Data Protection and Cybersecurity
Launch of the 2025/2026 Edition – Open Class
First meeting: Thursday, 27 November
The 2025/2026 edition of Data Protection and Cybersecurity offers an academically rigorous and practice-oriented introduction to the legal, regulatory and governance frameworks shaping the contemporary digital environment. Conducted in English and open to all interested participants, the course examines the core instruments regulating privacy, data protection and cybersecurity in Europe and beyond, including the GDPR, the NIS2 Directive, and the Council of Europe’s conventions on cybercrime and data protection. Through interactive workshops, case-based analysis and discussion, students will develop competencies in identifying cybersecurity risks, interpreting compliance obligations and understanding how legal standards operate in technologically complex contexts.
A central component of the course is the practical examination of major digital platforms and socio-technical systems. Participants will analyse how TikTok and Instagram implement data processing, privacy-by-design mechanisms, algorithmic recommendation systems and behavioural profiling, with particular attention to risks affecting minors, digital advertising and cross-border data flows. The syllabus also includes a dedicated module on artificial intelligence, focusing on legal issues arising from the use of generative models, including image creation tools, automated decision-making, and the emerging European regulatory landscape. Students will critically assess platform governance, transparency obligations, and the implications of AI-driven content moderation and content generation.
Shortened syllabus overview:
• Foundations of EU and international data protection law
• Privacy principles, data stewardship and digital rights
• Cybersecurity frameworks, incident response and risk management
• Cybercrime, digital evidence and cross-border investigations
• Platform governance and regulatory compliance
• TikTok, Instagram and the legal assessment of algorithmic systems
• Influencer marketing, unfair commercial practices and online advertising law
• Artificial intelligence, generative systems and emerging regulation
• Ethics, accountability and governance in digital ecosystems
• Final project: legal analysis of a selected platform, system or case study
The first meeting on Thursday, 27 November will introduce organisational details, assessment criteria and final-presentation requirements.
Course Reading List – Data Protection and Cybersecurity (2025/2026)
Mandatory Readings
- Kulesza, J. Rules of the Road: International Law Guiding State Behaviour in Cyberspace, in A. Salvi, H. Tiirmaa-Klaar & J. A. Lewis (eds.), A Handbook for the Practice of Cyber Diplomacy, EUISS, 2025.
- Kulesza, J. Privacy and Data Protection, in R. Balleste, G. Doucet & M. L. D. Hanlon (eds.), A Research Agenda for Cybersecurity Law and Policy, Edward Elgar, 2025.
- Kulesza, J. Poland, in E. Heinze (ed.), Criminalising Hate Speech: A Comparative Study, Springer, 2025.
Recommended Readings
- Kulesza, J. & Akçalı Gür, B. Global Governance of Low Earth Orbit Satellites, Łódź University Press, 2025.
- Balleste, R., Doucet, G. & Hanlon, M. L. D. (eds.), A Research Agenda for Cybersecurity Law and Policy, Edward Elgar, 2025.
- Bygrave, L. Data Protection Law: Approaching Its Rationale, Logic and Limits.
- Kuner, C. Transborder Data Flows and Data Privacy Law.
