Chapter 9: International Privacy Flashcards

You may prefer our related Brainscape-certified flashcards:
1
Q

GDPR Personal Data

A

Any information that identifies an individual

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

GDPR applies to…

A

Anyone physically located in the EU

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Who determines the purposes and means of processing personal information?

A

Data controller

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Data Processor

A

Anyone that processed data on behalf of the controller

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Dereferencing

A

Removing search results

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

GDPR dereferening only applies to

A

EU versions of search results

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Adequacy decision

A

EU decides a country has adequate privacy laws and allows data transfers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

GDPR Consent

A

Written consent required for almost all cases
Clear and accessible
Must be able to revoke consent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

GDPR Data subject rights (7)

A

Erasure/be forgotten
Access (Copy of the data and info about how it was collected)
Rectification
Restriction of processing (without erasure)
Data portability (in machine readable format)
Object (or opt out)
Automated individual decision making (for decisions of significance or legal impact)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

GDPR Fines max

A

Up to €20 million or 4% of annual revenue (whichever is greater)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Countries with adequacy decisions (4)

A

JP, NZ, Argentina, Canada

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

US-EU Privacy Shield

A

Negotiated by the Dept. of commerce and EU
US companies in compliance with privacy framework could transact data with the EU
Basically, an adequacy decision for a company

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Privacy shield struck down in…

A

2020

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Alternatives to Privacy Shield (2)

A

Binding Corporate Rules
Standard Contractual Clauses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Binding Corporate Rules (BCR)

A

Complex agreements where all parties agree to adhere to GDPR standards
Must be legally binding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Who approves BCR’s?

A

A state supervisory authority after review

17
Q

What happens if an organization must violate a BCR?

A

They must notify the appropriate EU authority.

18
Q

Standard Contractual Clauses

A

Standard contractual language created by the EU to cover data transfers.

19
Q

Two roles in Standard contractual clauses

A

Data Exporter
Data Importer

20
Q

GDPR derogations

A

Specific and limited exemptions that permit transferring data outside the EU.

21
Q

Situations allowing derogations

A

“Compelling legitimate interest” (Contractual, legal, public)

22
Q

APEC Framework

A

Starting point for trade agreements. (Non-Binding)
9 principles

23
Q

Cross Border Privacy Rules (CBPR)

A

APEC Privacy Safe Harbor

24
Q

Who oversees APEC Privacy Framework for the US? (Govt agency and verifier)

A

FTC and TrustArc

25
Q

GPEN

A

Global Privacy Enforcement Network

26
Q

Global Privacy Enforcement Network

A

Created by the OECD to improve international cooperation enforcing privacy

27
Q

GPEN Five part mission

A