11 Data Privacy Flashcards
1
Q
Definition Data Privacy
A
- legal relationship between collection and dissemination of data, technology, the public expectation of privacy and the legal and political issues surrounding them
1
Q
Definition Data Privacy
A
- legal relationship between collection and dissemination of data, technology, the public expectation of privacy and the legal and political issues surrounding them
1
Q
Definition Data Privacy
A
- legal relationship between collection and dissemination of data, technology, the public expectation of privacy and the legal and political issues surrounding them
2
Q
Key aspects of data privacy
1.
2.
3.
A
- protection against misuse in data processing (e.g. manipulation of bookkeeping software)
- informational self-determination (data about a person belong to this person and not everyone - company has to share with me which data of me is stored; i can ask them to delete my data)
- primacy of data economy (data which are not required, must not be recorded)
3
Q
What are the Laws for Data Pricavy regulation?
1.
2.
3.
A
- federal data protection act and state data protection act (germany)
- privacy policy / datenschutzrichtlinie (EU)
- in US, data protection is hardly regulated
4
Q
What is the GDPR?
1.
2.
3.
4.
A
- general data protection regulation, enforced on 25th may 2018
- regulation by the EU on data privacy to harmonize and simplify existing laws and to adapt the laws to the state of the art in technlogy
- companies: must carefully handle personal information
- people: are allowed to view their personal data and ask for erasure of data (under certain circumstances)
5
Q
What does the GDPR mean for companies?
1.
2.
3.
A
- must carefully handle personal information
- must limit their greed for personal data
- must not forward personal data to third parties
6
Q
Do companies stick to the laws of the GDPR?
What are important changes?
1.
2.
3.
4.
A
- they dont! (e.g. google, amazon, …)
- violations have become much more expensive, though:
- boss is liable for d.p., if not handled loosely, failure by management
- penalties: limited up to 4% of the companies revenue
- companies listed on the stock exchange can be accused by their shareholders
7
Q
What is the overall idea of the GDPR?
A
- processing data is forbidden (+storage of personal data)
- exception: information required to fulfill contract; ensuring legitimate interest; user gives permission (Terms and Conditions)
8
Q
What is the GDPR from the peoples perspective?
1.
2.
3.
4.
5.
6.
7.
8.
A
- processing of data forbidden
- prohibition of coupling (contract must not be depended on data processing, e.g. if permission to forward newsletter, you cannot just depend contract on it)
- compensation (stress, hassle, inconvenience)
- transparancy a must (which data and for what stored)
- sensitive data (sexual orientation, religion, …) only in exceptional cases
- right to erasure (under circumstances)
- right to explanation of algorithmic decisions
- right to obtain a portable copy of stored data, e.g. from moving from amazon to otto
9
Q
Which modern computing possibilities make data protection challenging?
1.
2.
3.
4.
A
- using modern IT, mass data can be analysed
- combining single data, user profiles can be created (e.g. from single transaction creating user profile)
- data from different sources can be combined
- having new technical capabilities -> new challenges -> require new regulations