GRA 4137 Data Protection and Ethics in the Modern Business Environment

GRA 4137 Data Protection and Ethics in the Modern Business Environment

Course code: 
GRA 4137
Law and Governance
Course coordinator: 
Samson Yoseph Esayas
Course name in Norwegian: 
Data Protection and Ethics in the Modern Business Environment
Product category: 
MSc in Business Analytics
2023 Autumn
Active status: 
Level of study: 
Teaching language: 
Course type: 
One semester

The course will provide insight into the fundamental concepts in data protection law, a set of norms governing the processing of personal data (information) and protecting the privacy and related interests of individuals. The course will delve into the key ethical concerns related to the use of personal information by businesses and explore the data protection and privacy concerns associated with emerging technologies such as the use of artificial intelligence in decision-making and the challenges of big data.

With a business and practical perspective, the course will equip students with the knowledge and skills to design and implement effective data protection and privacy strategies.

Learning outcomes - Knowledge

This course will provide a comprehensive understanding of the legal and regulatory frameworks governing data protection and privacy. Students will learn about the essential requirements of data protection law in the European Economic Area (EEA) and the European Union (EU), as well as the ethical implications and competitive advantages of using personal information in doing business.

Throughout the course, students will:

  • Learn about key terminology related to data protection
  • Gain a basic understanding of the rules and principles for protecting privacy and personal data, particularly as laid down in EU and other international instruments.
  • Gain detailed knowledge of the EU General Data Protection Regulation (GDPR)
  • Aquire knowledge of the rules concerning the transfer of personal data to other countries
  • Have a basic understanding of Norway`s obligation in the EEA agreement and European law and relevant case law
  • Learn about the ethical challenges in modern business arising from the use of personal information and big data, such as monitoring, surveillance of individual behavior, and offering personalized services and products while limiting individuals' options and choices
  • Explore the big data paradoxes of transparency, identity, and power.
Learning outcomes - Skills

At the end of the course, the students will:

  • Be able to differentiate between legitimate and problematic business behaviour in light of data protection rules
  • Can design and advise on appropriate solutions to address privacy concerns in electronic commerce and Big data
  • Be able to see the potential for technological development and discuss it based on regulations in privacy protection
  • Be able to engage in informed debate on the necessary balance between the need of privacy and control over data in business settings and markets at large
  • Be able to recognise the ethical challenges of Big data analytics and data sharing
General Competence
  • Have developed a special ethical consciousness when assessing data protection
  • Be aware of the grey area outside the clearly defined rules.
  • Understand the ethical principles established in legal standards in the legislation.
Course content
  • Fundamentals of privacy and data protection
  • GDPR and regulation of automated decisions
  • Data protection principles and ethical use of data
  • Privacy by design and data protection impact assessments (DPIA)
  • Rules on international transfer of data
  • Data ethics in the digital economy
  • The future of data protection in light of new technologies
Teaching and learning activities

The course is comprised of about 28 hours of in-class (synchronous) activities and about 8 hours of outside class (asynchronous) activities. As part of the asynchronous activities, students are required to watch videos, participate in group works, online polls and other exercises. The asynchronous activities will either form a basis for the in-class activities (discussion) or are followed by some form of feedback.

Software tools
No specified computer-based tools are required.
Additional information

Please note that while attendance is not compulsory in all courses, it is the student’s own responsibility to obtain any information provided in class. 


All courses in the Masters programme will assume that students have fulfilled the admission requirements for the programme. In addition, courses in second, third and/or fourth semester can have specific prerequisites and will assume that students have followed normal study progression. For double degree and exchange students, please note that equivalent courses are accepted.


Deviations in teaching and exams may occur if external conditions or unforeseen events call for this.

Exam categoryWeightInvigilationDurationGroupingComment exam
Exam category:
Form of assessment:
Written submission
Exam code:
GRA 41371
Grading scale:
Grading rules:
Internal examiner
Examination when next scheduled course
100No 3 Week(s)Group/Individual ( 1 - 3)
Exam category:Submission
Form of assessment:Written submission
Weight: 100
Grouping (size):Group/Individual (1-3)
Duration: 3 Week(s)
Exam code:GRA 41371
Grading scale:ECTS
Resit:Examination when next scheduled course
Type of Assessment: 
Ordinary examination
Total weight: 
Student workload
28 Hour(s)
Student's own work with learning resources
60 Hour(s)
Group work / Assignments
12 Hour(s)
Feedback activities and counselling
10 Hour(s)
This includes creative drafting of privacy policies
Case teaching
20 Hour(s)
20 Hour(s)
Prepare for teaching
10 Hour(s)
Pre- and after-class exercises, polls and recorded videos
Sum workload: 

A course of 1 ECTS credit corresponds to a workload of 26-30 hours. Therefore a course of 6 ECTS credits corresponds to a workload of at least 160 hours.