Veidlapa Nr. M-3 (8)

Course Description Status: Approved

Course Description Version: 25/26.P.1.00

Description Period: 2025./26 academic year pavasara semestris

Study Course Accepted: -

Study Course Description

Data Protection and Cybersecurity

Main Study Course Information

Course Code
SZF_253
Branch of Science
Law
ECTS
6.00
Target Audience
Law
LQF
Level 7
Study Type And Form
Full-Time

Study Course Implementer

Course Supervisor
Agnese Reine
Structure Unit Manager
Ieva Puzo
Structural Unit
Faculty of Social Sciences
Contacts

SZF, Kuldigas Street 9C, szf@rsu.lv

About Study Course

Objective

Provide students with comprehensive knowledge of personal data protection and cybersecurity, with particular emphasis on risks related to artificial intelligence and cybersecurity, develop the ability to interpret and apply legal norms governing data protection and cybersecurity, identify problematic issues, including tensions between practice and theory, and propose legal solutions to them.

Preliminary Knowledge

Introduction to legal system, civil right and constitutional rights

Learning Outcomes

Knowledge

1.Understands the theoretical foundations of personal data protection and cybersecurity law and their place within the legal system. Describes the legal framework of the European Union and national law in the field of data protection and cybersecurity, including their interaction. Understands the significance of the risk-based approach in data processing and information systems security.

Skills

1.Skills to interpret and apply legal norms governing data protection and cybersecurity in resolving complex cases. Ability to conduct legal risk assessments in the context of data processing and cybersecurity, including analysing technological processes (such as profiling, biometric data processing, and automated decision-making) from a legal perspective. Ability to evaluate case law and decisions of supervisory authorities and to identify the impact of the legal findings contained therein on the application of legal acts.

Competences

1.Independently resolves complex legal issues in the fields of data protection and cybersecurity by making well-reasoned and legally substantiated decisions. Applies acquired theoretical knowledge and is able to identify and use the legal information necessary to resolve specific situations. Is able to professionally argue issues related to the protection of fundamental rights in the context of technological development.

Assessment

Individual work

Title
% from total grade
Grade
1.

Independent work
-
-

Independent work consists of studying academic and scientific literature, as well as analysing legal acts and case law. Within the framework of the study course, students are required to prepare and defend two independent assignments – an analysis of problematic issues in ensuring data protection and an analysis of problematic issues in the field of cybersecurity.

Examination

Title
% from total grade
Grade
1.

Test
25.00% from total grade
10 points

Test on the knowledge acquired in the course to test the student’s theoretical knowledge
2.

Seminar
25.00% from total grade
10 points

Within the framework of the seminar, students in groups analyse the problem situation given, as well as present legal conclusions and proposals
3.

Examination
50.00% from total grade
10 points

The examination consists of theoretical questions as well as the resolution of a case scenario related to ensuring data protection and cybersecurity.

Study Course Theme Plan

FULL-TIME
Part 1

  1. Lecture

Modality
Location
Contact hours
On site
Study room
2

Topics

Protection of personal data: legal framework, principles, rights and obligations

  1. Lecture

Modality
Location
Contact hours
On site
Study room
2

Topics

Protection of personal data: legal framework, principles, rights and obligations

  1. Lecture

Modality
Location
Contact hours
On site
Study room
2

Topics

Privacy and the protection of personal data in the digital age

  1. Lecture

Modality
Location
Contact hours
On site
Study room
2

Topics

Privacy and the protection of personal data in the digital age

  1. Class/Seminar

Modality
Location
Contact hours
On site
Study room
2

Topics

Protection of personal data: legal framework, principles, rights and obligations
Privacy and the protection of personal data in the digital age

  1. Class/Seminar

Modality
Location
Contact hours
On site
Study room
2

Topics

Protection of personal data: legal framework, principles, rights and obligations
Privacy and the protection of personal data in the digital age

  1. Lecture

Modality
Location
Contact hours
On site
Study room
2

Topics

Mechanisms for ensuring data protection

  1. Lecture

Modality
Location
Contact hours
On site
Study room
2

Topics

Mechanisms for ensuring data protection

  1. Lecture

Modality
Location
Contact hours
On site
Study room
2

Topics

Rights of the Data Subject and obligations of the Data Controller

  1. Lecture

Modality
Location
Contact hours
On site
Study room
2

Topics

Rights of the Data Subject and obligations of the Data Controller

  1. Class/Seminar

Modality
Location
Contact hours
On site
Study room
2

Topics

Mechanisms for ensuring data protection
Rights of the Data Subject and obligations of the Data Controller

  1. Class/Seminar

Modality
Location
Contact hours
On site
Study room
2

Topics

Mechanisms for ensuring data protection
Rights of the Data Subject and obligations of the Data Controller

  1. Lecture

Modality
Location
Contact hours
On site
Study room
2

Topics

Data breaches, parties’ rights and obligations

  1. Lecture

Modality
Location
Contact hours
On site
Study room
2

Topics

Data breaches, parties’ rights and obligations

  1. Lecture

Modality
Location
Contact hours
On site
Study room
2

Topics

Concept of cybersecurity and legal framework

  1. Lecture

Modality
Location
Contact hours
On site
Study room
2

Topics

Concept of cybersecurity and legal framework

  1. Class/Seminar

Modality
Location
Contact hours
On site
Study room
2

Topics

Data breaches, parties’ rights and obligations
Concept of cybersecurity and legal framework

  1. Class/Seminar

Modality
Location
Contact hours
On site
Study room
2

Topics

Data breaches, parties’ rights and obligations
Concept of cybersecurity and legal framework

  1. Lecture

Modality
Location
Contact hours
On site
Study room
2

Topics

Information Security and risk management

  1. Lecture

Modality
Location
Contact hours
On site
Study room
2

Topics

Cybersecurity incidents and Organization responsibilities

  1. Lecture

Modality
Location
Contact hours
On site
Study room
2

Topics

Data protection and cyber security in the digital century

  1. Lecture

Modality
Location
Contact hours
On site
Study room
2

Topics

Case law of the European Union and other member states

  1. Class/Seminar

Modality
Location
Contact hours
On site
Study room
2

Topics

Information Security and risk management
Cybersecurity incidents and Organization responsibilities

  1. Class/Seminar

Modality
Location
Contact hours
On site
Study room
2

Topics

Data protection and cyber security in the digital century
Case law of the European Union and other member states

  1. Test

Modality
Location
Contact hours
On site
Study room
2

Topics

Exam
Total ECTS (Creditpoints):
6.00
Contact hours:
48 Academic Hours
Final Examination:
Exam (Written)

Bibliography

Required Reading

1.

Eiropas Parlamenta un Padomes 2016. gada 27. aprīļa Regulas (ES) 2016/679 par fizisku personu aizsardzību attiecībā uz personas datu apstrādi un šādu datu brīvu apriti un ar ko atceļ Direktīvu 95/46/EK.

2.

Fizisko personu datu apstrādes likums

3.

Likums “Par fizisko personas datu apstrādi kriminālprocesā un administratīvā pārkāpuma procesā”

4.

Eiropas Parlamenta un Padomes 2022.gada 14.decembra direktīva ar ko paredz pasākumus nolūkā panākt vienādi augstu kiberdrošības līmeni visā Savienībā un ar ko groza Regulu (ES) Nr. 910/2014 un Direktīvu (ES) 2018/1972 un atceļ Direktīvu (ES) 2016/1148 (TID 2 direktīva)

5.

Eiropas Parlamenta un Padomes 2019.gada 17.aprīļa regula par ENISA (Eiropas Savienības Kiberdrošības aģentūra) un par informācijas un komunikācijas tehnoloģiju kiberdrošības sertifikāciju, un ar ko atceļ Regulu (ES) Nr. 526/2013 (Kiberdrošības akts)

6.

Eiropas Parlamenta un Padomes 2002.gada 12.jūlija direktīva par personas datu apstrādi un privātās dzīves aizsardzību elektronisko komunikāciju nozarē(direktīva par privāto dzīvi un elektronisko komunikāciju)

7.

Legal Issues in Reconciling Data Protection, AI, and Cybersecurity Legal Issues in Reconciling Data Protection, AI, and Cybersecurity under EU Law

8.

Dan Craigen, Nadia Diakun-Thibault, Randy Purse "Defining Cybersecurity"

9.

Eiropas Parlamenta un Padomes 2024.gada 13.jūnija reguła ar ko nosaka saskaņotas normas mākslīgā intelekta jomā un groza Regulas (EK) Nr. 300/2008, (ES) Nr. 167/2013, (ES) Nr. 168/2013, (ES) 2018/858, (ES) 2018/1139 un (ES) 2019/2144 un Direktīvas 2014/90/ES, (ES) 2016/797 un (ES) 2020/1828 (Mākslīgā intelekta akts)

Additional Reading

1.

EDPB Guidelines, Recommendations, Best Practices

2.

Orla Lynskey, The Foundations of EU Data Protection Law. Oxford University Press, 2015.

3.

ENISA. Cybersecurity and Resilience of Critical Infrastructure.

4.

The Intersection of Artificial Intelligence and Employment Legal Relations: Balancing Employer Interests with Fundamental Rights in AI-Driven Employment Practices

5.

The new EU cybersecurity framework: The NIS Directive, ENISA's role and the General Data Protection Regulation

6.

OECD Principles on Artificial Intelligence

Other Information Sources

1.

European Parliament Research Service – Cybersecurity of Critical Infrastructure

2.

NIST Cybersecurity Framework