Skip to main navigationSkip to main content
The University of Southampton

LAWS6141 Internet Intermediaries and Data Protection Law

Module Overview

The focus of this course is upon the regulation of Internet intermediaries’ personal data processing practices, e.g. data processing practices of Internet service providers, Web 2.0 platforms, search engines. There is not much point in protecting users’ personal data if Internet intermediaries regularly collecting and using personal data are not subject to clear restrictions. While it is true that the European Union has one of the most stringent data protection regimes, there are still important gaps in the law when applied to the key actors in the field: Internet intermediaries. It is still unclear how broad the category of data controllers is and which security measures they must put in place to abide by European standards. The following questions will thus be addressed: to which extent Internet intermediaries are constrained by data protection laws? To which extent are data protection laws and data retention laws in conflict? Do breach notification laws promote security? Given the fast-changing nature of the environment, this is a challenging course with a dynamic and evolving subject matter. Whilst seminar outlines and materials are provided, significant emphasis is placed on self-learning, enabling seminars to concentrate on specific topics and issues.

Aims and Objectives

Learning Outcomes

Knowledge and Understanding

Having successfully completed this module, you will be able to demonstrate knowledge and understanding of:

  • identify the legal and public policy challenges posed by the Internet and information and communications technology as regards the development of Internet services and Web 2.0 platforms;
  • identify the key features of international law, regulation and policy considerations in this area, with particular emphasis on the UK, EU, US regulation;
  • assess the fundamental principles of law, including decisions of the courts, that impact upon the processing and retention of personal data by Internet intermediaries with particular reference to European legislative instruments in the field.
Subject Specific Intellectual and Research Skills

Having successfully completed this module you will be able to:

  • apply privacy, data protection and data retention laws
  • evaluate the solutions adopted in the light of current Internet intermediaries’ practices and in particular their implications in terms of the monitoring of users;
  • critically assess how law, technology and policy operate and interact as regulatory modalities
Transferable and Generic Skills

Having successfully completed this module you will be able to:

  • Critically analyse legal and policy positions from a variety of sources;
  • Clearly communicate and discuss complex ideas and arguments in writing;
  • Undertake independent research.
Subject Specific Practical Skills

Having successfully completed this module you will be able to:

  • Developed research skills and knowledge of relevant legal resources in preparation for classes
  • Developed the ability to solve problems and undertake critical analysis of relevant legal issues:
  • Developed competence in the use of key online and offline legal resources;
  • Exercise time management skills.


The module intends to examine the legal and public policy ramifications of the processing and retention of personal data by Internet intermediaries. The focus of the course is therefore on the legal rules that aim at confining internet intermediaries’ practices when collecting, storing, using and transferring personal data. With this said, themes relevant throughout the module will be discussed, such as globalisation, jurisdiction, law enforcement, surveillance. Since the Internet is a cross-border network, sources will be drawn from around the globe but with an emphasis on the legal systems of the UK, the US, and the EU. The syllabus is centred on 3 themes: the processing of personal data by intermediaries, breach notification obligations and data retention obligations. Internet law is dynamic in nature, therefore an element of flexibility must be preserved vis-à-vis the syllabus, which must and will continue to evolve. Here is an indicative outline of what the syllabus could look like: Introduction to the course The different categories of intermediaries The different types of data Intermediaries as data controllers Consolidation seminar ISPs and deep packet inspection practices Breach notification laws The right to be forgotten Data retention obligations Presentation seminar

Learning and Teaching

Teaching and learning methods

·         Your ability to discuss key principles and their limitations with your peers;

Independent Study130
Total study time150

Resources & Reading list

Lloyd I. (2014). Information Technology Law. 

Murray, A (2013). Information Technology Law. 

Bainbridge D (2014). Information Technology and Intellectual Property Law. 

Reed, C (2012). Computer Law. 

Rowland Dl (2011). Information Technology Law. 

Graham J H Smith Bird & Bird (2007). Internet Law and Regulation. 





MethodPercentage contribution
Research essay  (4000 words) 100%


MethodPercentage contribution
Research essay  (4000 words) 100%
Share this module Share this on Facebook Share this on Twitter Share this on Weibo
Privacy Settings