Bootcamp - Section I Flashcards

Question 1

Q

If a processing activity is covered by a rule in both GDPR and the ePrivacy Directive, which applies?

Answer

A

ePrivacy Directive - Because it is more specific.

Question 2

Q

What is another name for the
Treaty on European Union?

Answer

A

Maastricht Treaty
1992

Question 3

Q

What did the European Court of Justice hold in Papasavvas v. O Fileleftheros Dimosia Etairia Ltd.?

Answer

A

As long as the company is receiving payment for services they provided, it is an information society service.

That the term “information society service” applies to all economic activities for which the service provider is remunerated, regardless of whether the user is the one that provides the remuneration.

Dienstleistungen der Informationsgesellschaft

Question 4

Q

True or False:
The Treaty on the Functioning of the European Union requires that the protection of personal data be incorporated into all aspects of member state law.

Answer

A

False.
This requirement does not apply to national measures that are not implementing some aspects of E.U. law.

Question 5

Q

What was the Article 29 Working Party (29WP)

Answer

A

An independent advisory panel that provided guidance on questions regarding the Directive.

Question 6

Q

What is the “consultative” procedure of the legislative process in the E.U.?

Answer

A

Where the authority to enact law rests with the Council - not the Parliament.
But the Council is obligated to consult with the Parliament.

Question 7

Q

What does FIPs stand for?

Answer

A

Fair Information Practices or
Fair Information Privacy Practices

Question 8

Q

T or F:
One of the primary shortcomings of the Data Protection Directive was that it only applied to private industry.

Answer

A

False:
The Data Protection Directive applied to both private and public sectors.

Question 9

Q

What right is recognized in Article 8 of the
Charter of Fundamental Rights?

Answer

A

The right to the protection of personal data.

Question 10

Q

What international organization drafted and signed the
European Convention on Human Rights?

Answer

A

Council of Europe
CoE

Question 11

Q

How many institutions are designated official institutions of the European Union?

Question 12

Q

What body did the European Data Protection Board replace?

Answer

A

Article 29 Working Party

Question 13

Q

In what way was the 2008 Framework Decision that regulated cooperating criminal authorities limited in scope?

Answer

A

It applied only to cross-border transfers of personal data and did not apply to internal processing within a member state.

Question 14

Q

Under the ePrivacy Directive, when is the interception of electronic communications permitted?

Answer

A

When the users of the system consent,
or where interception is
legally authorized to achieve important public purposes (e.g., national security or criminal prosecution).

Question 15

Q

How are members of the European Parliament elected?

Answer

A

Directly by citizens of the European Union.

Question 16

Q

What does Article 19 of the Universal Declaration of Human Rights seek to protect?

Answer

A

Individual opinions and the communication of ideas.

Question 17

Q

What is the most recent data protection legislation enacted by the E.U.?

Answer

A

The NIS Directive

Question 18

Q

What is the primary difference between a regulation and a directive?

Answer

A

Regulation: Applies upon its own force
Directive: Requires member states enable legislation

Question 19

Q

What treaty created a “single market” in Europe?

Answer

A

The Treaty on European Union
(aka The Maastricht Treaty)

Question 20

Q

What are the two primary components of the Court of Justice of the European Union?

Answer

A

General Court &
European Court of Justice

Question 21

Q

Is the European Court of Human Rights an EU institution.

Answer

A

No.
Its part of the Council of Europe.

Question 22

Q

Which came first: the Universal Declaration of Human Rights or the European Convention on Human Rights?

Answer

A

The Universal Declaration of Human Rights

Question 23

Q

What entity was created by the European Convention of Human Rights ECoHR?

Answer

A

The European Court of Human Rights.

Question 24

Q

What two interests was the Data Protection Directive designed to protect?

Answer

A

Individual rights to privacy and the internal European market.

Question 25

Q

True or False: Unlike the original Convention 108, Convention 108+ is only available for signature to European nations.

Answer

A

False. Both are available to signature to all nations. There are currently 4 non-European signatories to Convention 108+.

Question 26

Q

What institution is charged with setting the political direction of the European Union?

Answer

A

European Council

Question 27

Q

In what year was the GDPR initially proposed?

Answer

A

The year 2012

Question 28

Q

What are the two exceptions permitting the use of web cookies without first obtaining user consent?

Answer

A

(1) When the use of cookies is “strictly necessary” for the provision of the service requested; and
(2) When cookies are used for the sole purpose of carrying out the transmission of a communication.

Question 29

Q

True or False: One of the most important differences between the Data Protection Directive and the GDPR is that the GDPR has an expanded jurisdictional scope.

Question 30

Q

Does the European Convention on Human Rights consider the right to privacy to be an absolute right?

Answer

A

No.
Article 8, which protects individual privacy, provides the right can be limited for certain public purposes.

Question 31

Q

What does the ePrivacy Directive regulate?

Answer

A

“The processing of personal data in connection with the provision of publicly available electronic communications services in public communications networks” within the E.U.

Privacy and confidentiality aspects of electronic communications, including rules for electronic marketing, the use of cookies and similar tracking technologies, and the confidentiality of communication data.

Question 32

Q

What is an “information society service”?

Dienst der Informationsgesellschaft

Answer

A

“[A]ny service normally provided for payment, at a distance, by electronic means and at the individual request of a recipient of services.”

Online Dienstleistungen die Informationen über das Internet bereitstellen

Question 33

Q

True or False: Each member of the Council of the European Union is always entitled to one vote.

Answer

A

False. In some cases members get one vote each, but in others each member gets a number of votes proportionate to the number of citizens it represents.

Question 34

Q

How does the E.U. guarantee that member states enact legislation to enact a directive?

Answer

A

The European Commission may bring an infraction proceeding against a member state that fails to comply.

Question 35

Q

True or False: The ePrivacy Directive applies to electronic communication services that are publicly available and those that are not publicly available, such as internal intranet systems.

Answer

A

False. The ePrivacy Directive applies only to the processing of personal data over publicly available communication networks.

Question 36

Q

What does Article 10 of the European Convention on Human Rights seek to protect?

Answer

A

The right to
opinion and
free expression.

Question 37

Q

True or False: Like the UDHR and the ECHR, the Charter of Fundamental Rights recognizes that rights must be balanced against one another.

Question 38

Q

What two documents were amended by the Treaty of Lisbon?

Answer

A

(1) The Treaty Establishing the European Community; and
(2) The Treaty on European Union.

Question 39

Q

In what year was the Universal Declaration of Human Rights UDoHR adopted?

Question 40

Q

What is the primary reason that the European Court of Justice struck down the Data Retention Directive as invalid?

Answer

A

Because it violated the proportionality principle of the Charter of Fundamental Rights, as no limits were placed on the obligation to retain data.

Question 41

Q

Why is Article 94 of the GDPR important?

Answer

A

It clarified that prior references to the Data Protection Directive in other legislation should be construed as a reference to the GDPR.

Question 42

Q

What did the European Court of Human Rights hold in Haralambie v. Romania?

Answer

A

That placing obstacles in the way of an applicant seeking access to their secret personal file violated Article 8 of the ECHR.

Question 43

Q

What is another name for the Treaty Establishing the European Economic Community (EEC)?

Answer

A

Treaty of Rome

Question 44

Q

What is the primary responsibility of the European Court of Human Rights?
ECoHR

Answer

A

To enforce the European Convention on Human Rights, along with Convention 108 and its amendments.

Question 45

Q

What are the primary goals of the NIS Directive?

Answer

A

(1) To promote good risk management systems; and
(2) to facilitate cooperation among member states on digital threats.

Question 46

Q

Does the E-Commerce Directive apply if no remuneration is exchanged between a user and a service provider?

Answer

A

Yes, because an information society service includes all activities that may “represent an economic activity” regardless of whether they give rise to online contracting between the provider and recipient.

Question 47

Q

Why was the adoption of the Data Protection Directive an important inflection point for European data protection?

Answer

A

Many nations had failed to ratify Convention 108. The Directive therefore made each member state legally obligated to pass data protection legislation.

Question 48

Q

Was the Data Protection Directive designed more to target data controllers or data processors?

Answer

A

Data Controllers

Question 49

Q

In what year was the Data Protection Directive enacted?

Question 50

Q

What are the common names of the three legislative procedures under the Treaty on European Union?

Answer

A

Ordinary Procedure
Consultative Procedure
Consent Procedure

Question 51

Q

What two primary factors led to the creation of data protection laws in Europe?

Answer

A

Advances in technology, and an
increase in transborder trade.

Question 52

Q

What entities are subject to regulation under the ePrivacy Directive?

Answer

A

All “electronic communication services,” which includes telecommunication services and communications made over the internet, email, faxes, etc.

Question 53

Q

The Digital Services Act is proposed legislation that would replace what other law?

Answer

A

E-Commerce Directive

Question 54

Q

What treaty created the European common market?

Answer

A

The Treaty Establishing the European Economic Community (a/k/a The Treaty of Rome).

Question 55

Q

Other than traffic data, in what two instances may location data be lawfully processed under the ePrivacy directive?

Answer

A

When the user or subscriber has consented or when the data is anonymized.

Question 56

Q

True or False: Signing Convention 108+ makes it more likely that a non-member state will be found to provide an “adequate” level of privacy protection for purposes of international data transfers.

Question 57

Q

What did the ECJ hold in the
Tele2 and Watson case?

Answer

A

That the ePrivacy Directive prohibits the general and indiscriminate retention of data, even if this is permitted under national legislation for the purposes of fighting crime.

Question 58

Q

On what two conditions does Convention 108 permit member nations to place limits on transborder data flows between other member states?

Answer

A

When a country has specific laws applicable to certain categories of personal information, or
when a member state is used as a conduit through which to transfer data from a non-member state.

Question 59

Q

What is the “ordinary” procedure of the legislative process in the E.U.?

Answer

A

Where both the Parliament and the Council agree to the proposed legislation.

Question 60

Q

What does Article 12 of the Universal Declaration of Human Rights UDoHR seek to protect?

Answer

A

The private life of individuals, including
- Privacy,
- Family,
- Home, and
- Correspondence.

Question 61

Q

What does Article 8 of the European Convention on Human Rights seek to protect?
ECoHR

Answer

A

The individual right to private life.

Question 62

Q

What institution plays the primary executive role in the EU.

Answer

A

European Commission

Question 63

Q

In what year was the ePrivacy Directive adopted?

Question 64

Q

What are Fair Information Practices FIP?

Answer

A

A set of principles and practices that describe how best to approach the
- collection,
- storage, and
- management of data

to properly balance
- fairness,
- privacy, and
- security with respect to that data.

Answer 58

A

It was repealed and replaced by the GDPR in 2016.

Answer 59

A

False. When the Council votes and debates on legislation, it must do so in public. The treaties silence on other issues suggests the Council may conduct other business privately.

Answer 60

A

To strengthen the internal market of Europe by fostering a healthy online economic environment.

Answer 61

A

Article 8’s right to the protection of personal information was incorporated into the Treaty on the Functioning of the European Union.

Answer 62

A

The Treaty on the Functioning of the European Union.

Answer 63

A

Public sector

Answer 64

A

Initiates legislative proposals. Represents the EU on the international stage. Consists of commissioners from each member state.

Answer 65

A

Represents the citizens of the EU. Participates in the legislative process by reviewing and amending proposals. Votes on proposed legislation.

Answer 66

A

Represents the member states’ governments. Shares legislative power with the Parliament. Approves, amends, or rejects legilative proposals.

Answer 67

A

Comprises heads of state or government of member states. Sets the general political direction and priorities of the EU. Provides guidance on important issues.

Answer 68

A

Ensures the uniform application of EU law. Interprets EU law and settles disputes between member states and institutions

Answer 69

A

Responsible for the euro currency and monetary policy within the Eurozone.

Answer 70

A

Checks that the EU funds have been correctly spent, efficiently managed, and properly accounted for.

Answer 71

A

Cooperation and coordination between police and judicial authorities across the E.U.

Answer 72

A

The law of the member state in which they are established; not the laws of members states in which the service is accessible.

Answer 73

A

(1) Service providers were required to provide certain notice in the event of a data breach; and (2) A private cause of action was provided to subscribers receiving unsolicited advertisements.

Answer 74

A

The Law Enforcement Data Protection Directive (LEDP Directive).

Answer 75

A

These bodies recognized that personal data should be protected in a consistent manner no matter what specific form of communication is utilized.

Answer 76

A

When the traffic data is no longer needed for the purposes of the transmission, except as needed for billing, marketing, fraud detection, or similar services.

Answer 77

A

An “opening clause.”

Answer 78

A

Opt-in consent.

Answer 79

A

False. The Data Governance Act covers the processing of both personal and non-personal data; only processing of personal data is regulated by the GDPR.

Answer 80

A

The Rechnungshof case.

Answer 81

A

No. The EDPB considers the term “explicit consent” in the PSD2 as imposing an additional requirement of “contractual consent.”

Answer 82

A

“Information society services.”

Answer 83

A

There are four (4) levels of risk:
- minimal risk,
- limited risk,
- high risk, and
- unacceptable risk.

Answer 84

A

False. The LEDP Directive calls for the protection of personal data of all individuals, regardless of his or her role in the criminal justice system.

Answer 85

A

In order for the Parliament and the Council to reach political agreement during the legislative process.

Answer 86

A

(1) It protects the natural rights and freedoms of natural persons; and (
2) It facilitates the exchange of personal data by competent authorities.

Answer 87

A

False. The ePrivacy Directive requires “appropriate technical and organisational” controls be adopted that are “appropriate to the risks presented.”

Answer 88

A

Convention 108

Brainscape's Knowledge GenomeTM

Bootcamp - Section I Flashcards

Brainscape's Knowledge Genome^TM