CIPPE - Module 1 - European Data Protection Flashcards

1
Q

What are the two key international treaties that are the origin of the European Data Privacy Laws?

A
  1. UN Universal Declaration of Human Rights (1948). A legally non-binding declaration (not a treaty!). Applicable to all UN members
  2. European Convention on Human Rights (1950). Applicable to European member countries. Needs member state ratification to become binding on them. Then national laws have to be passed to enshrine the right to privacy. All member states have ratified it and enshrined it in national laws.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

In the UN’s Universal Declaration on HR what are the three main articles?

A

Article 12 - Right to privacy
Article 19 - Right to free speech
Article 29(2) - Balance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

In the European Convention on HR what are the three main articles?

A

Article 8 - Privacy
Article 10(1) - Freedom of speech
Article 10 (2) - Balance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the OECD and what are its guidelines?

A

OECD = Organization for Economic Co-operation and Development (38 Member countries, founded in 1961).
In 1980 OECD issued guidelines on the protection of privacy and trans-border flow of personal data.
Aims to protect the privacy and freedom of individuals without creating any barriers to trade and allowing cross-border flow of personal data.
Updated in 2013 to include basic data protection principles.
Not legally binding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is Convention 108?

A

The Council of European Convention in 1981.
It is a data protection instrument
Requires Council of Europe member states who are signatories to apply the principles of 108 in their national legislation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the EU Data Protection Directive (95/46/EC)?

A

Pre-cursor to the GDPR
Passed in October 1995
Sets out the general data protection principles and obligations
EU Member states must transpose and implement them.
Principle of CoE Convention 108 were used as a benchmark.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are key GDPR Dates?

A
  1. 2016 - GDPR became law replacing the data protection directive
  2. May 25, 2018 - enforcement began
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the role of the ECHR?

A

ECHR=European Court of Human Rights
Upholds privacy and data protection laws
European Convention on Human Rights and Convention 108
Located in Strasbourg, France.
Not part of the EU

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What’s the difference between CoE, EU, and EEA?

A

CoE = Council of Europe, 46 member states, International Organization
EU = European Union is a economic and political union (27 member states); all of which are part of the CoE
EEA = Agreement of the European Economic Area of 1994 ; participation of the EFTA members in the internal EU market. Composed of EU27 + 3 EFTA members Iceland + Liechtenstein + Norway.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the three branches of the EU?

A
  1. Legislative
  2. Policy Making
  3. Judicial
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the five key bodies of the EU?

A
  1. European Parliament
  2. European Council
  3. Council of the EU
  4. European Commission
  5. CJEU
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the European Parliament?

A

Only EU institution with directly elected members
Duties are a) Legislative Development b) Supervisory Oversight and c) Budget
705 Members; 5 year term
However, it does NOT have the “right of initiative” - i.e. it cannot propose any laws/legislations. Only the EC has that power.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the European Council?

A

Defines EU priorities
Sets the political direction
Heads of state or government of all EU countries
Distinct from the Council of EU

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the Council of the EU?

A

Council of the EU - focuses on legislative decision making
Composed on one minister from each EU member state
Shares legislative power with the Parliament
Legislation is first proposed by the European Commission before examined by the Council of the EU and Parliament.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the European Commission?

A
  1. Implement’s the EU’s decisions and policies
  2. Exclusive competence to propose legislation
  3. Composed of one commissioner per member state.

Can be thought of as the Executive Branch with considerable influence over legislation
Responsible for implementing international treaties.
Responsible for application of Union Law.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the CJEU?

A

Court of Justice of the EU
Comprises of a) European Court of Justice (ECJ) and General Court
Enforces EU law; Clarifies law to national courts

17
Q

How was the GDRP law created?

A
  1. European Commission proposed the laws and sends it to the Parliament and Council of the EU
  2. The Parliament and Council of the EU review it and propose amendments
  3. There is a co-decision between the Parliament and Council of the EU arbitrated by the Commission.
  4. The proposed regulation is adopted.
18
Q

What is the difference between Data Protection Directive and GDPR?

A

DPD (95/46/EC) was a directive; 28 member states transposed them into varying national laws; implementation varied. Article 29 working party coordinated implementation.

GDPR is a regulation (not Directive) that is applicable and enforceable as law in all member states; provides one set of data protection rules to all. GDPR established the EDPB.

19
Q

What is the ePrivacy Directive?

A

Is a Directive 2002/58/EC. Applies to providers of PECS and PECN.
Originally designed to complement the DPD (95/46/EC).
Is expected to be superseded by the ePrivacy Regulation (still in draft)
Has interplay with the GDPR.

20
Q

What’s the interplay between ePD and GDPR?

A
  1. ePD = Storing or accessing data on a device
  2. GDPR = Processing of personal data.

EDPB has issued an opinion on the interplay between ePD and GDPR.

21
Q

Interesting quotes

A

Both the Human Rights Declaration and the ECHR inherently recognize a need for balance between the rights of individuals and the justifiable interference with these rights, which is a recurring theme within data protection law.

22
Q

What are the key principles of the OECD Guidelines ?

A
  1. Collection Limitation
  2. Data Quality
  3. Purpose Specification
  4. Use Limitation
  5. Security Safeguard
  6. Openness
  7. Individual Participation
  8. Accountability Principle
23
Q

What is the Convention 108+?

A

It is an enhancement to Convention 108 made in 2018
21 States signed it (including Uruguay, Argentina, Burkina Faso etc.)
More closely aligns with GDPR
108+ accession is a factor when considering adequacy decisions.
Facilitates global convergence of data protection regulations.