Data Privacy: Rights & Protection

A comprehensive beginner course covering data privacy fundamentals, global regulations (GDPR, HIPAA, CCPA and more), your rights, and practical tools for protecting your personal information.

Module 1: What Is Data Privacy?

1.1 What Is Personal Data?

Defines personal data, explains directly and indirectly identifying information, and introduces sensitive data categories.

11

1.2 A World Without Privacy

Explores what the absence of privacy looks like through historical and modern examples, and explains why privacy underpins other freedoms.

11

1.3 Who Collects Your Data and Why

Maps the landscape of data collectors — governments, corporations, data brokers, platforms — and explains the incentives driving collection.

11

1.4 The Privacy Paradox

Examines the gap between stated privacy values and actual behaviour, and explains why it exists — along with practical implications.

11

Quick Resources — Module 1

Curated plain-language resources for understanding data privacy concepts: overviews, glossaries, and foundational guides.

Module 2: How Data Moves — The Ecosystem

2.1 From Click to Database

Traces the journey of a single data point from a user's browser through ad exchanges, CDNs, analytics platforms, and into corporate databases — making the invisible infrastructure visible.

11

2.2 Data Brokers & the Shadow Economy

Explains the data broker industry in depth: how brokers obtain, enrich, and sell personal data, who buys it, and what a typical broker profile contains.

11

2.3 Tracking Technologies

Explains cookies, pixel trackers, device fingerprinting, supercookies, and cross-device tracking — and why cookies alone are no longer the primary threat.

11

2.4 AI and Your Data

Examines how AI systems consume personal data through training, inference, model inversion attacks, and AI-generated profiling — including how large language models interact with user data.

11

Quick Resources — Module 2

Curated tools and resources for understanding and visualising the data ecosystem: tracker analysis, browser fingerprinting tests, and data broker opt-out tools.

Module 3: Why Privacy Matters — The Real Costs

3.1 Identity Theft & Financial Fraud

Explains how personal data enables identity theft and financial fraud, covering synthetic identity fraud, account takeover, tax fraud, and medical identity theft, with statistics and first-response steps.

11

3.2 Discrimination Through Data

Explores how data enables algorithmic discrimination in hiring, insurance, pricing, and criminal justice — including the role of proxy variables and connections to civil rights law.

11

3.3 Surveillance, Manipulation & Democracy

Examines how mass data collection enables political manipulation, micro-targeting, filter bubbles, and state surveillance of activists — with case studies including Cambridge Analytica and authoritarian surveillance.

11

3.4 Mental Health & the Attention Economy

Explains how the attention economy model uses personal data to create hyper-personalised feeds, the evidence linking social media algorithms to mental health harm, and the role of privacy in reclaiming wellbeing.

11

Quick Resources — Module 3

Curated resources for exploring identity theft response, algorithmic discrimination investigations, surveillance and democracy, and the attention economy.

Module 4: The Global Regulatory Landscape

4.1 Why We Need Privacy Laws

Explains the market failure argument, power asymmetry, historical harms from unregulated data, and the difference between rights-based and harm-based legal approaches.

11

4.2 How Privacy Laws Are Structured

Explains the common building blocks of privacy legislation, the omnibus vs. sectoral distinction, and a comparison of GDPR against the US patchwork approach.

11

4.3 Enforcement Bodies Around the World

Explains what Data Protection Authorities do, profiles key bodies globally, and shows how to identify the authority relevant to you.

11

4.4 The Challenge of Cross-Border Data

Explains international data transfer mechanisms, the Schrems rulings, and why jurisdictional complexity matters for individuals and organisations.

11

Quick Resources — Module 4

Curated references for the global regulatory landscape: law trackers, DPA lists, and cross-border transfer tools.

Module 5: GDPR — Europe's Standard

5.1 GDPR Basics — Scope & Principles

Explains what the GDPR is, who it applies to including non-EU companies, and covers all seven data protection principles from Article 5.

11

5.2 Lawful Bases for Processing

Explains the six lawful bases for processing under GDPR Art. 6, how to identify which applies, and the strict requirements for valid consent under Art. 7.

11

5.3 Your Rights Under GDPR

Covers the core individual rights in GDPR Arts. 15–22, explains how to exercise each, and outlines what happens when an organisation refuses.

11

5.4 GDPR for Organizations

Covers the key compliance obligations for data controllers and processors, including DPOs, DPIAs, breach notification, Records of Processing Activities, and GDPR fines.

11

Quick Resources — Module 5

Curated plain-language guides and official resources for understanding GDPR — your rights, the rules for organisations, and where to find help.

Module 6: HIPAA — Healthcare Privacy in the USA

6.1 What HIPAA Covers

Introduces HIPAA's Privacy Rule, defines Protected Health Information, identifies Covered Entities and Business Associates, and explains when PHI may be used or disclosed.

11

6.2 Patient Rights Under HIPAA

Covers the six key patient rights under the HIPAA Privacy Rule — including records access, amendment, accounting of disclosures, restriction requests, and confidential communications — with practical guidance on exercising them.

11

6.3 The Minimum Necessary Principle

Explains HIPAA's minimum necessary standard — why it exists, how it works in practice, its limits, and how it connects to GDPR's data minimisation principle.

11

6.4 When HIPAA Doesn't Apply

Clarifies the significant and often misunderstood gaps in HIPAA coverage — employers, health apps, wearables, life insurers, and school records — and explores what laws may (or may not) fill those gaps.

11

Quick Resources — Module 6

Official US government resources on HIPAA patient rights, filing complaints, and professional FAQs.

Module 7: Privacy Laws in the Americas

7.1 The US Patchwork — No Federal Law

Explains why the United States has no comprehensive federal privacy law, maps the sectoral statutes that fill the gap, describes the FTC's enforcement role, and introduces the draft American Data Privacy and Protection Act (ADPPA).

11

7.2 CCPA & CPRA — California Leads

Explains California's Consumer Privacy Act (CCPA, 2020) and its amendment by the California Privacy Rights Act (CPRA, 2023), covering applicability thresholds, consumer rights, the CPPA, the opt-out of sale mechanism, and the spread of state-level privacy laws.

11

7.3 Canada's PIPEDA & Bill C-27

Explains Canada's current federal privacy law (PIPEDA), its principles-based approach and OPC oversight, the proposed Consumer Privacy Protection Act (Bill C-27), and Quebec's already-in-force Law 25.

11

7.4 Latin America — LGPD & Beyond

Covers Brazil's LGPD (2020) and the ANPD, and provides an overview of privacy law developments in Argentina, Chile, Colombia, and the broader regional trend toward GDPR convergence.

11

Quick Resources — Module 7

Curated official and authoritative resources for US, Canadian, and Latin American privacy laws covered in Module 7.

Module 8: Privacy Laws in Asia-Pacific & Africa

8.1 China's PIPL

Explains China's Personal Information Protection Law (PIPL, 2021): scope, lawful bases, consent, data localisation, data subject rights, processor obligations, CAC enforcement, and the political context of state surveillance.

11

8.2 Japan, South Korea & Singapore

Covers three of Asia's most developed data privacy regimes: Japan's APPI, South Korea's PIPA, and Singapore's PDPA — each with distinct features, enforcement histories, and international alignment.

11

8.3 India's DPDP Act

Covers India's Digital Personal Data Protection Act (2023): consent model, data principals' rights, data fiduciary obligations, the Data Protection Board, significant data fiduciary rules, cross-border transfers, and the status of implementing rules.

11

8.4 Africa's Growing Framework

Surveys data protection across Africa: South Africa's POPIA, Nigeria's NDPR, Kenya's Data Protection Act, Morocco's Law 09-08, the Malabo Convention, data sovereignty trends, and the reality of uneven enforcement.

11

Quick Resources — Module 8

Curated resources for Asia-Pacific and African data privacy laws: official regulator sites and policy frameworks.

Module 9: Your Rights — A Practical Guide

9.1 The Right to Know — Subject Access Requests (SARs)

Explains the right of access under GDPR Art. 15 and equivalent laws, what information must be provided, and how to write and submit a Subject Access Request.

11

9.2 The Right to Erasure

Explains the right to erasure (right to be forgotten) under GDPR Art. 17 and CCPA, when it applies, when it can be refused, and how to exercise it in practice.

11

9.3 The Right to Object & Opt Out

Explains GDPR Art. 21 right to object, the CCPA opt-out of sale, the difference between withdrawing consent and objecting, and practical opt-out tools including the Global Privacy Control.

11

9.4 What to Do When Rights Are Violated

Step-by-step escalation path from contacting the DPO to DPA complaints, civil society support, and court action — with timelines, compensation rights, and practical tools.

11

Quick Resources — Module 9

Curated practical tools and links for exercising data subject rights: SAR templates, complaint tools, DPA directories, and advocacy organisations.

Module 10: Privacy in Practice — Individuals

10.1 Auditing Your Digital Footprint

A practical, step-by-step guide to assessing your own data exposure — from search results and breach databases to platform data downloads.

11

10.2 Passwords, 2FA & Account Security

Why passwords are a privacy issue, best practices for credential management, two-factor authentication options, and what to do after a breach.

11

10.3 Social Media & Oversharing

How to audit social media privacy settings, what oversharing exposes, and practical rules for reducing your social media privacy risk.

11

10.4 Browsers, VPNs & Private Search

The privacy spectrum of browsers, what incognito mode actually dös, when VPNs help (and when they don't), and privacy-respecting alternatives to mainstream search engines.

11

Quick Resources — Module 10

Curated practical tools and guides for auditing and improving your personal privacy online.

Module 11: Privacy for Organizations & Developers

11.1 Privacy by Design

Explains Ann Cavoukian's 7 Foundational Principles of Privacy by Design and their embedding in GDPR Art. 25, contrasting a proactive privacy-first approach with mere compliance.

11

11.2 Data Minimization & Retention

Covers GDPR's data minimisation and storage limitation principles, explaining how to define retention schedules, automate deletion, and reduce breach exposure through proportionate collection.

11

11.3 Consent Management

Examines what valid consent looks like under GDPR Art. 7, what invalidates it, and how Consent Management Platforms and the IAB TCF operate — with a practical checklist for organisations.

11

11.4 Incident Response & Breach Notification

Covers what constitutes a data breach under GDPR Art. 4(12), the 72-hour DPA notification requirement, when data subjects must be notified, and a practical incident response workflow.

11

Quick Resources — Module 11

Curated resources for organisations and developers on Privacy by Design, retention, consent management, and incident response.

Module 12: The Future of Privacy

12.1 AI, Biometrics & Emerging Threats

Explores how artificial intelligence and biometric technologies are creating new categories of privacy threat — from facial recognition and emotion detection to brain-computer interfaces — and examines the EU AI Act as the first major regulatory response.

11

12.2 The Global Convergence of Privacy Law

Traces the worldwide trend toward GDPR-like privacy standards, examines major national laws, and explains both the promise and the limits of a global privacy baseline.

11

12.3 Privacy as a Human Right

Examines the international human rights foundations of the right to privacy — from the UDHR to UN resolutions — and explains why a human rights framing provides stronger protection than a consumer protection approach.

11

12.4 Taking Action — Your Next Steps

A practical, motivating close to the course that translates privacy knowledge into an actionable personal plan — immediate, medium-term, and long-term — and connects individual action to collective advocacy.

11

Quick Resources — Module 12

Curated resources on AI and privacy, global privacy law, privacy as a human right, and practical advocacy organisations.

Module 13: Help, Resources & Where to Go Next

13.1 Know Your Rights — Guides by Region

A region-by-region reference for plain-language guides to your data privacy rights, from EU citizen portals to global advocacy organisations.

13.2 File a Complaint — Regulatory Bodies

Where to go when something has gone wrong: complaint portals by jurisdiction, what to expect, and how to prepare an effective complaint.

13.3 Get Legal Help — Organizations & Clinics

When you need more than a complaint form: specialist legal organisations, digital rights groups, and how to find local legal aid for privacy matters.

13.4 Tools & Self-Help — Practical Resources

Free tools you can use today to check data breaches, opt out of data brokers, manage your data on major platforms, and make better-informed privacy choices.

13.5 Stay Informed — Ongoing Learning

Curated resources for keeping up with data privacy developments: news trackers, DPA newsletters, academic research, advocacy actions, and certification paths.