Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CIPP/E > Ch. 7 - Lawful grounds > Flashcards

Ch. 7 - Lawful grounds Flashcards

1
Q

(1) 4 components of consent

A

Express indication of wishes:

  • Freely given (clearly distinguishable, easy to withdraw, can’t be used with imbalance between DS and DP)
  • For specific purpose/processing operation
  • informed: data subject is given all the necessary details of the processing activity
  • unambiguous (positive, affirmative action)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

(2) Performance of contract

A

necessary for the performance of contract:
- to which data subject is party, or
- in order to take steps on request of data subject prior to entering contract
Interpreted narrowly: data processing must be unavoidable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

(3) Complying with legal obligation

A

necessary for controller to comply with legal obligation. Interpreted narrowly, only EU or member state law. Does not include legal obligations arising out of contracts, or laws of third countries outside of the EU

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

(4) Vital interests

A

necessary to process vital interests of subject or of other natural persons

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

(5) Public interest

A

necessary for performance of task carried out in public interest, or in exercise of official authority vested in the controller. E.g. tax collection, justice, research (census). Narrowly interpreted. data subjects have the right to object to the use of their data. The processing should have a basis in EU or member state law.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

(6) Legitimate interest controller or 3rd party

A

This balance-of-interest test is the criterion upon which most personal data processing usually takes place. Involves weighing the interest of the controller or a third party against any detriment to the data subject.
Must be:
- . ‘necessary for the pursuit of’ → there must therefore be necessity for the purpose.
2. legitimate interests by controller or third party (controller must demonstrate this). It cannot overridden by fundamental rights (data controller must show this: transparency, adequate safeguards and compliance can help support this case).

Does not apply to processing carried out by public authorities in performance of their tasks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Balance of interest for legitimate interest

A
  • important in distinguishing legitimate interest → will effect data subject’s reasonable expectations
  • responsibility of the controller to be able to demonstrate that it has compelling, legitimate grounds to process the personal data that overrides the interests, rights and freedoms of the data subject
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Exceptions to art. 9

A
  • Explicit consent
  • comply with obligations of the controller under employment, social security and social protection law
  • Vital interests of individual:
  • legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim
  • Sensitive data manifestly made public by data subject
  • Establishment/exercise/defense of legal claims
  • Substantial public interest
  • Health of social care treatment
  • Public health
  • Public archives/ research/statistical purposes (for this, data processing must have appropriate safeguards, and be necessary for purpose)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CIPP/E (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions