Chapter 3B: Surveillance activities Flashcards

1
Q

What does Article 23 GDPR say about legal surveillance?

A

Permits EU or member state law to restrict rights granted - surveillance must respect the essence of fundamental rights and freedoms and be necessary and proportionate measure in democratic society.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is surveillance?

A

Observation of an individual or group of individuals - may be covert or carried out openly, conducted in real time or by access to stored materials

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Examples of electronic surveillance

A

Social network analysis, data mining, profiling, aerial surveillance, satellite imaging, telecomms surveillance, CCTV, biometrics, geolocation tech

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Public surveillance must be conducted in a manner to respect individual rights enshrined in…

A

The Charter of Fundamental rights, specifically the right to a private and family life (active 7) and protection of personal data (Article8)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What does the LEDP Directive say about public surveillance?

A

(Recital 66) Although the processing of personal data must be lawful, fair and transparent, this should not prevent law enforcement authorities from carrying out activities (e.g., covert investigations and video surveillance) to:

• Prevent, investigate, detect and prosecute criminal
offences

• Safeguard against and prevent threats to public
security (key requirements: lawfulness, necessity,
proportionality and regard for legitimate
interests of the natural person)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Laws that fail to appropriately take into account the rights and freedoms of data subjects re: surveillance may…

A

Be struck down by the CJEU.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Surveillance by private entities must…

A

Be based on legitimate purposes

In addition to the GDPR, national laws may concern confidentiality, privacy, data protection and other civil rights such as employment law

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is communications data made up of?

A

Content data and metadata

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is ‘content data’ re communications data?

A

The content of a communication (actual messages, attachments).

This is protected by a right to freedom of expression, recognised by laws around the world.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is ‘metadata’?

A

Data about data - information generated or processed as a consequence of a communication’s transmission

It fails to provide context to content and falls within the GDPR’s definition of personal data because it can be used to identify someone

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Examples of meta data…

A

Traffic data (for telephone calls)

Location data, cell ID, device location, time of call

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The ePrivacy directive covers what comms data?

A

Location data

Content data
(must not be disclosed unless there’s consent from all users - member states can introduce some exemptions for limited purposes)

Traffic data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the requirements for collecting location data under ePrivacy Directive?

A

For collection of individuals’ precise location-based data, opt-in consent is generally required (with the exception of carriers who need the data to provide the service)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the requirements for surveillance of content data under ePrivacy Directive?

A

The confidentiality of the content of communications must be ensured and cannot be intercepted or disclosed to third parties unless there is consent from all
users

Member states can introduce some exemptions if
necessary for very limited purposes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the requirements for surveillance of traffic data under ePrivacy Directive?

A

Access to traffic data is limited

Telecommunications carriers can process traffic data for the purpose of conveying communications and possibly for some limited marketing activities with the user’s consent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

ePrivacy rules do not apply to…

A

Private networks (e.g. corporate intranets)

There are still monitoring considerations.

17
Q

For CCTV or other modes of video surveillance, the following should be considered…

A

Lawfulness of processing (prior to carrying out surveillance)

A DPIA is required if the surveillance could be high risk, involve systematic monitoring or publicly accessible area on a large scale

Prior checking (some countries, CCTV triggers requirement to notify the regulator / seek authorisation in some cases)

System should be proportionate to the purpose (e.g. remote control, sound recording, facial recognition may not be necessary)

Information provision - for overt video surveillance, controllers must comply with the transparency requirement of the GDPR where the controller may not have a direct relationship with the DSs (public spaces)

Individual rights - under the GDPR, rights such as access still apply

Measures to protect personal data of these individuals including staff training, CCTV policy, and regular compliance reviews

18
Q

Location data is referred to as an identifier in the GDPR’s definition of
personal data. True or false?

A

True.

If location data can be used alone or in combination with
other information to identify someone, then it should be considered
personal data.

19
Q

Google has identified three main areas of location data that it uses to
deliver its services:

A
  • Implicit location information, such as search terms
  • Internet traffic information, such as IP addresses
  • Device-based location services, such as Google Maps