ASDK20003U Data Governance: Law, Ethics and Politics

Volume 2022/2023

Mandatory course on MSc programme in Social Data Science at University of Copenhagen. The course is only open for students enrolled in the MSc programme in Social Data Science.


From Spring 2023, the course is also offered as an elective to Master's programme students at:

Department of Sociology

Department of Political Science (incl. Security Risk Management)

Department of Economics


From the ethics of individual privacy to legal frameworks such as GDPR and legislation regulating tech giants, new data governance issues surface rapidly in the age of social big data. This course introduces students to key legislation, as well as political and ethical debates concerning the governance and security of data in public and private domains. Students are also taught how to collect, process and store data in compliance with ethical codes and legal frameworks. The course provides students with the necessary knowledge and skills regarding data protection and data management, complementing the social data science and programming skills they acquire in the other courses on the master’s programme.

Learning Outcome


  • Account for ethical, legal and political aspects and consequences of the collection and use of social big data for a given administrative or commercial purpose.
  • Understand key legal and social science concepts, ideas, and debates pertaining to the use of social big data in private (profit and non-profit) and public contexts.
  • Show familiarity with the content and implications of national and EU legal frameworks for data collection, usage and storage (i.e. GDPR).



  • Explain and evaluate the quality of own as well as others' use of methods, datasets and analytical approaches in relation to the ethical, legal and political consequences of data governance.
  • Communicate central questions around data ethics – academic as well as policy-oriented – to peers and non-experts.
  • Identify legal, ethical and political issues regarding a concrete data governance problem in an organizational context.
  • Identify and analyse key analytical steps and organizational procedures in data governance and management, from problem to solution.



  • Comply with and navigate existing key legislation, rules, and ethical frameworks for personal data management and governance, including GDPR.
  • Critically assess possibilities and risks associated with uses of data in implementing data governance policies and rules in organizations and institutions based on frameworks from social science and law.
  • Navigate concrete cases of data governance, including identification of problems, risk assessment, final proposal and pilot check of new governance schemes.
  • Design efficient, ethically and legally sound procedures for managing data, including data stewardship, ownership, compliance, privacy, data risks, data sensitivity and data sharing.

500 pages mandatory, plus 200 pages of non-mandatory literature, selected by the teachers. Literature will be in the form of articles, book chapters, blog posts, guidelines, and policy documents.

The course combines lectures, workshops, quizzes, group exercises, student presentations and peer-feedback seminars. There will be guest lectures by experts, especially with respect to teaching related to GDPR and Danish data protection legislation.
  • Category
  • Hours
  • Lectures
  • 28
  • Preparation
  • 56
  • Exercises
  • 42
  • Project work
  • 80
  • Total
  • 206
Continuous feedback during the course
Feedback by final exam (In addition to the grade)
Peer feedback (Students give each other feedback)
7,5 ECTS
Type of assessment
Written assignment
Written assignment, 3 days
Type of assessment details
The exam consists of two separate written essays that students are expected to write in groups.

The first essay is a free assignment with an independently formulated problem. The essay must include an analysis of the legal, ethical and political issues pertaining to a real-world case study related to the application, management and governance of data. Students are expected to draw on arguments and theories from the course literature. The essay should have a clear problem statement and a number of sections analysing the case study from legal, ethical and political perspectives.

The second essay is a three-day take-home assignment. The essay must include an account of how to make a dataset legally compliant with GDPR and the Danish Data Protection Act, and how to assess its ethical compliance with established ethical frameworks, for example the European Code of Conduct for Research Integrity. Students are supplied with a dataset that resembles the types of datasets they will be working on in other courses on the master’s programme. They are asked to give an account of how to make the dataset legally and ethically compliant, including the collection of the data before it was constructed, in how it is processed and analysed, how it is stored, and how it is potentially re-used or repurposed.

The total length of the exam must not exceed:
• For two students: 15 standard pages (approximately 7.5 pages per essay)
• For three students: 20 standard pages (approximately 10 pages per essay)
• For four students: 25 standard pages (approximately 12.5 pages per essay)
All aids allowed
Marking scale
7-point grading scale
Censorship form
No external censorship

The second and third exam attempts will be different from the ordinary examination in two regards: 1) for the first essay, students should answer a substantially new problem statement of their own choosing; 2) for the second essay, the dataset will be different from the ordinary examination.

It will be possible to do the re-examination individually or in groups. For individual submissions, the total length of the essays must not exceed 10 pages (app. 5 pages per essay).

Criteria for exam assesment

The exam will be assessed on the basis of the learning outcome (knowledge, skills and competencies) for the course.