
This lecture aims to jump-start the course with a couple of stories to illustrate why data protection and privacy matter. We will then cover the goals and why we created this course.
The lecture outlines the course structure and explains the leaner categories signals used to identify content types. Learning principles from Richard Feynman should improve learning outcomes.
WHY
The whole point of education is to grow. Understanding if we have gained knowledge and skills can help to take an honest snapshot before and after the course for comparison. A survey can help identify gaps and areas where reinforcement is still required and act as a confidence booster for the time invested.
HOW
Please take this survey before and after the course to measure your progress.
Imagine that you are having a conversation with an interested party. Your interlocutor could be your boss, the board or even your gran. How comfortable are you in explaining the concepts suggested by the questions?
Rate yourself from 1 to 5 for each question and enter the score in the appropriate column.
1 = I have little or no knowledge
2 = I have some knowledge
3 = I can talk about this
4 = I have a good level of knowledge
5 = I have an expert level understanding
Understand the course with a detailed walkthrough of each section.
A quick intro to this section.
Whether we like it or not, we have arrived at a world of big data. We debate the pro’s and cons of others knowing so much about us. Finally, we set the scene for the following lecture.
Be scared, be very scared. We explore the hidden patterns about us in our data and the potential for manipulation through nudging.
Hidden in plain sight are the data brokers. What we don’t realise is just how much power they have over us. Data sold industrially can allow others to know us better than we know ourselves. In this lecture, we will explain the main drivers for the existence of these behemoths.
Hopefully, we shocked you in the previous lecture. But, what happens if the data, your data, is “liberated” by the wrong types? There are consequences, and they can cost.
Recap of the section. Hopefully, you are now motivated to tackle the next section.
You will understand data, information, knowledge and wisdom in terms of hierarchy as well as data, meta-data and big data definitions.
We will use a famous machine learning example to make a case for data ethics.
We introduce the concept of a data culture. What are the components, and where do responsibilities lie for the manipulation and storage of data.
Our course now introduces standards, laws and ethics and how they interplay within our world of data.
There are a considerable number of standards. Why do they matter, and how do we see a bigger picture to help us determine our needs?
Data protection and privacy laws have gone global. In this lecture, we will take an overview of where they came from and why we need them. Then, we will consider the rights and obligations of GDPR and E-privacy.
Data ethics isn't just about compliance—it's a powerful tool for excellence. By embedding ethical principles into our data practices, we can build more trustworthy products and services that deliver genuine value to users while respecting their privacy and rights. When we prioritize data ethics, we solve existing problems and create opportunities for innovation that benefit both our business and our customers.
Section recap.
We explore data governance and management. Who does what to what, and where do the responsibilities sit?
Can Sir Tim Berners-Lee save us with SOLID?
Valuable tools, websites, books and TED talks.
Section recap.
Over to you now. You can make a difference!
CONGRATULATIONS!
You have finished the course. All you need to do now is to complete the self-survey. Hopefully, you have already done the pre-course component. (No problem if you have not, simply try to remember your starting point and then try to determine an appropriate score.)
WHY
The whole point of education is to grow. Understanding if we have gained knowledge and skills can be demonstrated if we take an honest snapshot before and after the course for comparison. A survey can help identify gaps and areas where reinforcement is still required and act as a confidence booster for the time invested.
HOW
Please take this survey before and after the course to measure your progress.
Imagine that you are having a conversation with an interested party. Your interlocutor could be your boss, the board or even your gran. How comfortable are you in explaining the concepts suggested in the questions?
Rate yourself from 1 to 5 for each question and enter the score in the appropriate column.
1 = I have little or no knowledge
2 = I have some knowledge
3 = I can talk about this
4 = I have a good level of knowledge
5 = I have an expert level of understanding
Slides & Downloads & Lecture support materials
- PDF File - Course slidedeck. (The animations are collapsed and therefore there is a little less value)
- PPT File with animations. Actually, it was used to create the course.
In this brief video, I outline the reasons for extending the Data Privacy and Protection course.
There is often a significant ethical, legal, and administrative lag when technological advancements leap forward, which is especially true in today’s rapidly evolving landscape.
The goal of these new modules is to build on the data protection and privacy concepts you’ve already mastered, and to project them into the near future. With the rapid and transformative adoption of large language models (LLMs) and generative AI, it’s crucial that we adapt swiftly to stay ahead. As data scholars, I believe it’s essential that you can engage with these emerging technologies confidently.
Some of the new lectures are already live, and you’ll find the complete content map in the next lecture.
In this session, I’ll also highlight the market opportunities for the next wave of billion-dollar companies that will harness LLMs and generative AI to create innovative and far more practical use cases.
Lecture 5 – Data Flow – Taking data from input to output.
This lecture is in two parts. Part 1 deals with the more theoretical aspects of LLM and GenAI, and part 2 deals with more usage and practical considerations.
Part 1 Learning outcomes
Describe LLM data flow
Describe LLM data transformation
Identify how LLM and GenAI tools might leak private, IP, and company confidential information to a public audience.
In Part II of lecture 5, we dive into practical applications of Large Language Models (LLMs) with hands-on examples. We'll combine the power of DALL·E and ChatGPT to generate compelling images and explore how to use these tools effectively for storytelling. Additionally, we'll uncover a major "gotcha" that could expose enterprises to competitive risks—critical knowledge for anyone working with LLMs in a business setting.
This 5-part series explores critical ethical considerations in data privacy and protection for Large Language Models and Generative AI. Please ensure you have completed the pre-ethics lecture quiz before proceeding - this will help you warm up and refamiliarise yourself with key concepts covered earlier in the course.
Learning Outcomes
By the end of this lecture, you will understand:
How the demand for human profiling has reached unprecedented levels
How LLMs and Generative AI enable sophisticated profiling techniques
The implications for behaviour prediction and digital avatar creation
This lecture explores the evolution of human profiling, from early military applications like the Canadian Air Force's psychometric testing for pilot selection, to modern recruitment practices. We'll examine how LLMs and Generative AI have dramatically amplified these capabilities, raising crucial ethical concerns about data usage and privacy implications. This forms an essential part of our broader discussion on responsible innovation in AI development."
Learning Outcomes
By the end of this lecture, you will:
Understand how LLMs and Generative AI models can inadvertently leak highly sensitive data.
Recognise the importance of responsible innovation and how to support it.
Lecture Overview
This lecture examines the ways AI models can be exploited through reverse engineering techniques, such as membership inference attacks, to extract personal or sensitive information. These methods can compromise user consent and expose data that may have been used without permission.
We explore how profiling, reverse engineering, and membership inference attacks operate at the fringes of legal and ethical standards. By highlighting these risks, we underscore the urgent need for ethical frameworks and responsible AI development.
Learning Outcomes
By the end of this lecture, you will:
Understand the unique sensitivity and multi-generational impact of DNA data
Recognise the critical importance of enhanced data protection measures for genetic information
Lecture Overview
Using the storyline from 'No Time to Die' as a case study, we'll explore how DNA data can affect multiple generations and cross geographical and ethnic boundaries. We'll conclude by revisiting our responsible innovation framework, emphasising the crucial importance of incorporating risk assessment into AI projects involving sensitive genetic data.
Learning Outcomes
By the end of this lecture, you will:
Understand how compromising ethical principles can lead to corporate downfall
Recognise how established ethical frameworks from engineering, law, and medicine can guide AI and data practices
Appreciate the unique position of data scholars in shaping ethical AI development
Lecture Overview
This lecture examines critical ethical challenges in AI, including access equity, labour disruption, misinformation, environmental impact, and data protection. We'll study how traditional professional ethics can inform AI development, concluding with the Boeing 737 MAX case study - a powerful illustration of how prioritising profit over ethics can threaten even the largest organisations. Through these examples, we demonstrate both the feasibility of ethical practice and the consequences of neglecting it.
Final Part: Practical Steps for Ethical AI
In this concluding lecture, we bring together our discussions on the ethics of LLMs and Generative AI by outlining actionable steps you can take to navigate these challenges responsibly.
We explore key resources from organisations such as the OECD, the UK government, and IBM, alongside HSBC’s clear stance on AI ethics. Additionally, we examine how Unilever has successfully translated policy into practice, offering valuable insights into implementing ethical AI frameworks.
A core takeaway is our O.R.A. framework:
Observe deeply – critically analyse AI decisions and their broader implications.
Record critically – document findings to identify risks and biases.
Act responsibly – implement ethical safeguards and advocate for responsible AI use.
We provide materials and templates to support this approach, emphasising the importance of assessing the entire decision-making process, not just the algorithm, when evaluating bias and fairness.
Additionally, we consider best practices for testing AI for bias, questioning who is providing guidance and who is funding these initiatives.
Finally, we conclude with a key message: ethics in AI is an investment, not a constraint. Our case studies demonstrate that ethical AI is not only necessary but also beneficial. By embracing education and understanding ethical principles, we can strike a balance between innovation and responsibility, ensuring AI serves society in a fair and transparent manner.
Please read this before attempting the roleplay that follows
Lecture Overview: Making the Case for Laws
We make the case for laws. Even without laws we have the law of the jungle, laws of physics. We step through examples of what happens when laws do not exist through the experience of farmers and the buying market. No matter how you work around the system eventually you will be caught out. We see how there is a step by step building of new and innovative finance mechanisms again possible because of the trust.
We see how laws are there for redress and risk management but also for codifying societal values. Once we have society buttressed and backstopped we can go on to create amazing complex products such as jet planes. Aircraft carriers are perhaps the ultimate in complexity from man management to operations to equipment; these are possible because of the trust gained from the fair application of laws.
We take a historical view to see how disparate civilisations such as the Greeks and Chinese came to the conclusion that something was needed. They come from different perspectives, geographies, traditions and with a need to solve the problems in front of them. We list many civilisations and groupings of people such as the Norse, Mayans, Aztec, Islamic traditions, Egypt and Mesopotamia to show that there was an imperative and inevitability to the emergence of laws.
Learning Outcomes:
By the end of this lecture, learners will be able to:
Explain why laws are fundamental to human society by comparing different forms of order (natural laws, social laws, and absence of laws).
Analyse real-world examples demonstrating the consequences of operating without established legal frameworks, particularly in agricultural and market contexts.
Describe how trust established through legal systems enables the development of sophisticated financial mechanisms and complex technological achievements.
Identify the multiple functions of laws, including providing redress, managing risk, and codifying societal values.
Compare how diverse civilisations across different geographies and time periods (Greek, Chinese, Norse, Mayan, Aztec, Islamic, Egyptian, and Mesopotamian) independently developed legal systems, demonstrating the universal imperative for codified laws in human societies.
Lecture Overview: Special Case for AI and Data
We stack up the case for and against when it comes to the consideration of whether or not we should make a special case for AI and Data laws. Should we regulate AI and Data or not?
On the regulate side we consider items such as: all tech needs regulation e.g. electricity and internet. Predictability, explainability, ethical and societal impacts, dual use, security risks and more.
On the not regulate side we consider: risks are overstated. Just another tool e.g. self-driving cars are just transportation, regulatory uncertainty. A strong case for business and market forces to self-regulate and eliminate bad solutions. How can you regulate a fast moving target? Most AI regulation is a refinement of what was there before.
Our answer seems that both sides are correct to a certain degree, which is a dilemma.
What can be done and what's the approach: international coordination, iteration, experimentation with pilots and sunsets, risk and principle based.
Learning Outcomes:
By the end of this lecture, learners will be able to:
Articulate the key arguments both for and against creating specific regulatory frameworks for AI and data technologies.
Evaluate the parallels between AI regulation and historical precedents in regulating other technologies such as electricity and the internet.
Analyse counterarguments to AI regulation, including concerns about regulatory uncertainty, market self-correction, and the challenges of regulating rapidly evolving technologies.
Recognise that both regulatory and non-regulatory perspectives contain valid points, creating a genuine policy dilemma for lawmakers and society.
Identify potential approaches to addressing the AI regulation challenge, including international coordination, iterative policy-making, pilot programmes with sunset clauses, and risk-based or principle-based regulatory frameworks.
A Guided Tour Through the Deepdive
To make the journey more engaging (and a bit more fun), this module uses a set of visual icons—including an elephant, cheese, a Norman castle, bears, a Chinese dragon, a cowboy, a wizard, and others. Each icon represents a recurring theme or concept, helping you remember key points and follow the narrative throughout the lessons.
You’ll also meet a judge, who appears throughout the module—clearly irritated by the growing debate over whether existing laws are still good enough for AI. Two bears represent the opposing side in a boxing match type scenario. Their disagreement becomes a running theme, and they reappear later as the legal arguments intensify.
Why Insurance Matters: LLMs Make Mistakes
A central point in this introductory lecture is the importance of risk management and insurance.
Even the most advanced generative AI models can produce errors, hallucinations, bias, or unexpected outputs. These mistakes can cause real financial, reputational, or legal harm. This lecture highlights:
Why LLMs are inherently probabilistic, not perfectly reliable
The types of gaps and inaccuracies AI systems introduce
Why individuals, organisations, and developers must begin thinking about insurance, liability allocation, and risk-transfer mechanisms
This sets the foundation for understanding why legal safeguards—and sometimes entirely new regulatory tools—may be needed.
How the Deepdive is Structured
The rest of the module is broken into clear, focused sections to help you navigate the complexity:
Existing Legal Frameworks
How current laws such as tort, product liability, IP, consumer protection, and data protection apply to AI today.
Narrow/General and Vertical/Horizontal Approaches
Exploring the different ways governments regulate AI—from high-level principles to sector-specific rules.
Risk-Based Frameworks
Understanding models like the EU AI Act, and why risk classification is increasingly central to regulation.
Human in the Loop
The requirement for meaningful human oversight and why it matters for accountability and safety.
Emerging LLM and GenAI Issues
New challenges: hallucinations, copyright disputes, model collapse, agentic behaviour, data contamination, foundation-model governance, and more.
Gaps
Where current law fails: transparency, fairness, foreseeability, collective harms, data governance, safety-by-design duties, and cross-border issues.
Story + Assessment
The module concludes with a narrative scenario tying everything together, followed by an assessment to reinforce understanding and check your grasp of the deepdive content.
What Students Should Expect
This lecture sets expectations:
The Deepdive module is deliberately rich, detailed, and extensive
You will encounter recurring characters and icons to guide learning
You will explore both the capabilities and limitations of AI
You will understand why mistakes, liability, and insurance cannot be ignored
And you will be prepared for the complex—yet rewarding—content that follows
This lecture examines how existing legal frameworks attempt to regulate AI—particularly Large Language Models (LLMs) and generative AI—and why many experts argue that traditional laws are no longer enough. Through real-world cases, we explore the ongoing debate about whether AI requires new, dedicated regulation or whether current rules simply need to be applied more rigorously.
How Existing Laws Already Apply to AI
Across industries, governments and courts increasingly rely on established legal regimes to respond to harms caused by AI systems. In this lecture, we break down the main frameworks—along with illustrative cases that reveal their strengths and limitations.
Key Legal Areas
Product Liability – Responsibility for harms caused by AI products and automated decision tools.
Intellectual Property – Ownership of training data, copyright disputes, and generative outputs.
Consumer Protection – Misleading claims, dark patterns, and unsafe automated services.
Contract Law – Licensing, terms of service, provider–user obligations, and risk allocation.
Data Protection – GDPR and global privacy regimes governing personal data used to train, run, or evaluate AI systems.
Tort / Negligence – Duty of care in deploying or supervising AI systems.
Anti-Discrimination Law – Preventing biased decision-making that harms protected groups.
Cybersecurity Obligations – Safeguarding AI systems and data pipelines.
Competition Law – Market concentration, access to data, interoperability, and platform power.
Employment Protections – Fairness and due process in automated hiring and workplace monitoring.
Human Rights / Administrative Law – Transparency, procedural fairness, and accountability when governments use AI.
Case Examples Covered in the Lecture
2021 Uber Eats Facial Recognition Failure – A driver was locked out of the platform due to AI-powered identity verification that misidentified people of colour, raising discrimination and consumer protection concerns.
2025 Breach of Duty of Competence by Lawyers – Attorneys were fined $10,000 for submitting filings containing fabricated AI-generated case citations, illustrating negligence and professional-standards liability.
2025 Raine v. OpenAI – A wrongful-death lawsuit alleging an LLM acted as a “suicide coach” and encouraged self-harm, triggering debate around product liability, foreseeability, and platform responsibility.
These examples show that while existing laws can be applied, they often struggle to respond effectively to AI systems’ scale, complexity, and unpredictability.
Where Current Laws Fall Short: The Regulatory Gaps
Despite broad legal coverage, generative AI exposes structural gaps that existing frameworks were never designed to handle. We explore the areas where regulation consistently fails to keep pace.
Key Gaps
Autonomy & Foreseeability – AI that adapts, evolves, or produces unexpected outputs challenges traditional liability models.
Opaque Decision-Making – “Black-box” models undermine transparency and accountability.
Bias & Fairness – Existing anti-discrimination laws struggle with data-driven, systemic, or indirect bias.
Collective Harms – Impacts to groups, democratic processes, or societal trust are hard to address with individual-focused legal remedies.
Data Governance – Persistent issues with training data quality, ownership, lineage, and consent.
Safety-By-Design Duties – Few explicit legal obligations require developers to test, document, or mitigate AI risks before deployment.
Transnational Issues – AI systems and data flow across borders faster than regulations can align.
Case Examples Covered in the Gaps Section
2018 Amazon AI Recruitment Tool – The company abandoned an automated hiring system after discovering it systematically downgraded CVs from women, illustrating deep-rooted algorithmic bias and the difficulty of proving intent under current law.
2016–2020 Australian “Robodebt” Scandal – An automated welfare-debt recovery system wrongfully targeted vulnerable citizens, leading to unlawful debts, financial harm, and a major public inquiry—showing what happens when human rights and administrative safeguards fail.
What Learners Will Gain
By the end of this lecture, learners will understand:
How existing laws attempt to regulate AI
Why certain harms still escape legal accountability
The real-world consequences of regulatory gaps
How these shortcomings are driving global proposals for new AI-specific laws and safety frameworks
This lecture provides essential context for anyone working with AI, ensuring they understand not only the legal landscape today but also the emerging challenges shaping tomorrow’s regulations.
In this lecture, we continue the debate introduced earlier: Should AI and data be treated as exceptions that require new, dedicated laws, or can existing legal frameworks evolve to cope with emerging technologies? To explore this question, we introduce a structured thinking tool that helps students analyse AI use cases with greater nuance and clarity.
Introducing the 2×2 Framework
We present a simple but powerful analytical tool:
a 2×2 matrix with the dimensions Narrow vs. General, and Vertical vs. Horizontal regulation.
To ground the concepts, we begin with non-AI examples:
Aviation – a narrow and vertical domain with highly specialised, sector-specific rules
Wheelchair accessibility ramps – a general, horizontal requirement applied across public spaces
Food safety regulation – largely general, but with vertical components for specific industries
Employment law – a horizontal framework applying broadly across sectors
These examples help students understand how different areas of society are regulated—and how this structure might be applied to AI.
Applying the Framework to AI Use Cases
We then apply the 2×2 matrix to several important AI domains:
AI Medical Imaging – high-stakes, specialised, and sector regulated
AI Content Moderation – widely used across platforms with varying degrees of oversight
AI in Banking – domain-specific compliance requirements and risk controls
LLMs (Large Language Models) – flexible, general-purpose technologies used across many industries
Students learn to place each example in the matrix and explore how regulation might differ depending on how “general”, “narrow”, “vertical”, or “horizontal” the technology and its risks are.
Gamification: Your Turn to Score the Quadrants
To reinforce the learning, students participate in an interactive scoring exercise.
They rate each quadrant and decide where each AI use case best fits. The goal is not to arrive at a single “correct” answer but to challenge assumptions and reveal how complex real-world regulatory decisions can be.
By comparing their own placements with typical policy approaches, students appreciate that the question:
“Should AI and data be treated as exceptions?”
does not have a simple yes-or-no answer.
Instead, the framework encourages them to see the nuance—how context, risk, domain specificity, and societal impact all shape regulatory choices.
A Unique Conclusion: Let the LLMs Decide
At the end of the lecture, we pose a twist:
four different LLMs are asked to complete the same matrix exercise.
Students compare their own scoring with the outputs of multiple AI models—highlighting:
the diversity of AI-generated reasoning
the lack of consensus among models (or the agreement)
the importance of human judgment in regulatory debates
This final comparison reinforces the central theme of the module: AI regulation is complex, contextual, and requires thoughtful interpretation.
This short lecture introduces a four-part series that looks at how we think about risk and responsibility in AI and data protection. We will cover risk classification systems, proportionate obligations, compliance mechanisms, and international comparisons.
We will start with a brief recap of the narrow, wide, vertical, and horizontal models that are often used to decide which types of AI require additional regulation. These models are useful, but they are not enough on their own. AI systems can fail in ways that have serious, even catastrophic consequences, and our thinking needs to account not just for scope, but for likelihood and impact.
To do that, we can borrow from how other industries manage safety-critical systems. By explicitly incorporating risk into our models, we get a clearer way to think about foreseeability, responsibility, and the unintended consequences of AI when things go wrong.
In this lecture we look at how risk can give us a practical way to decide when AI needs closer control. We start with a simple risk chart that plots severity against likelihood, and use familiar health and safety examples from construction to show how the same hazard can look very different depending on the environment, how often it occurs, and how long exposure lasts. A paper cut in an office is not the same as a paper cut on a factory floor, and repeated exposure changes the picture again. We then compare conditions like Raynaud’s syndrome with the quieter cognitive effects that can emerge from repeated use of AI, including deskilling, reduced attention, and long term cognitive strain.
We introduce the idea of the near miss and connect it to a real case from the UK, where the circulation of unprotected Excel files created serious risks to lives, operations, and costs. Finally, we look at how Europe is using risk as the foundation of governance in the AI Act, with a brief comparison to the approaches taken in the US and China.
The key message is simple. We do not need to invent a new discipline from scratch. Risk management already works well in safety critical sectors. Good documentation, including the capture of near misses, improves processes and outcomes. And by actively managing risk, organisations are also putting themselves in a much stronger position when it comes to insurance and long term accountability.
By the end of this lecture, you should be able to:
Use a simple severity and likelihood chart to assess when AI systems need additional controls
Understand how environment, repetition, and timescale change the risk profile of the same hazard
Recognise the value of near misses as early warning signals in AI and data protection
Explain how risk-based governance is shaping the European AI Act and how it compares internationally
See how active risk management supports better processes, accountability, and access to insurance
This lecture is the second part of our series on risk based frameworks, following risk classification and setting the groundwork for compliance mechanisms and international comparisons.
We begin by revisiting how looking only at narrow and wide, or vertical and horizontal uses of AI, pushed us toward risk as an additional dimension for regulation. From there, we extend the model further by introducing factors such as complexity, systemic importance, protected interests, reversibility, autonomy, scale, and the role of humans in the loop.
The focus then shifts to what this means in practice. To meet objectives like financial stability, market integrity, and consumer protection, these dimensions have to be translated into concrete obligations. That includes governance, technical documentation, transparency, human oversight, post-market monitoring, and certification. The core challenge, and the theme of this lecture, is how to scale those obligations in a way that protects people and markets without unnecessarily constraining innovation.
By the end of this lecture, you should be able to:
Explain why risk needs to be considered alongside narrow, wide, vertical, and horizontal models of AI regulation
Identify additional dimensions that influence regulatory attention, including complexity, scale, autonomy, and systemic importance
Understand how protected interests, reversibility, and human oversight affect regulatory expectations
Link regulatory objectives such as financial stability, market integrity, and consumer protection to concrete obligations
Recognise how proportionate obligations help balance innovation with meaningful safeguards
This lecture is the third part of our series. We have already looked at risk classification systems and proportionate obligations. Now we turn to compliance mechanisms, which is where strategy becomes operational.
We begin with a simple question. What is a mechanism? In this context, it is not a policy statement or a good intention. A mechanism is something that forces a decision, records that decision, allows it to be audited, and, where necessary, triggers action. We will walk through these four stages. The first three are mandatory if compliance is to be credible. The fourth is more complicated, because action does not always follow automatically from identified risk.
We briefly recap risk and the different dimensions we have discussed, then examine how obligations must scale to match risk in practice. From there we introduce a simple three-part framework. Before, during, and after.
Before focuses on governance and accountability, escalation paths, policy frameworks, and assurance structures that prevent unmanaged systems from going live. During looks at monitoring, service management, and operational discipline. ITIL provides a useful reference point here, alongside ongoing assurance. After, or remediation, covers incident handling, root cause analysis, preventive actions, evidence gathering, audits, and where relevant, insurance and external support.
Throughout the lecture we use a thought experiment. Bear 2.0 is a must-have technology for modern farming. It delivers clear benefits, but unsafe use, weak policy, or poor standards can lead to harm, including to animals such as chickens. The scenario helps us test whether our mechanisms are real or just theoretical.
We close with a few core messages. Documentation is not bureaucracy, it is an operational tool. Near misses and incidents are signals that require action. And the point of compliance is not to slow innovation, but to build trust, resilience, and defensibility when things go wrong.
This lecture is the fourth and final part of our series. We have looked at risk classification systems, proportionate obligations, and compliance mechanisms. Now we step back and look outward at international comparisons, focusing on the EU, the US, and China.
To make this practical, we use the idea of archetypes. How do these countries see themselves?
China as the Dragon. Patient, strong, focused on renewal and civilizational continuity, where the state and collective stability come first.
The United States as the Cowboy. Forward-looking, experimental, idea-driven, built on individuality and speed of innovation.
The European Union as the Wizard. Shaped by fragmentation rather than unity, cooperative by necessity, marked by the experience of two world wars, and inclined toward rule-making and balance.
These archetypes can help explain how each approaches AI governance. We use the example of electricity to remind ourselves that major technological differences, such as 110 versus 220 volts, were managed through standards and coordination. The question is why something similar cannot emerge for AI.
A simple Venn diagram helps us explore areas of overlap, divergence, and potential alignment. It allows us to move beyond competition and look at shared interests. We also consider how other countries might take a seat at the table, drawing on their strengths in culture, data, technology, natural resources, and finance to influence the global conversation.
We end with the idea of civilizational technologies. AI, like electricity before it, reshapes societies at a deep level. Everyone can contribute to how it is governed. But no one can rewrite mathematics or physics. There are limits, and within those limits there is space for cooperation as well as competition.
Lecture Overview: Meritocracy – Be Careful What You Wish For
Meritocracy seems an obvious and good thing for how we choose people to rule and make laws for us. We strip away a veneer to point out that the path of meritocracy can have unintended consequences. The system and the ruled will choose someone or a group most suited to play by those rules.
We then look into how power is suited to international cooperation and the need for speed often at the expense of legitimacy. We argue for a blended model yet the warnings from history, especially Polybius, suggest that whatever system we have now will either evolve or will be corrupted.
Again we face a dilemma with the need for laws and regulations that may or may not be accepted by the type of system that is in operation that we live under. How do we manage the oligarchy who offer us solutions, great benefits but at the same time exhibit a self-serving attitude?
We end on the question of needing legal solutions for AGI in a shifting legal landscape and a changing world power dynamic.
Learning Outcomes:
By the end of this lecture, learners will be able to:
Critically evaluate the concept of meritocracy, identifying both its apparent benefits and its potential unintended consequences in selecting leaders and lawmakers.
Analyse how meritocratic systems can inadvertently select for individuals who are best at gaming the system rather than those most suited to governance.
Assess the tension between the need for speed and international cooperation in governance versus the requirement for democratic legitimacy, particularly in the context of AI regulation.
Apply historical insights, particularly from Polybius, to understand how political systems inevitably evolve or become corrupted over time.
Evaluate the challenge of creating effective legal frameworks for AGI when those frameworks must be developed and implemented by potentially oligarchic power structures with self-serving interests, all within a shifting geopolitical landscape.
In this lecture, we make the case that Human in the Loop means very little if the human involvement is not actually meaningful.
Using examples from the airline industry and trading markets, we explore how difficult, and sometimes impossible, it can be for humans to intervene during emergencies where events unfold faster than human cognition can react. We ask an uncomfortable question: if humans cannot respond in time, are they really still in control?
We also look at studies showing how human skills degrade when they are no longer regularly used. This is then linked back to students using LLMs and the decline in understanding that can happen if critical thinking is replaced with overreliance on AI tools. We review an anonymised student coursework submission that is clearly an LLM-generated response and revisit the Feynman principles discussed earlier in the course.
We then break down what makes Human in the Loop truly meaningful. For meaningful HITL, the human must have:
Comprehension
Agency
Authority
Accountability
But these only matter if the human can complete the full action chain:
Observe → Understand → Decide → Intervene
If any part of that chain is missing, the human involvement may only be symbolic.
We then compare six different placements of humans in relation to AI systems:
Human in the loop
Human in the loophole
Human on the loop
Human out of the loop
Human after the loop
Human before the loop
Finally, we place these models on a spectrum showing how much control humans really retain over AI systems. We reconnect this discussion back to earlier debates in the course around regulation, risk, and governance, including how approaches from the EU, USA, and China may differ.
What students will learn:
Why meaningful human involvement matters
How speed and scale can undermine human oversight
The hidden costs of both using and not using HITL
How organisations may game or weaken human oversight mechanisms
Why Human in the Loop can become more about appearances than real control
In this lecture, we make the case that transparency is not optional. It is an obligation. We also challenge the assumption that organisations can realistically avoid transparency once AI systems begin affecting people in the real world.
Using a gamified car rental case study, students investigate the introduction of an AI system and attempt to identify where faults actually occurred. Using the six Human in the Loop placements introduced earlier in the module, students examine whether the real issue came from:
Human in the loop
Human in the loophole
Human on the loop
Human out of the loop
Human after the loop
Human before the loop
The exercise encourages students to separate visible symptoms from the underlying governance failures that created the problem in the first place.
We then explore how transparency improves decision making, exposes weak safeguards, and helps organisations identify practical solutions earlier.
The lecture maps key risks against the six HITL categories, including:
Real world and edge cases being missed
Errors propagating through systems
Harm already being done before intervention
Passive oversight and accountability gaps
Liability laundering
Automation bias where humans add little real value
We finish with a set of practical takeaways:
Governance starts at design stage and must consider later operational stages
Systems remain responsible and safeguards must be transparent
If harms occur, redress processes must also be transparent
Monitoring is not the same as control
Organisations can hide behind weak oversight structures
Human involvement alone is not enough, the quality of involvement matters
What students will learn:
Why transparency is central to meaningful Human in the Loop
How governance failures can be hidden behind process and automation
Why oversight mechanisms must be scrutinised
The difference between visibility, accountability, and real control
Why transparency often reveals deeper organisational problems
In this lecture, we begin exploring one of the most important questions in AI governance: when something goes wrong, who is responsible?
Using a city drone delivery service as our case study, students are challenged to identify as many potential liabilities as possible. These include obvious risks such as dropped cargo, but also less obvious issues including privacy breaches, noise pollution, restricted airspace, safety risks, data protection concerns and regulatory compliance.
We then introduce the major liability categories used by legal systems today:
Strict Liability
Negligence
Product Liability
Vicarious Liability
Contributory Liability
For each category, we examine what it means, why it exists, and the types of organisations most likely to be affected.
The lecture also includes a thought experiment on how these traditional liability concepts may evolve as AI systems become more autonomous and decision making becomes increasingly distributed across people, systems and organisations.
What students will learn:
The major liability frameworks used today
How liability can arise in AI-enabled systems
Which organisations are most exposed to different forms of liability
Why identifying responsibility becomes harder as automation increases
In this lecture, we continue the liability discussion through a gamification exercise that reveals an important lesson: assigning liability is rarely straightforward.
We begin by reviewing an earlier exercise and examining why the first attempt at categorising liability produced inconsistent results. This creates an opportunity to explore how humans and AI approach problems differently.
Students compare human reasoning with LLM-generated reasoning. We examine how humans often work through competing facts, uncertainty, jurisdictional differences, strategy, tactics and legal interpretation before reaching a conclusion. LLMs, by contrast, are heavily influenced by patterns found in their training data and may favour the most common answer rather than the most appropriate one.
The result is a practical demonstration of why AI can struggle with legal categorisation and why liability disputes often require detailed investigation.
The central message of the lecture is simple: we have legal processes because assigning responsibility is difficult. If liability were obvious, courts, regulators and investigations would not be necessary.
What students will learn:
Why liability categorisation is challenging
How human and AI reasoning can produce different outcomes
Why legal systems rely on structured processes to resolve disputes
The limitations of LLMs when analysing accountability and responsibility
In this final lecture, we examine the pathways that lead from an incident to accountability.
We explore concepts such as control versus oversight, shared responsibility, causality, traceability and precedent. These ideas form the foundation of how organisations, regulators and courts investigate failures involving AI systems.
Students are introduced to a practical investigation toolkit covering:
Identifying actors and building timelines
Understanding control and oversight relationships
Determining legal duties and responsibilities
Analysing failures and resulting harms
Assessing how judges and regulators may approach a case
The lecture includes worked examples using the Duty → Breach → Liability framework to show how legal responsibility is established in practice.
We conclude by returning to one of the central themes of the course. While policymakers continue to debate whether AI requires entirely new laws, existing legal systems already contain powerful mechanisms for holding organisations and leaders accountable. AI systems are not legal persons. Responsibility ultimately sits with the people who design, deploy, govern and profit from them.
In many respects, executives, directors and organisational leaders become the real Human in the Loop.
We also examine how mature industries such as aviation and construction have improved safety and accountability by ensuring that responsibility is shared across everyone involved in the process.
What students will learn:
How investigations establish accountability
The role of causality, oversight and control in liability assessments
How the Duty → Breach → Liability framework operates
Why organisational leaders remain accountable for AI systems
What AI governance can learn from aviation, construction and other high-risk industries
Executive Summary
You will learn about the eyewatering costs and the reputational damage to organisations when things go wrong with data privacy and protection
If you can get your organisation to adopt data ethics faster, you can then unlock responsible innovation, growth and better outcomes from your IT & AI projects
Your route to success can no longer ignore the need for a better data culture, and we will explain why
You can mitigate the scary risks outlined in this course through the adoption of standards
And yes, we will cover GDPR and E-Privacy
New for 2026: From Data Protection to AI Governance
We are now seeing a clear trend: data protection and privacy professionals are increasingly becoming the natural candidates to step into AI governance roles.
This course is evolving to support that transition.
Building on the strong foundations in data protection, we are expanding the course to address the realities of AI systems, including Large Language Models (LLMs) and Generative AI.
These technologies are advancing rapidly, but they also introduce significant privacy, ethical, and governance challenges.
What’s new:
New modules focused on LLMs and Generative AI
Practical insights into how data flows through AI systems
Expanded coverage of ethics, risk, and governance in AI
New content is being released on an ongoing basis, with several lectures already live and available to you.
This approach ensures the course stays current, relevant, and aligned with real-world developments — helping you move from traditional data protection into the emerging field of AI governance.
Who
We’ve written this course with three types of personas in mind. If you fit within one of the following categories, the course is for you.
High-level executives and managers who need a helicopter view
IT Professionals who need direction to deliver projects
Ninjas, the techies and specialists who need to be more granular
Why Talking About These Topics is so Hard?
You have probably found some resistance if you have ever tried to talk about GDPR. Typically people are not interested, and the topic is boring. They say the issues raised get in the way of doing “real” business. On the other hand, artificial intelligence is a more sexy subject. So why aren’t we “doing” more AI? We’ve found people run away from privacy and protection with ill-thought-through excuses or misunderstandings presented as reasons for why we should be doing something else.
A cursory look through business journals or the IT press should reveal we are heading towards a road crash. Take a look at the GDPR fines handed out to Google, Facebook and many other blue-chip companies. If you then factor in class action consequences that could reach, in one example, $1Billion, then you see the extent of the problem. Oversights and data breaches hand lawyers reasons to extract huge sums from corporates.
How can this course help you?
Cybercrime is on the rise, and in our businesses, we prefer to focus on getting to the AI promised land faster. What if we could have it all? What if we could reduce our risks to hackers and derive real value from our data? We will not promise you the earth but suggest that a detour to take in the Data Protection and Privacy landscape will provide you with a new global view for improved innovation to help you and your organisation drive forward.
Overview
This course will explore the Wild Wild West of Data to show you why we must care
There are consequences for not taking the right kinds of action
We will map out the global standards and legal frameworks to end our journey on data ethics
We will make the case that you will achieve better AI results if you have first crafted a better data culture
Assignments
We have created three special assignments to test and reinforce the ideas and concepts introduced.
We will pick apart a Tim Cook (Apple) speech given at a data privacy conference
Could a loss of biometric data have disastrous effects? We will explore a horrifyingly real-world example
Before we say goodbye to you. Our journey will end on a task for you to improve the blueprints for a new search engine that respects data protection and privacy
Join us on a journey that is more than just a rehash of GDPR. Let’s move from a dull worldview to a vision of possibilities and opportunities. Take the course now to find your data protection and privacy voice!
A better understanding of the Data Privacy and Protection world is not a luxury; it is an urgent need. You have nothing to lose. Enrol now.
Use of AI Disclosure
Our course discusses Data, AI, LLMs, and GenAI. For this reason, we have been very careful in how we use AI to better deliver content for our students.
We are human-led and share our own experiences, using AI as a supporting tool. Typically, we use AI for:
Research and fact-checking
Red teaming course content
Ensuring alignment with course objectives
The most visible use of AI is in generating background images to add visual interest and keep students engaged. Images are created to illustrate ideas and concepts that align with the content. For example, when we use a Boeing case study to explain engineering ethics, the supporting images feature jet planes in either cartoon or photorealistic format.
All instructor videos and voice-overs are authentic output from the instructor. The only exceptions occur in gamification elements or assignments where we intentionally challenge students to distinguish between human and AI-generated content.