Data Protection Laws (1)

Question 1

What is the Council of Europe and how many members does it have?

Answer 1

International organization
46 member states

Question 2

What are the 2 privacy laws under the Council of Europe?

Answer 2

1. European Convention on Human Rights (ECHR)
2. Convention 108 (first legally binding international instrument in data protection)

Question 3

What is the European Union?

Answer 3

Economic and Political union
27 member states

(not Switzerland or UK)

Question 4

What are the 6 privacy laws under the EU?

Answer 4

1. Charter of Fundamental Rights of the EU
2. Treaty on the Functioning of the EU
3. Lisbon Treaty (improved the TFEU)
4. General Data Protection Regulation (GDPR)
5. ePrivacy Directive (communications)
6. national data protection laws across Europe

Question 5

What is the European Economic Area (EEA)?

Answer 5

EU countries (27)
+
3 (Iceland, Norway, Liechtenstein)

Question 6

What is the European Free Trade Association (EFTA)?

Answer 6

trade agreement
all EU + EEA + Switzerland

Question 7

Which countries does the GDPR apply to?

Answer 7

All EU countries (27)

not UK or Switzerland

Question 8

What is the Court of Justice of the EU?

Answer 8

Judicial body of the EU
Decides and enforces EU law

Question 9

Which court hears cases on data protection as brought by national courts and the EU Commission against member states?

Answer 9

Court of Justice of the EU (CJEU)

Question 10

Does the European Court of Human Rights hear data protection cases?

Answer 10

Yes

if they related to Article 8 of the European Convention on Human Rights (ECHR)

Question 11

What was the ruling in the Google Spain v. AEPD and Mario Costeja Gonzalez case?

Answer 11

Google Spain must remove links to the Vanguardia articles reporting the bankruptcy

1. information was not up to date and
2. the right to be forgotten

Question 12

What was the intention of the OECD Guidelines?

Answer 12

Principles around the protection of data

Facilitate free transfer of data with common data protection guidelines

Question 13

What are the 7 data protection principles under the OECD Guidelines?

Answer 13

1. Openness
2. Individual Participation
3. Security
4. Accountability
5. Collection and Use Limitation
6. Purpose Specification
7. Data Quality

Question 14

What is the Convention 108, and why was it created?

Answer 14

First legally binding international instrument in the field of data protection

Created to achieve greater unity and extend privacy protection across borders

Question 15

What is the EU Data Protection Directive?

Answer 15

A directive to add data protection to national legislation for EU member states

Question 16

What is the e-commerce directive?

Answer 16

Legal issues particularly in electronic commerce (digital marketing)

Question 17

Why was the ePrivacy Directive created?

Answer 17

to protect personal data and privacy given advancements in digital technologies introduced in public communication networks

need for consistent and equal protections regardless of technology

Question 18

What was the purpose of the Treaty of Lisbon?

2007

Answer 18

Strengthen the structures of the European Union
Made the Charter of Fundamental Rights binding

Question 19

What is the GDPR?

Answer 19

A regulation that directly applies to all EU member states

Question 20

What are the EU legislative institutions?

Answer 20

1. European Commission - implements EU decisions and policies, propose legislation
2. Council of the EU - legislative decision-making (represent their own countries)
3. European Parliament - legislative development (directly elected)

Question 21

What is the co-legislation procedure for EU governance?

Answer 21

1. European Commission proposes legislation
2. Council of the EU and European Parliament agree on legislation to turn into EU law

Question 22

Which body implements EU decisions and policies?

Answer 22

European Commission

Question 23

Which body defines EU priorities and sets political direction?

Answer 23

EU Council

Question 24

Which bodies are engaged in legislative decision-making?

Answer 24

Council of the EU
European Parliament

Question 25

What are the four responsibilities of the European Parliament?

Answer 25

1. legislative development 2. supervisory oversight of other institutions 3. democratic representation 4. development of the budget

Question 26

What is the difference between the Data Protection Directive and GDPR?

Answer 26

Directive: ordered member states to implement data protection into local law GDPR: applicable and enforceable as law in every EU member state, allows for local clarifications or exceptions

Question 27

Does the ePrivacy Directive apply to private communication channels such as company intranet?

Answer 27

No (although principles of Directive still apply if personal data are processed)

Question 28

The European Convention on Human Rights is a product of which institution?

Answer 28

The Council of Europe

Question 29

What is the role of the European Parliament?

Answer 29

engaged in legislative development

Question 30

What is the difference between the European Council and the Council of the EU?

Answer 30

European Council: heads of state of EU countries and EC presidents and High Representative. Defines EU's priorities and sets political direction Council of the EU: one minister from each member state based on policy issue to be discussed. Conducts legislative decision-making with Parliament

Question 31

What is the name of the first legally binding international instrument in data protection in the EU?

Answer 31

Convention 108 Two reasons: 1. member states failure to respond to previous resolutions concerning protection of privacy and 2. need for binding international instrument to reinforce principles in previous resolutions

Question 32

What are 3 reasons Convention 108 is noteworthy?

Answer 32

1. Based on principles 2. Recognizes importance of free flow of information 3. Requires member states to enact national legislation

Question 33

Why did the European Commission propose a Data Protection Directive following Convention 108?

Answer 33

member states were taking a fragmented approach to implementation and privacy protection was inconsistent

Question 34

In GDPR, what are articles versus recitals?

Answer 34

articles = operative law recitals = detail about how to interpret article

Question 35

How does GDPR differ from the Directive?

Answer 35

1. directly applicable across all member states without further intervention 2. strengthens consent in relation to data use 3. provides new and stronger rights to data subjects 4. introduces accountability responsibilities 5. imposes compliance obligations on processors 6. expands range of measures to legitimize transfers 7. places security obligations on both controllers and processors 8. affords individuals right to compensation and judicial remedies

Question 36

What are the 3 objectives of the new rules in the LED (Law Enforcement Directive)?

Answer 36

1. better cooperation between law enforcement authorities 2. better protection of citizen data 3. clear rules for international data flows

Question 37

What is the scope of the ePrivacy Directive?

Answer 37

processing of personal data in connection with the provision of publicly available electronic communication services in public communication networks in the EU

Question 38

What are the 6 key provisions of the ePrivacy Directive?

Answer 38

1. appropriate technical and organizational measures to safeguard security 2. ensure confidentiality of communications and traffic data 3. most forms of digital marketing require opt-in consent 4. processing of traffic and billing data subject to restrictions 5. location data may only be processed if anonymous or with consent 6. subscribers must be informed before being included in a directory

Question 39

What was the most relevant update to the ePrivacy Directive regarding breaches?

Answer 39

mandatory notification for personal data breaches by electronic communication service providers to authority and individual

Question 40

How was the ePrivacy Directive amended regarding cookies?

Answer 40

storing of information or the gaining of access of information already stored in the terminal equipment of a user is only allowed if user has given consent having been provided with clear and comprehensive information

Question 41

Are EU Directives binding?

Answer 41

only in terms of **final result** to be achieved forms and methods of implementation are left to member states

Question 42

What were the first rules to balance personal freedom with restrictions of rights?

Answer 42

The Universal Declaration of Human Rights of the United Nations The European Convention on Human Rights (ECHR)

Question 43

What are the 3 mechanisms that data can be transferred out of the European Economic Area (EEA)?

Answer 43

1) adequacy findings, 2) appropriate safeguards, 3) under specific derogations

Question 44

What was the goal of the Convention 108, OECD Guidelines and Data Protection Directive?

Answer 44

harmonize the approach to data protection agree on principles and leave implementation to member states