General

Question 1

Universal Declaration of Human Right - Right to private life

Answer 1

Article 12

Question 2

Universal Declaration of Human Right - Freedom of Expression

Answer 2

Article 19

Question 3

Universal Declaration of Human Right - Individual Rights are not absolute, and there are instances where a balance must be struck

Answer 3

Article 29

Question 4

European Convention of Human Rights - When enacted?

Answer 4

Rome 1950

Question 5

European Convention of Human Rights - Rights under the convention?

Answer 5

1. right to life;
2. prohibition of torture;
3. prohibition of slavery and forced labour;
4. right to liberty and security;
5. right to a fair trial;
6. no punishment without law;
7. respect for private and family life;
8. freedom of thought,
9. conscience and religion;
10. freedom of expression;
11. freedom of assembly and association;
12. right to marry;
13. right to an effective remedy; an
14. prohibition of discrimination.

Question 6

European Convention of Human Rights - which article protects the tights of individuals for their personal information to remain private?

Answer 6

Article 8

Question 7

European Convention of Human Rights - which article protects the right to freedom of expression?

Answer 7

Article 10

Question 8

Early Laws and Regulations

Answer 8

1968 - recomendation 509 on human rights and modern scientific and technological developments

1973 - Resolutions 73/22 and 74/29 - principles for the protection of personal data in automated data banks.

1980s - OECD Guidelines on the protection of privacy and transborder flows of personal data

1981 - Convention 108 (The Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data) (first binding international instrument to set standards for the protection of individuals’ personal data)

Convention 108+

Data Protection Directive

Charter of Fundamental Rights

Lisbon Treaty

Question 9

OECD Guidelines s on the Protection of Privacy and Transborder Flows of Personal Data - what are the principles introduced?

Answer 9

1) Collection limitation principle
2) data quality principle
3) purpose specification principle
4) use limitation principle
5) security safeguard principle
6) openness principle
7) individual participation principle
8) accountability principle

Question 10

Convention 108 Principles

Answer 10

1) Fairly and lawfully
2) Adecuate, relavant and not excessive
3) Accurate and up to date
4) appropriate security measures
5) sets a definition for “Special categories of Data”
6) sets rights of communication, rectification and erasure
7) transfer between signatories: “countries shall not imposeany prohibitions or require any special authorisations for the purpose of the
protection of privacy before such transfers can take place”
8) Derogation from the provisions is permitted only where the exporting country hasin place specific rules in its national law for certain categories of personal data or ofa utomated personal data files and the importing country does not providee quivalent protection or where the transfer is to a country that is not a party to Convention 108.

The solution to this was the introduction of the concept (imported from the EU’s 1995 Data Protection Directive)11 of an adequate’ rather than an equivalent level of protection for personal information transferred to states falling outside the jurisdiction of the exporting party, subject to exceptions where the transfer is made in the legitimate interests of the individual, is in the public interest, or is based on contractual clauses approved by the supervisory authority.

9) Mutual assistance (supervisory authority)

Question 11

Convention 108+

Answer 11

2018 - final protocol amending approved.
objective - introduce harmonized approach to to data protection on the basis of international agreement on principles - implementation left to member states.

Question 12

Data Protection Directive (95/46/EC)

Answer 12

leaves implementation to member states
principles of convention 108 as benchmark
problem - differences of implementation between member states, creating difficulties for businesses to take full advantage of the benefits of the internal market.

Question 13

Charter of Fundamental Rights

Answer 13

Processing must be fair
processing must be carried for specific purposes
must be a legitimate basis
Rights to access and rectification
must establish supervisory authority

Question 14

Treaty of Lisbon

Answer 14

2007

Question 15

General Data Protection Regulation (GDPR)

Answer 15

enforceable 25 May 2018

Question 16

Examples where member states may make further legislative provisions under the GDPR

Answer 16

Where there are already sector-specific laws in place, for example, in relation to the processing of employee data

Archiving purposes in the public interest, scientific or historical research purposes, statistical purposes

Processing of ‘special categories of personal data

Processing in compliance with a ‘legal obligation’

Question 17

Key changes that have been incorporated into the GDPR

Answer 17

Key changes that have been incorporated into the Regulation include:

1) Stronger rights for individuals, particularly in the online environment
2) A requirement that data privacy be taken into account when new technologies are being developed (‘data protection by design and by default’)
3) The introduction of the concept of ‘accountability’ where by organisations must be able to demonstrate compliance with the GDPR
4) Increased powers for supervisory authorities
5) The concept of the ‘one-stop shop’
6) Broader applicability of the Regulation to anyone targeting EU consumers

Question 18

The Law Enforcement Data Protection Directive

Answer 18

At the same time as proposing the framework for the Regulation, the European Commission also introduced a directive for the ‘protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data’ (‘Law Enforcement Data Protection Directive’, or LEDP Directive),36which entered in to force on 5 May 2016. Member states have until 6 May 2018 to transpose the LEDP Directive into their national law. The aim of the LEDP Directive is to harmonise the rules in place across the member states to protect citizens’ fundamental rights whenever personal data is used by criminal law enforcement authorities, but it does not preclude member states from providing higher safeguards in their national law to protect the rights ofdata subjects.

Question 19

E-Privacy Directive

Answer 19

The ePrivacy Directive sets out rules relating to processing personal data across‘ public communications networks’.37The GDPR makes it clear that it is not intended to impose additional obligations on top of the obligations contained in the ePrivacy Directive and that the ePrivacy Directive therefore needs to be reviewed and amended as appropriate to ensure consistency across the two regimes.
At the time of writing, there is a proposed Regulation on Privacy and Electronic Communications (the ePrivacy Regulation’) undergoing review

Question 20

EU Institution established by the Lisbon Treaty

Answer 20

1) European Parliament
2) European Council
3) the Council
4) European Commission
5) Court of Justice of the European Union
6) European Central Bank
7) Court of Auditors