Issues in Privacy and Data Governance

Note: This course satisfies either the Perspective or the International/Comparative/Transnational course requirement.

This course explores two interlocking domains. First, privacy law: the rules, doctrines, and regulatory frameworks that determine how information may be collected, used, processed, and disclosed. Second, data governance: the organizational practices, frameworks, and processes that structure how data is managed, shared, safeguarded, and deployed in complex institutional settings. Together, these equip students to understand the legal, ethical, and operational challenges that arise as public and private actors navigate the data-driven world. The course begins by exploring privacy’s doctrinal roots and the current obligations that the privacy law imposes on public and private actors. We will draw on comparative contexts by examining key developments in the United States, Europe, and Asia in order to situate Canada within the evolving global privacy context. Throughout, we will focus on emerging technologies; students will have the chance to discuss the privacy implications of modern communications, AI (including generative AI tools), location tracking, identity theft, policing and surveillance (including facial recognition), predictive analytics, digital advertising, corporate data breaches, and more. We will also examine key technical methodologies designed to support legal obligations, including approaches for managing re-identification risks, such as differential privacy, and tools that assist with privacy policy analysis.