Data Protection Laws (1) Flashcards

1
Q

What is the Council of Europe and how many members does it have?

A

International organization
46 member states

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the 2 privacy laws under the Council of Europe?

A
  1. European Convention on Human Rights (ECHR)
  2. Convention 108 (first legally binding international instrument in data protection)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the European Union?

A

Economic and Political union
27 member states

(not Switzerland or UK)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the 6 privacy laws under the EU?

A
  1. Charter of Fundamental Rights of the EU
  2. Treaty on the Functioning of the EU
  3. Lisbon Treaty (improved the TFEU)
  4. General Data Protection Regulation (GDPR)
  5. ePrivacy Directive (communications)
  6. national data protection laws across Europe
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the European Economic Area (EEA)?

A

EU countries (27)
+
3 (Iceland, Norway, Liechtenstein)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the European Free Trade Association (EFTA)?

A

trade agreement
all EU + EEA + Switzerland

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which countries does the GDPR apply to?

A

All EU countries (27)

not UK or Switzerland

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the Court of Justice of the EU?

A

Judicial body of the EU
Decides and enforces EU law

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which court hears cases on data protection as brought by national courts and the EU Commission against member states?

A

Court of Justice of the EU (CJEU)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Does the European Court of Human Rights hear data protection cases?

A

Yes

if they related to Article 8 of the European Convention on Human Rights (ECHR)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What was the ruling in the Google Spain v. AEPD and Mario Costeja Gonzalez case?

A

Google Spain must remove links to the Vanguardia articles reporting the bankruptcy

  1. information was not up to date and
  2. the right to be forgotten
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What was the intention of the OECD Guidelines?

A

Principles around the protection of data

Facilitate free transfer of data with common data protection guidelines

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the 7 data protection principles under the OECD Guidelines?

A
  1. Openness
  2. Individual Participation
  3. Security
  4. Accountability
  5. Collection and Use Limitation
  6. Purpose Specification
  7. Data Quality
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the Convention 108, and why was it created?

A

First legally binding international instrument in the field of data protection

Created to achieve greater unity and extend privacy protection across borders

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the EU Data Protection Directive?

A

A directive to add data protection to national legislation for EU member states

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the e-commerce directive?

A

Legal issues particularly in electronic commerce (digital marketing)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Why was the ePrivacy Directive created?

A

to protect personal data and privacy given advancements in digital technologies introduced in public communication networks

need for consistent and equal protections regardless of technology

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What was the purpose of the Treaty of Lisbon?

2007

A

Strengthen the structures of the European Union
Made the Charter of Fundamental Rights binding

19
Q

What is the GDPR?

A

A regulation that directly applies to all EU member states

20
Q

What are the EU legislative institutions?

A
  1. European Commission - implements EU decisions and policies, propose legislation
  2. Council of the EU - legislative decision-making (represent their own countries)
  3. European Parliament - legislative development (directly elected)
21
Q

What is the co-legislation procedure for EU governance?

A
  1. European Commission proposes legislation
  2. Council of the EU and European Parliament agree on legislation to turn into EU law
22
Q

Which body implements EU decisions and policies?

A

European Commission

23
Q

Which body defines EU priorities and sets political direction?

A

EU Council

24
Q

Which bodies are engaged in legislative decision-making?

A

Council of the EU
European Parliament

25
What are the four responsibilities of the European Parliament?
1. legislative development 2. supervisory oversight of other institutions 3. democratic representation 4. development of the budget
26
What is the difference between the Data Protection Directive and GDPR?
Directive: ordered member states to implement data protection into local law GDPR: applicable and enforceable as law in every EU member state, allows for local clarifications or exceptions
27
Does the ePrivacy Directive apply to private communication channels such as company intranet?
No (although principles of Directive still apply if personal data are processed)
28
The European Convention on Human Rights is a product of which institution?
The Council of Europe
29
What is the role of the European Parliament?
engaged in legislative development
30
What is the difference between the European Council and the Council of the EU?
European Council: heads of state of EU countries and EC presidents and High Representative. Defines EU's priorities and sets political direction Council of the EU: one minister from each member state based on policy issue to be discussed. Conducts legislative decision-making with Parliament
31
What is the name of the first legally binding international instrument in data protection in the EU?
Convention 108 Two reasons: 1. member states failure to respond to previous resolutions concerning protection of privacy and 2. need for binding international instrument to reinforce principles in previous resolutions
32
What are 3 reasons Convention 108 is noteworthy?
1. Based on principles 2. Recognizes importance of free flow of information 3. Requires member states to enact national legislation
33
Why did the European Commission propose a Data Protection Directive following Convention 108?
member states were taking a fragmented approach to implementation and privacy protection was inconsistent
34
In GDPR, what are articles versus recitals?
articles = operative law recitals = detail about how to interpret article
35
How does GDPR differ from the Directive?
1. directly applicable across all member states without further intervention 2. strengthens consent in relation to data use 3. provides new and stronger rights to data subjects 4. introduces accountability responsibilities 5. imposes compliance obligations on processors 6. expands range of measures to legitimize transfers 7. places security obligations on both controllers and processors 8. affords individuals right to compensation and judicial remedies
36
What are the 3 objectives of the new rules in the LED (Law Enforcement Directive)?
1. better cooperation between law enforcement authorities 2. better protection of citizen data 3. clear rules for international data flows
37
What is the scope of the ePrivacy Directive?
processing of personal data in connection with the provision of publicly available electronic communication services in public communication networks in the EU
38
What are the 6 key provisions of the ePrivacy Directive?
1. appropriate technical and organizational measures to safeguard security 2. ensure confidentiality of communications and traffic data 3. most forms of digital marketing require opt-in consent 4. processing of traffic and billing data subject to restrictions 5. location data may only be processed if anonymous or with consent 6. subscribers must be informed before being included in a directory
39
What was the most relevant update to the ePrivacy Directive regarding breaches?
mandatory notification for personal data breaches by electronic communication service providers to authority and individual
40
How was the ePrivacy Directive amended regarding cookies?
storing of information or the gaining of access of information already stored in the terminal equipment of a user is only allowed if user has given consent having been provided with clear and comprehensive information
41
Are EU Directives binding?
only in terms of **final result** to be achieved forms and methods of implementation are left to member states
42
What were the first rules to balance personal freedom with restrictions of rights?
The Universal Declaration of Human Rights of the United Nations The European Convention on Human Rights (ECHR)
43
What are the 3 mechanisms that data can be transferred out of the European Economic Area (EEA)?
1) adequacy findings, 2) appropriate safeguards, 3) under specific derogations
44
What was the goal of the Convention 108, OECD Guidelines and Data Protection Directive?
harmonize the approach to data protection agree on principles and leave implementation to member states