Chapter 9: International Privacy

Question 1

GDPR Personal Data

Answer 1

Any information that identifies an individual

Question 2

GDPR applies to…

Answer 2

Anyone physically located in the EU

Question 3

Who determines the purposes and means of processing personal information?

Answer 3

Data controller

Question 4

Data Processor

Answer 4

Anyone that processed data on behalf of the controller

Question 5

Dereferencing

Answer 5

Removing search results

Question 6

GDPR dereferening only applies to

Answer 6

EU versions of search results

Question 7

Adequacy decision

Answer 7

EU decides a country has adequate privacy laws and allows data transfers.

Question 8

GDPR Consent

Answer 8

Written consent required for almost all cases
Clear and accessible
Must be able to revoke consent

Question 9

GDPR Data subject rights (7)

Answer 9

Erasure/be forgotten
Access (Copy of the data and info about how it was collected)
Rectification
Restriction of processing (without erasure)
Data portability (in machine readable format)
Object (or opt out)
Automated individual decision making (for decisions of significance or legal impact)

Question 10

GDPR Fines max

Answer 10

Up to €20 million or 4% of annual revenue (whichever is greater)

Question 11

Countries with adequacy decisions (4)

Answer 11

JP, NZ, Argentina, Canada

Question 12

US-EU Privacy Shield

Answer 12

Negotiated by the Dept. of commerce and EU
US companies in compliance with privacy framework could transact data with the EU
Basically, an adequacy decision for a company

Question 13

Privacy shield struck down in…

Answer 13

2020

Question 14

Alternatives to Privacy Shield (2)

Answer 14

Binding Corporate Rules
Standard Contractual Clauses

Question 15

Binding Corporate Rules (BCR)

Answer 15

Complex agreements where all parties agree to adhere to GDPR standards
Must be legally binding

Question 16

Who approves BCR’s?

Answer 16

A state supervisory authority after review

Question 17

What happens if an organization must violate a BCR?

Answer 17

They must notify the appropriate EU authority.

Question 18

Standard Contractual Clauses

Answer 18

Standard contractual language created by the EU to cover data transfers.

Question 19

Two roles in Standard contractual clauses

Answer 19

Data Exporter
Data Importer

Question 20

GDPR derogations

Answer 20

Specific and limited exemptions that permit transferring data outside the EU.

Question 21

Situations allowing derogations

Answer 21

“Compelling legitimate interest” (Contractual, legal, public)

Question 22

APEC Framework

Answer 22

Starting point for trade agreements. (Non-Binding)
9 principles

Question 23

Cross Border Privacy Rules (CBPR)

Answer 23

APEC Privacy Safe Harbor

Question 24

Who oversees APEC Privacy Framework for the US? (Govt agency and verifier)

Answer 24

FTC and TrustArc

Question 25

GPEN

Answer 25

Global Privacy Enforcement Network

Question 26

Global Privacy Enforcement Network

Answer 26

Created by the OECD to improve international cooperation enforcing privacy

Question 27

GPEN Five part mission