence of European Data Privacy Standards Outside Europe: Implications for Globalisation of Convention 108. International Data Privacy Law, Vol. 2(2), 68-92.
• Haines, Russell, Hough, Jill, Cao, Lan, and Douglas Haines. (2014). Anonymity in computer-mediated communication: More contrarian ideas with less influence . Group Decision and Negotiation, Vol. 23(4), 765-786.
• Hern, Alex. (2018). Fitness tracking app Strava gives away location of secret army bases. The Guardian, 28 January 2018.
• HIPAA Journal. (2015). Summary of the HIPAA breach notification rule .
• Hopkins, Nick. (2017). Deloitte hack hit server containing emails from across US government. The Guardian, 10 October 2017.
• Janis, Mark, Richard Kay, and Anthony Bradley. (2000). European Human Rights Law: Text and Materials, 2 ^nd edition. Oxford University Press.
• Koops Bert-Jaap, Bryce Clayton Newell, Tjerk Timan, Ivan Škorvánek, Tomislav Chokrevski, and Maša Galič. (2017). A typology of privacy. University of Pennsylvania Journal of International Law, Vol. 38(2), 483-575.
• MacFarquhar, Neil. (2018). Russian court bans Telegram app after 18-minute hearing. The New York Times. 13 April 2018.
• Makulilo, Alex Boniface. (2013a). Data Protection Regimes in Africa: too far from the European 'adequacy' standard? International Data Privacy Law, Vol. 3(1), 42-50.
• Makulilo, Alex Boniface. (2013b). Mauritius Data Protection Commission: an analysis of its early decisions. International Data Privacy Law, Vol. 3(2), 131-139.
• Maras, Marie-Helen. (2016). Cybercriminology. Oxford University Press.
• Maras, Marie-Helen. (2009). From Targeted to Mass Surveillance: Is the EU Data Retention Directive a Necessary Measure or an Unjustified Threat to Privacy? In Ben Goold and Daniel Neyland, eds. New Directions in Surveillance and Privacy (pp. 74-103). Willan.
• Maras, Marie-Helen.(2014). Inside Darknet: The Takedown of Silk Road. Criminal Justice Matters, Vol. 98(1), 22-23.
• Maras, Marie-Helen. (2015). The Internet of Things: Security and Privacy Implications. International Data Privacy Law, Vol. 5(2), 99-104.
• Maras, Marie-Helen. (2012). The Social Consequences of a Mass Surveillance Measure: What Happens When We Become the "Others"? International Journal of Law, Crime and Justice, Vol. 40(2), 65-81.
• Maras, Marie-Helen and Wandt, Adam. (2019). Enabling Mass Surveillance: Data Aggregation in the Age of Big Data and the Internet of Things. Journal of Cyber Policy.
• Maras, Marie-Helen and Wandt, Adam. (2018). IoT Data Collection and Analytics. Presentation for FBI, DHS, and Secret Service agents and members of the National Cyber-Forensics & Training Alliance, at John Jay College of Criminal Justice, City University of New York (2 May 2018).
• Meyer, David. (2018). Iran Bans Telegram, an App Used By Half the Country. Fortune, 1 May 2018.
• Newman, Lily Hay. (2017). Yahoo's 2013 email hack actually compromised three billion accounts. Wired, 3 October 2017.
• Orji, Uchenna Jerome. (2017). Regionalizing data protection law: a discourse on the status and implementation of the ECOWAS Data Protection Act. International Data Privacy Law, Vol. 7(3), 179-189.
• Radziwill, Nicole, Jessica Romano, Diane Shorter, and Morgan Benton. (2015). The Ethics of Hacking: Should It Be Taught? arXiv.
• Rodriguez, Philippe-André. (2015). Human dignity as an essentially contested concept. Cambridge Review of International Affairs, Vol. 28(4), 743-756. 
• Rost,  Katja, Stahel, Lea and  Bruno S.  Frey. (2016). Digital Social Norm Enforcement: Online Firestorms in  Social Media. PLOS One, Vol. 11(6).
• Safi, Michael. (2018). Personal data of a billion Indians sold online for £6, report claims. The Guardian, 4 January, 2018.
• Schroeder, Doris. (2017). How to define dignity and its place in human rights - a philosopher's view. The Conversation, 9 August 2017.
• Shultztiner, Doron and Guy E. Carmi. (2014). Human Dignity in National Constitutions: Functions, Promises and Dangers. The American Journal of Comparative Law, Vol. 62(2), 461-490.
• Tan, Lara. (2016). 55M Filipino voters open to fraud after Comelec hack - int'l tech security firm. CNN Philippines, 8 April 2016.
• United Nations Conference on Trade and Development. (2016). Data protection regulations and international data flows: Implications for trade and development .
• Vidhi Doshi. (2018). A security breach in India has left a billion people at risk of identity theft. The Washington Post, 4 January 2018.
• Zetter, Kim. (2015). Hackers finally post stolen Ashley Madison data. Wired, 18 August 2015.

 

Cases

• Escher et al. v. Brazil. Inter-American Court of Human Rights (Preliminary Objections, Merits, Reparations, and Costs). Judgment of 6 July 2009. Series C No. 200 (2009).
• Fontevecchia and D'Amico v. Argentina. Inter-American Court of Human Rights (Merits, Reparations and Costs). Judgment, I/A Court H.R., Series C No. 238 (2011).
• Google Spain SL, Google Inc. v. Agencia Española de Protección de Datos, Mario Costeja
• González Case C-131/12 [ECR, 13 May 2014].
• Ituango Massacres v. Colombia. Inter-American Court of Human Rights (Preliminary Objections, Merits, Reparations and Costs). Judgment of 1 July 2006. Series C No. 148 (2006).
• Kopp v. Switzerland (App No. 23224/94) [1998] ECHR 18.
• Pretty v. United Kingdom (App 2346/02) [2002] ECHR 423.
• Roman Zakharov v. Russia (App No. 47143/06) [2015] ECHR 1065.
• Rotaru v. Romania (App No. 28341/95) [2000] ECHR 192.
• S and Marper v United Kingdom (App nos. 30562/04 and 30566/04) [2008] ECHR 1581.
• Tristán Donoso v. Panama. Inter-American Court of Human Rights (Preliminary objection, merits, reparations and costs). Judgment of 27 January 2009. Series C No. 193 (2009).
• Weltimmo s. r. o. v. Nemzeti Adatvédelmi és Információszabadság Hatóság (Weltimmo v. Hungarian Data Protection Authority) Case C-230/14 [ECR, 30 October 2015].
• Wieser and Bicos Beteiligungen GmbH v Austria (App no. 74336/01) [2007] ECHR 815.

 

International legislation / conventions

• African Commission on Human and Peoples' Rights. African Charter on Human and Peoples Rights (1981)
• African Union. Convention on Cyber Security and Personal Data Protection (2014)
• Inter-American Commission on Human Rights. American Convention on Human Rights (1969)

• Council of Europe.
• • European Convention on Human Rights (1950)
  • Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (1981)
• Economic Community of West African States (ECOWAS). Supplementary Act A/SA.1/01/10 on Personal Data Protection within ECOWAS 
• European Union.
  • Charter of Fundamental Rights of the European Union (2000)
  • Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data
  • Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data
  • General Data Protection Regulation (GDPR)
  • Regulation (EC) no 45/2001 of the of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the institutions and bodies of the Community and on the free movement of such data
  • Consolidated Version of the Treaty on the Functioning of the European Union

 

United Nations materials

• Convention on the Rights of Persons with Disabilities (2006)
• Convention on the Elimination of All Forms of Discrimination against Women (1979)
• Convention on the Rights of a Child (1989)
• Declaration on the Elimination of All Forms of Racial Discrimination (1963)
• International Convention on the Protection of the Rights of All Migrant Workers and Members of Their Families (1990)
• International Covenant on Civil and Political Rights (1966)
• International Covenant on Economic, Social and Cultural Rights (1966)
• Universal Declaration on Human Rights (1948)

• General Assembly.
  • Resolution (A/RES/72/175)
  • Resolution (A/72/135)

• General Assembly, Human Rights Council.
  • Resolution (A/HRC/RES/34/7)
  • Resolution (A/HRC/RES/38/7)
  • Resolution (A/HRC/RES/39/6)
  • Joint report of the Special Rapporteur on the rights to freedom of peaceful assembly and of association and the Special Rapporteur on extrajudicial, summary or arbitrary executions on the proper management of assemblies (A/HRC/31/66)
  • Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, Frank La Rue  (A/HRC/23/40)
  • The right to privacy in the digital age: Report of the United Nations High Commissioner for Human Rights  (A/HRC/39/29)

 

National legislation

• Philippines. Data Privacy Act (2012)
• Ghana. Data Protection Act (2012)
• Mexico. Federal Law on Protection of Personal Data Held by Private Parties (2010)
• Mexico. General Law for the Protection of Personal Data in Possession of Obliged Subjects (2017)
• United States of America. Health Insurance Portability and Accountability Act (HIPAA) (1996)
• Qatar. Law No. (13) Promulgating the Protection of the Privacy of Personal Data Law (2016)
• Australia. Privacy Act (1988)
• New Zealand. Privacy Act (1993)
• Indonesia. Regulation No. 20 regarding the Protection of Personal Data in an Electronic System (2016)
• Indonesia. Regulation No. 82 concerning Electronic System and Transaction Operation (2012)

 

Next: Exercises

Back to top