In February/March 2022, I was contracted to teach "International Data Protection and Cybersecurity Law" as part of the Osgoode Professional LLM in Privacy and Cybersecurity Law. As an overall approach to the course, I took this as an opportunity to examine international approaches to privacy and cybersecurity in the context of likely upcoming reforms to Canadian law.
In the interests of transparency and ensuring the widest possible benefit, the slide decks (minus some course-specific material) are shared below. The slides primarily focus on different approaches to privacy and security, highlighting resources rather than providing detailed analysis.
If you'd like the PowerPoint version of these decks, have suggestions for additional material to cover should I teach this class again, or have any questions, please feel free to reach out to vance at datapolicy.ca.
Any opinions, errors, omissions etc. in the slides are my own.
In Part One, we examined the current (and changing) state of Canadian privacy law, and show the impact that international law (particularly the GDPR) is having on reform efforts. We also examined approaches taken by enforcement agencies (e.g. enforcement vs. guidance), as well as proposals for how those approaches could be improved. Lastly, we looked at styles of data regulation more generally (single-issue regulation, focusing on accountability, empowering data subjects, etc.).
In Part Two, we looked at the various mechanisms available for cross-border collaboration between data protection authorities, as well as the various international instruments which seek to harmonize or otherwise make interoperable global approaches to privacy, data protection, and cybersecurity.
Part Three of the course focused on cross-border data flows, and the potential impacts of trade agreements. This section of the course was presented by nNovation's Constantine Karbaliotis. We also had a brief discussion of the role of platforms in 'regulating' privacy.
In Part Four, we compared the approaches taken internationally in four selected topics: cybersecurity; de-identification / non-identifiable information; artifical intelligence / automated decision-making; and, data subject rights.
Finally, in what started as a joke on Twitter about the endless changes in the privacy world, each class started with a quick discussion of recents international privacy and cybersecurity updates. They're collected here!
Last updated: March 12, 2022