Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CIPP-E > Chapter 16 (Direct Marketing) > Flashcards

Chapter 16 (Direct Marketing) Flashcards

1
Q

What are 3 reasons why the application of data protection rules in the context of direct marketing is one of the most complex and technically challenging areas of data protection laws?

A
  1. Because direct marketing often triggers its only data protection requirements, but also all kinds of other consumer protection regulatory requirements that vary from country to country.
  2. Often involves the use of data collected through the addressee’s device
  3. Direct marketing messages are no longer limited to postal mail and email, but are also sent via third-platform messages, push messages, and in-app messages
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Are all communications from a business, including a marketing business, considered direct marketing?

A

No.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Data protection laws apply to the sending of marketing messages only when what occurs?

A

Where individuals’ personal data are processed to communicate the marketing message to them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are 2 types of marketing messages that are not considered direct marketing?

A
  1. Marketing communications that aren’t directed at individuals (e.g. targeted website banner ads)
  2. Messages that are purely service related in nature (e.g. messages sent to individuals to inform them of the status of an order they’ve placed)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Does the GDPR apply to direct marketing communications, no matter how they are communicated and online ads targeting individuals based in their internet browsing history?

A

Yes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The ePrivacy Directive applies to digital marketing communications. What qualifies as digital marketing communications?

A

Direct marketing communicated over electronic communications networks, such as by phone, fax, email, and Short Message Service (SMS)/ Multimedia Message Service (MMS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Whenever processing an individual’s personal data in the context of direct marketing activities, data controllers must satisfy what 5 compliance responsibilities under the GDPR?

A
  1. Ensuring there is a lawful basis for the collection and use of the data subject’s personal data
  2. Providing individuals with fair processing info explaining their personal data will be used for marketing purposes and on what legal basis this takes place
  3. Implementing appropriate technical and organizational measures to protect the personal data processed, including contracts outlining data protection obligations with data processor
  4. Not exporting personal data outside of the EEA unless adequate protection is in place on its receipt
  5. Fully satisfying all other compliance duties under the GDPR
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

When collecting data for direct marketing activities, does having a lawful basis for collecting an addressee’s data under the GDPR automatically satisfy the requirements that apply to subsequent sending of marketing messages under the ePrivacy Directive?

A

No.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The GDPR requires that individuals must have have what right in the direct marketing context? Is this right affected by whether the data collections of further processing is based on the legit interest lawful basis or consent?

A

Must have the right to refuse or opt out of direct marketing. No, this right exists regardless of whether the data collections of further processing is based on the legit interest lawful basis or consent.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

With regard to a data subject’s right to opt out, the GDPR requires what 5 things?

A
  1. Individuals are always informed of their right to opt out.
  2. Marketers must allow individuals to opt out across all marketing channels.
  3. Data controllers honor opt-out requests in a timely fashion and at no cost to the individual.
  4. In honoring the opt-out requests, the controller must delete all personal info relating to the data subject that it has on record unless it can demonstrate it has compelling legit ground for continued processing that override the privacy interests of the data subject.
  5. Profiling data must be removed
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Where individuals choose to exercise their opt-out rights should data controllers suppress or delete their contact details.

A

Suppress so they don’t run risk reacquiring those individual’s details at a later date.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are 2 other names for member states’ national opt-out registers?

A

Robinson Lists or preference services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What do member states’ national opt-out registers allow individuals to do?

A

To submit a global opt-out from all direct marketing over a particular communications channel, regardless of the originator of the marketing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The general rule under the ePrivacy Directive is that most forms of digital marketing, other than person-to-person telephone marketing, require what?

A

Require the prior opt-in consent of the intended recipient

Although a limited exemption exists for e-mail marketing communicated on an opt-out basis to individuals whose details the data controller collected in the context of the sale of a product or service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The principles and provisions of the ePrivacy Directive, as opposed to the GDPR, don’t have direct effect but are implemented via what?

A

Implemented via national laws of the EU member states.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Online behavioral advertising (OBA) is website advertising that is targeted at whom and allows advertisers to deliver what?

A
  1. Is targeted at individuals based on the observation of their behavior over time
  2. Enables advertisers to deliver advertising that is more relevant to individuals’ likes and interests and improves the effectiveness of click through rates (CTRs) of online advertising
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is first-party advertising?

A

When OBA is delivered by the website publisher itself (e.g. when a publisher make product recommendations to visitors base on their previous relationship with its website)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

The majority of the website publishers have turned to what types of networks when dealing with OBA?

A

Have turned to third-party advertising networks to serve OBA on their behalf.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Explain the 5 main aspects of the technology powering OBA served by third-party ad networks.

A
  1. Advertisers wishing to reach particular audiences instruct a third-party advertising network to serve ads on their behalf.
  2. When an individual visits a website that has partnered with an ad network, the ad network places a “cookie” on the individual’s computer.
  3. The ad network records the identifier assigned to that cookie in its database.
  4. As the individual browses the website, the ad network may record info about the content viewed, searches entered, adverts clicked on, and products and services purchased by the individual. This allows network to create a profile for the individual.
  5. When an individual later revisits the website, or another website partnered with the network, the ad network examines the cookie and attached profile to deliver targeted advertising.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Does the GDPR clearly state that info collected for the purposes of OBA should qualify as personal data?

A

Yes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Under the EDBP guidelines on the targeting of social media users the EDPB states that in scenarios when a data subject is targeted on the basis of data provided by the user to the social media provider (SMP) the SMP and targeter are typically viewed as what?

A

The targeter and SMP are typically considered joint controllers and each of them will need their own legal basis for the processing at hand.

22
Q

Under the EDBP guidelines on the targeting of social media users the EDPB states that in scenarios when data provided by the data subject to the SMP is used for targeting the targeter and SMP are considered what?

A

The targeter and SMP are considered joint controllers.
1. The targeter is a controller as it provides the data of the addressees to the SMP
2. The SMP is the controller as it uses the data of the addressee for audiencing purposes and displaying the advert.

23
Q

What is inferred data?

A

Data created by the controller on the basis of the data provided by the data subject (regardless of whether these data were observed or actively provided by the data subject, or a combo thereof).

24
Q

Under the EDBP guidelines on the targeting of social media users the EDPB states that in scenarios when a data subject is targeted in the basis of inferred data the SMP and targeter should be treated as what?

A

That they should be treated as joint controllers that each need their own legal basis for processing data and ensure they satisfy the other requirements of the GDPR.

25
Q

Will the ePrivacy Directive generally apply to OBA regardless of whether OBA info collected from individuals constitutes personal data?

A

Yes.

26
Q

What does Article 5(3) of the ePrivacy Directive relate to?

A

It is concerned with the use of cookies and other devices to store or gain access to info on an individual’s computer. Requires consent for such activities.

27
Q

Under the GDPR and ePrivacy Directive what 3 things need to be obtained for valid consent to the use of cookies to exist?

A
  1. Info about the intended use and purposes of the cookie must be given to the user
  2. The user must clearly and affirmatively consent BEFORE the cookie is placed on their computer or the info stored in their computer is retrieved
  3. The user must have a choice as to whether to give consent to the use of cookies and must provide an active indication that they do consent
28
Q

The new ePrivacy Regulation (which will replace the ePrivacy Directive) proposes changes in what 5 areas?

A
  1. Territorial scope: not tied to sender of messages or collector of cookies, rather applies to processing of data users in EU
  2. Consent:will extend to legal persons
  3. Opt-in for marketing messages: soft opt-in will apply for messages sent in the context of the purchase of a product or service
  4. Cookie and data tacking: distinguishes content from metadata and brings both in scope of strict regs
  5. Further compatible use: also provides for further use of data that were obtained, subject to a positive compatibility assessment
29
Q

Is postal marketing covered by the ePrivacy Directive?

A

No, but is subject to national data protection laws and the GDPR, including lawful processing, transparency requirement, respecting opt-out requests, and other data subject rights.

30
Q

Under the GDPR, is there any express requirement to obtain individuals’ consent to send direct postal marketing?

A

No, however some member states’ national rules mandate a requirement for consent (e.g. Belgium, Greece, Spain).

31
Q

When data controllers rely on their legit interest as a lawful ground to send direct postal marketing what 3 factors must they consider when balancing these interests and data subjects fundamental rights?

A
  1. Whether the individual is an existing customer of the data controller, making it more likely the individual would expect to receive marketing from the data controller
  2. The nature of the products and services the data controller wishes to market (in particular) whether the individual would have an expectation the data controller would send them marketing about those products and services.
  3. Whether the data controller has previously told the individual it will not send any direct marketing communications.
32
Q

In what 3 member states must data controllers cleanse their contact lists against applicable national opt-out registers before sending direct postal marketing (unless valid opt-in consent from individual exists)?

A
  1. Austria
  2. Denmark
  3. The Netherlands
33
Q

Is telemarketing subject to the ePrivacy Directive?

A

Yes, because it is a form of digital marketing.

34
Q

Under the ePrivacy Directive is their an express requirement to obtain an individuals’ consent for person-to-person telephone marketing?

A

No, allows member states to decide under their national laws whether person-to-person telephone marketing should be conducted on an opt-in or opt-out basis.

35
Q

Must data controllers always obtain individuals’ prior opt-in consent to use automated calling systems for direct telephone marketing?

A

Yes.

36
Q

What does B2B and B2C stand for respectively?

A
  1. B2B: business-to-business
  2. B2C: business-to-consumer
37
Q

Is electronic mail marketing subject to the requirements of the ePrivacy Directive?

A

Yes, because it is a form of digital marketing.

38
Q

The technology neutral definition of electronic mail is broad enough to include direct marketing from what 3 types of technologies?

A
  1. Email
  2. SMS
  3. MMS
39
Q

The ePrivacy Directive requires that, in general, data controllers must obtain what type of consent from individuals to send them marketing by electronic mail?

A

Prior opt-in consent

40
Q

In limited circumstances, data controllers can send electronic mail marketing on an opt-out basis provided what 3 conditions exist?

A
  1. The data controller obtained the individuals’ electronic mail contact details “in the context of the sale of a product or service.”
  2. The data controller sends direct marketing to those individuals about “its own similar products or services” only
  3. The data controller clearly and distinctively gave those individuals the opportunity to opt out of marketing by electronic mail in a way that is simple and free of charge (both at the time their details were collected and in each subsequent marketing communication)
41
Q

For the opt-out exception for direct marketing by electronic mail what are the 4 key points?

A
  1. Individuals’ details must be collected in the context of the sale of a product or service
  2. The controller must market its own similar products and services
  3. Individuals must have the ability to opt out at the time their contact details are collected
  4. Individuals must be reminded of their ability to opt out in each subsequent marketing communication
42
Q

When sending direct electronic mail marketing the ePrivacy Directive requires data controllers provide individuals with a valid address to which they can send an opt-out requests. Additionally data controllers must do what 4 things?

A
  1. Not conceal or disguise the identity of the sender in whose behalf the communication is made.
  2. Ensure the message is clearly identifiable as a commercial communication
  3. Ensure any promotional offers, such as discounts, are clearly identifiable as such and the conditions to qualify are easily accessible and presented clearly and unambiguously
  4. Ensure any promotional competitions or games, if permitted, are clearly identifiable as such and that the conditions for participation are easily accessible and presented clearly and unambiguously
43
Q

Is fax marketing subject to the ePrivacy Directive?

A

Yes, because it is a form of digital marketing.

44
Q

The ePrivacy Directive requires that, in general, data controllers obtain what type of consent from individuals to send them fax marketing?

A

Prior opt-in consent

45
Q

The rules on location data processing under the ePriavcy Directive apply only to what type of data?

A

Applies only to data revealing the geographic position of an individual’s terminal equipment (e.g. their smartphone) not the location of the person

46
Q

The ePrivacy Directive requires individuals give what type of consent to use their location data to provide a value added service?

A

Give opt-in consent

47
Q

To obtain valid consent from individuals to process their location data, data controllers must first inform individuals of what 3 things?

A
  1. The types of location data that will be collected and processed
  2. The purposes and duration of the processing
  3. Whether the data will be transmitted to a third party for the purpose of providing the value-added service
48
Q

With regards to individuals’ abilities to withdraw their consent for data controller to use their location data, data controllers must offer what to types of opt-out options?

A
  1. A right to opt out of having their location data processed for marketing purposes entirely
  2. A temporary right to opt out of having their location data processed for marketing purposes in each connection to the network or for each transmission of a communication
49
Q

What are 3 factors that have contributed to the rise of enforcement of cookie technologies in the direct marketing area?

A
  1. The rise of class actions
  2. National regulators putting tracking and cookie data on their enforcement agendas
  3. A series of complaints lodged by data subjects and nongovernmental orgs (NGOs), such as Max Schrems
50
Q

Data controllers that don’t heed the compliance requirements of the GDPR and ePrivacy Directive re direct marketing, including the OBA, expose themselves to risk of what 2 types of enforcement?

A
  1. Fines and administrative sanctions by DPAs
  2. Civil and, in some instances, criminal liability

CIPP-E (18 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions