IPaP Flashcards
1
Q
Types of IP rights
A
- copyright
- patent
- trademark
- trade secrets
- database sui generis right
- design rights
2
Q
Criteria of copyright
A
A creation that is an expression, in the field of literature, science or art, and is original
3
Q
Time limiation copyright
A
70 years after the death of the author
4
Q
Registration copyright
A
not required
5
Q
patent object
A
inventions
6
Q
patent criteria
A
novelty, inventive, and for industrial application
7
Q
patent time limitation
A
20 years
8
Q
patent registration
A
required
9
Q
trademark object
A
a sign
10
Q
trademark criteria
A
distinctive
11
Q
trademark time limitation
A
10 years with unlimited renewals
12
Q
trademark registration
A
both possible
13
Q
trade secrets object
A
secret information with commercial value
14
Q
trade secret time limitation
A
as long as the secret can be maintained
15
Q
trade secret registration
A
not required
16
Q
database criteria
A
substantial investment
17
Q
database right time limitation
A
15 years
18
Q
database right registration
A
no registration required
19
Q
design right object
A
the outer appearance of goods
20
Q
design right criteria
A
a novelty and individual character
21
Q
design right time limitation
A
3 years (unregistered) and 25 years (registered)
22
Q
Creativity
A
The author could make free and creative choices and stamp their personal touch
23
Q
What is irrelevant under copyright?
A
the effort or the cost involved
24
Q
How can someone provide public access to copyrighted data without infringement?
A
- terms of service allow it
- license allows it
- copyright law allows it
25
Is copyright transferable?
Yes, with exceptions
26
What are the exclusive copyright rights?
- exploitation
- moral rights
27
Exploitation rights
- reproduction
- distribution and communication to the public
- adaptation, translation, and arrangement
28
Reproduction
Specifies how it is allowed, how much it is allowed, and if temporarily or permanently allowed
29
Does second communication fall under copyright law?
Yes, because it has not been considered by the holder of the copyright
30
Transfering copyright vs license
By transfering, the original owner can no longer exercise it. With licensing, they can.
31
What counts as an investment?
The cost of collection or verficiation of existing data elements, but not the cost of creation!
32
Does database rights exist in the USA?
no
33
When is database right infringed?
- substantial parts are extracted
- systematically insubstantial parts are extracted
- public access to the database
34
Exceptions to database right
- lawful user can extract or re-utilize insubstantial parts of a PUBLIC database for ANY purpose
- anyone can extract or re-utilize substantial parts of a PUBLIC database for non-commercial teachings or scientific research
- anyone can extract or re-utilize substantial parts of a public database for the purpose of public security or an administrative or judicial procedure
35
Exceptions for EXCLUSIVE database rights
Only research and cultural heritage organisations with scientific research as purpose can re-utilize (but anyone can extract)
36
Other ways to protect data
- property law
- contract law
- unfair competition law
37
Alternatives when data is protected
- public sector information (PSI)
- open licensing (open source)
- data portability
38
PSI
Information that is owned by the state and is costly to collect. The state might have an obligation to release that data and allow its re-use
39
When is data likely to be subject to the PSI regime?
If it is linked to the execution of the activities of the state, there are no third party IP rights over the data, and it is not kept secret for some reason of public policy
40
Data portability
Data subjects have the right to receive personal data concerning them in a structured, commonly used, and machine-readable format. This data can be transferred to another controller
41
Does the sui generis right apply when databases contain data obtained from or generated by the use of a product or related service
NO (LinkedIn example)
42
Similarity of privacy and data protection
- both legal and human rights
- power control tools
43
Which is broader? Privacy or data protection
privacy because it is more than just information
44
privacy
Protect the opacity of the personal sphere
45
negative or positive right? privacy
negative
46
negative or positive right? data protection
positive
47
What does data protection ensure?
transparency of the data processing
48
Material scope
the range of subjects a given law covers
49
personal scope
the range of persons subject to a given law
50
when does the GDPR apply?
to the processing of personal data wholly or partly by automated means and to the processing other than automated means of personal data which (are intended to) form part of a filing system
51
What is processing?
anything done with personal data
52
Does GDPR apply to pseudonymisation data?
yes
53
Is data of deceased or of legal persons or organizations protected by the GDPR?
no
54
is subjective data protected by the GDPR?
yes
55
When is identification not considered likely?
- when prohibited by law
- practically impossible due to disproportionate efforts
56
is anonymisation and deletion processing?
yes
57
2016 Breyer case
Dynamic IP addresses are personal data since a government agency designated with
cybersecurity attacks can access all the data (most likely).
58
does joint controllership mean equal responsibility?
no
59
household exemption
the GDPR does not apply to the processing of personal data by a natural
person in the course of a purely personal or household activity with no connection to a
professional or commercial activity.
60
when does the household exemption not apply anymore?
if the data is made available to the public
or advertisers
61
how can controller vs processer be determined?
- explicit legal competence
- implicit legal competence
- contracts
- factual influenec
62
Google Spain vs Mario Costeja Gonzales 2014
If processing can be distinguished from and is additional to that carried out by others, you
are a controller.
63
Wirtschafsakademie Schleswig Holstein 2018 and Tietosuojavaltuutettu vs Jehovan case
One can be a controller, even without having access to the data. For example, by setting up
a group in which data is collected by others. In that case, you enabled it.
64
Purpose limitation
specified, explicit, and legitimate purpose
65
when to define the purpose (purpose limitation)
before data processing
66
Which activities are presumed compatible for further processing?
- archiving in public interest
- scientific or historical research purposes
- statistical purposes
67
proportionality
An action must be proportionate to a legitimate
goal.
68
integrity and confidentiality principle
data shall be processed in a manner that ensures appropriate security of the personal data by using appropriate technical or organisational measures
69
Who are exempted from accountability?
small organisations under 250 people
70
when does the exemption of accountability not count?
- when the processing is likely to result in a risk to the rights and freedoms of data subjects
- when the processing is not occasional
- when the processing includes sensitive data
- when the processing is related to criminal convictions or offenses
71
accountability
Both the controller and the processor must keep a written record of processing activities
72
grouns for lawful processing
- free, unambiguous, and informed consent
- contract
- legal obligations
- vital interest of the data subject
- task in the public interest or on official authority of a controller
- legitimate interest of a controller, unless overridden by rights and freedoms of the data subject
73
when should free, unambiguous, and informed consent be obtained?
before or at collection
74
what does free consent mean?
that there is a real choice (for each specific purpose)
75
what should be provided for informed consent?
- controllers' identity
- purpose of each processing operation
- what type of data is collected
- the existence of the right to withdraw consent
- information about ADM
- data transfers
76
is opt-out allowed for free, unambiguous, and informed consent?
no, it must be unambiguous
77
disadvantages of free, unambiguous, and informed consent
- difficult to obtain
- proof of burden on the controller
78
contract as lawful processing ground criteria
- performance impossible without data processing
- performance is of mutual obligation
79
when can vital interests of the data subject be used as lawful processing ground?
only in medical emergencies
80
which ground for lawful processing needs a clear basis in the law?
task in the public interest or on official authority of a controller
81
which lawful processing ground cannot be used by public authorities?
the legitimate interest of a controller or third party ground
82
what is a legitimate interest?
a stake or a benefit in the processing that is lawful
83
sensitive data categories
- racial or ethnic origin
- political opinions
- religious or philosophical beliefs
- trade union membership
- genetic data
- biometric data
- health data
- sexual life/orientation data
84
can proxies be sensitive data?
yes, if it is processed with a purpose to reveal the sensitive data
85
Exceptions for processing sensitive data
- explicit consent
- legal obligation related to employment
- vital interests (medical emergencies)
- not-for-profit bodies
- public information
- legal claims
- substantial public interest
- healthcare
- public health
- archive and research
86
explicit consent
signed or double verification
87
explicit consent for health data
also needs to demonstrate that the data subject is aware that they renounce the special protection of health data
88
which not-for-profit bodies can use the exception for sensitive data?
not-for-profit bodies with a political, philosophical, religious, or trade union aim
89
what is the limitation for not-for-profit bodies for sensitive data exception
it only counts for the data related to the members
90
when does the public information ground apply for the sensitive data exception?
when the data has been made publically available by the data subject themselves
91
limitation of the healthcare exception of sensitive data
by a professional subject to the obligations of professional secrecy
92
criteria public health exception for sensitive data
must be based on the law
93
criteria archive and research exception for sensitive data
must be based on the law
94
Criteria for exceptions for scientific research
ethical standards for research must be kept up
95
exception for scientific research
softer specification and specific consent needed
96
scientific research exception: consent change
consent can be given to certain areas of scientific research instead of purposes exactly
97
scientific research exception: further processing
deemed compatible if:
- safeguards
- purpose cannot be achieved otherwise (even if completely different)
98
scientific research exception: informing
the data subject does not have to be informed
99
scientific research exception: the right to erasure criteria
exceptempted from if:
- it must be necessary for the purpose of scientific research
- safeguards
- erasure must be impossible or seriously impair the achievement of the objectives of that processing
100
advantages of ADM and profiling
- efficient
- saves resources
- personalization
101
disadvantages of ADM and profiling
- risks the individual's rights and freedoms (because opaque and existing biases)
102
why is ADM regulated?
since it is scoring between people
103
problems with scoring
- opacity
- arbitrary assessments
- disparate impact
104
opacity
Scoring cannot be fully understood by those who are subject to it or by supervisory
authorities, since the opacity is inherit in the algorithms or by trade secrets. Therefore,
it cannot be effectively resisted nor challenged.
105
arbitary assessments
significant variations exists between ratings on the same criteria
106
disparate impact
Algorithms absorb the bias of the data and perhaps their creators. They amplify bias towards
traditionally disadvantaged groups.
107
when has a data subject the right not to be subject of a decision based solely on automated processing (including profiling)?
if it produces legal effects concerning them or similarly significantly effects them
108
what qualifies as human intervention?
the controller must ensure that there is meaningful human
oversight, carried out by someone who has the authority and competence to change the
decision, and all the available input and output data should be considered.
109
profiling
any form of automated processing of personal data consisting to evaluate
certain personal aspects to a natural person
110
exceptions for ADM and profiling
1. If the decision is necessary for entering into or the performance of a contract
2. If the decision is authorised by law to which the controller is subject
3. If explicit consent is obtained
111
which rights should still be given, even if there is an exception for ADM and profiling?
- rights of human intervention
- express their point of view
- right to contest
112
When can ADM use sensitive data?
if the sensitive data is processed based on the ground of valid explicit consent and processing of sensitive data is necessary for reasons of substantial public interest. Safeguards are necessary
113
safeguards
- scientific/methodological correctness
- minimize the risk of errors
- data security
- prevent discriminatory effects
114
ADM: transparency criteria
- information about the existence of ADM
- meaningful information about the logic
- significance
- consequences (real, tangible examples!)
