IPaP

Question 1

Types of IP rights

Answer 1

• copyright
• patent
• trademark
• trade secrets
• database sui generis right
• design rights

Question 2

Criteria of copyright

Answer 2

A creation that is an expression, in the field of literature, science or art, and is original

Question 3

Time limiation copyright

Answer 3

70 years after the death of the author

Question 4

Registration copyright

Answer 4

not required

Question 5

patent object

Answer 5

inventions

Question 6

patent criteria

Answer 6

novelty, inventive, and for industrial application

Question 7

patent time limitation

Answer 7

20 years

Question 8

patent registration

Answer 8

required

Question 9

trademark object

Answer 9

a sign

Question 10

trademark criteria

Answer 10

distinctive

Question 11

trademark time limitation

Answer 11

10 years with unlimited renewals

Question 12

trademark registration

Answer 12

both possible

Question 13

trade secrets object

Answer 13

secret information with commercial value

Question 14

trade secret time limitation

Answer 14

as long as the secret can be maintained

Question 15

trade secret registration

Answer 15

not required

Question 16

database criteria

Answer 16

substantial investment

Question 17

database right time limitation

Answer 17

15 years

Question 18

database right registration

Answer 18

no registration required

Question 19

design right object

Answer 19

the outer appearance of goods

Question 20

design right criteria

Answer 20

a novelty and individual character

Question 21

design right time limitation

Answer 21

3 years (unregistered) and 25 years (registered)

Question 22

Creativity

Answer 22

The author could make free and creative choices and stamp their personal touch

Question 23

What is irrelevant under copyright?

Answer 23

the effort or the cost involved

Question 24

How can someone provide public access to copyrighted data without infringement?

Answer 24

• terms of service allow it
• license allows it
• copyright law allows it

Question 25

Is copyright transferable?

Answer 25

Yes, with exceptions

Question 26

What are the exclusive copyright rights?

Answer 26

• exploitation
• moral rights

Question 27

Exploitation rights

Answer 27

• reproduction
• distribution and communication to the public
• adaptation, translation, and arrangement

Question 28

Reproduction

Answer 28

Specifies how it is allowed, how much it is allowed, and if temporarily or permanently allowed

Question 29

Does second communication fall under copyright law?

Answer 29

Yes, because it has not been considered by the holder of the copyright

Question 30

Transfering copyright vs license

Answer 30

By transfering, the original owner can no longer exercise it. With licensing, they can.

Question 31

What counts as an investment?

Answer 31

The cost of collection or verficiation of existing data elements, but not the cost of creation!

Question 32

Does database rights exist in the USA?

Answer 32

no

Question 33

When is database right infringed?

Answer 33

• substantial parts are extracted
• systematically insubstantial parts are extracted
• public access to the database

Question 34

Exceptions to database right

Answer 34

• lawful user can extract or re-utilize insubstantial parts of a PUBLIC database for ANY purpose
• anyone can extract or re-utilize substantial parts of a PUBLIC database for non-commercial teachings or scientific research
• anyone can extract or re-utilize substantial parts of a public database for the purpose of public security or an administrative or judicial procedure

Question 35

Exceptions for EXCLUSIVE database rights

Answer 35

Only research and cultural heritage organisations with scientific research as purpose can re-utilize (but anyone can extract)

Question 36

Other ways to protect data

Answer 36

• property law
• contract law
• unfair competition law

Question 37

Alternatives when data is protected

Answer 37

• public sector information (PSI)
• open licensing (open source)
• data portability

Question 38

PSI

Answer 38

Information that is owned by the state and is costly to collect. The state might have an obligation to release that data and allow its re-use

Question 39

When is data likely to be subject to the PSI regime?

Answer 39

If it is linked to the execution of the activities of the state, there are no third party IP rights over the data, and it is not kept secret for some reason of public policy

Question 40

Data portability

Answer 40

Data subjects have the right to receive personal data concerning them in a structured, commonly used, and machine-readable format. This data can be transferred to another controller

Question 41

Does the sui generis right apply when databases contain data obtained from or generated by the use of a product or related service

Answer 41

NO (LinkedIn example)

Question 42

Similarity of privacy and data protection

Answer 42

• both legal and human rights
• power control tools

Question 43

Which is broader? Privacy or data protection

Answer 43

privacy because it is more than just information

Question 44

privacy

Answer 44

Protect the opacity of the personal sphere

Question 45

negative or positive right? privacy

Answer 45

negative

Question 46

negative or positive right? data protection

Answer 46

positive

Question 47

What does data protection ensure?

Answer 47

transparency of the data processing

Question 48

Material scope

Answer 48

the range of subjects a given law covers

Question 49

personal scope

Answer 49

the range of persons subject to a given law

Question 50

when does the GDPR apply?

Answer 50

to the processing of personal data wholly or partly by automated means and to the processing other than automated means of personal data which (are intended to) form part of a filing system

Question 51

What is processing?

Answer 51

anything done with personal data

Question 52

Does GDPR apply to pseudonymisation data?

Answer 52

yes

Question 53

Is data of deceased or of legal persons or organizations protected by the GDPR?

Answer 53

no

Question 54

is subjective data protected by the GDPR?

Answer 54

yes

Question 55

When is identification not considered likely?

Answer 55

• when prohibited by law
• practically impossible due to disproportionate efforts

Question 56

is anonymisation and deletion processing?

Answer 56

yes

Question 57

2016 Breyer case

Answer 57

Dynamic IP addresses are personal data since a government agency designated with
cybersecurity attacks can access all the data (most likely).

Question 58

does joint controllership mean equal responsibility?

Answer 58

no

Question 59

household exemption

Answer 59

the GDPR does not apply to the processing of personal data by a natural
person in the course of a purely personal or household activity with no connection to a
professional or commercial activity.

Question 60

when does the household exemption not apply anymore?

Answer 60

if the data is made available to the public
or advertisers

Question 61

how can controller vs processer be determined?

Answer 61

• explicit legal competence
• implicit legal competence
• contracts
• factual influenec

Question 62

Google Spain vs Mario Costeja Gonzales 2014

Answer 62

If processing can be distinguished from and is additional to that carried out by others, you
are a controller.

Question 63

Wirtschafsakademie Schleswig Holstein 2018 and Tietosuojavaltuutettu vs Jehovan case

Answer 63

One can be a controller, even without having access to the data. For example, by setting up
a group in which data is collected by others. In that case, you enabled it.

Question 64

Purpose limitation

Answer 64

specified, explicit, and legitimate purpose

Question 65

when to define the purpose (purpose limitation)

Answer 65

before data processing

Question 66

Which activities are presumed compatible for further processing?

Answer 66

• archiving in public interest
• scientific or historical research purposes
• statistical purposes

Question 67

proportionality

Answer 67

An action must be proportionate to a legitimate
goal.

Question 68

integrity and confidentiality principle

Answer 68

data shall be processed in a manner that ensures appropriate security of the personal data by using appropriate technical or organisational measures

Question 69

Who are exempted from accountability?

Answer 69

small organisations under 250 people

Question 70

when does the exemption of accountability not count?

Answer 70

• when the processing is likely to result in a risk to the rights and freedoms of data subjects
• when the processing is not occasional
• when the processing includes sensitive data
• when the processing is related to criminal convictions or offenses

Question 71

accountability

Answer 71

Both the controller and the processor must keep a written record of processing activities

Question 72

grouns for lawful processing

Answer 72

• free, unambiguous, and informed consent
• contract
• legal obligations
• vital interest of the data subject
• task in the public interest or on official authority of a controller
• legitimate interest of a controller, unless overridden by rights and freedoms of the data subject

Question 73

when should free, unambiguous, and informed consent be obtained?

Answer 73

before or at collection

Question 74

what does free consent mean?

Answer 74

that there is a real choice (for each specific purpose)

Question 75

what should be provided for informed consent?

Answer 75

• controllers’ identity
• purpose of each processing operation
• what type of data is collected
• the existence of the right to withdraw consent
• information about ADM
• data transfers

Question 76

is opt-out allowed for free, unambiguous, and informed consent?

Answer 76

no, it must be unambiguous

Question 77

disadvantages of free, unambiguous, and informed consent

Answer 77

• difficult to obtain
• proof of burden on the controller

Question 78

contract as lawful processing ground criteria

Answer 78

• performance impossible without data processing
• performance is of mutual obligation

Question 79

when can vital interests of the data subject be used as lawful processing ground?

Answer 79

only in medical emergencies

Question 80

which ground for lawful processing needs a clear basis in the law?

Answer 80

task in the public interest or on official authority of a controller

Question 81

which lawful processing ground cannot be used by public authorities?

Answer 81

the legitimate interest of a controller or third party ground

Question 82

what is a legitimate interest?

Answer 82

a stake or a benefit in the processing that is lawful

Question 83

sensitive data categories

Answer 83

• racial or ethnic origin
• political opinions
• religious or philosophical beliefs
• trade union membership
• genetic data
• biometric data
• health data
• sexual life/orientation data

Question 84

can proxies be sensitive data?

Answer 84

yes, if it is processed with a purpose to reveal the sensitive data

Question 85

Exceptions for processing sensitive data

Answer 85

• explicit consent
• legal obligation related to employment
• vital interests (medical emergencies)
• not-for-profit bodies
• public information
• legal claims
• substantial public interest
• healthcare
• public health
• archive and research

Question 86

explicit consent

Answer 86

signed or double verification

Question 87

explicit consent for health data

Answer 87

also needs to demonstrate that the data subject is aware that they renounce the special protection of health data

Question 88

which not-for-profit bodies can use the exception for sensitive data?

Answer 88

not-for-profit bodies with a political, philosophical, religious, or trade union aim

Question 89

what is the limitation for not-for-profit bodies for sensitive data exception

Answer 89

it only counts for the data related to the members

Question 90

when does the public information ground apply for the sensitive data exception?

Answer 90

when the data has been made publically available by the data subject themselves

Question 91

limitation of the healthcare exception of sensitive data

Answer 91

by a professional subject to the obligations of professional secrecy

Question 92

criteria public health exception for sensitive data

Answer 92

must be based on the law

Question 93

criteria archive and research exception for sensitive data

Answer 93

must be based on the law

Question 94

Criteria for exceptions for scientific research

Answer 94

ethical standards for research must be kept up

Question 95

exception for scientific research

Answer 95

softer specification and specific consent needed

Question 96

scientific research exception: consent change

Answer 96

consent can be given to certain areas of scientific research instead of purposes exactly

Question 97

scientific research exception: further processing

Answer 97

deemed compatible if:
- safeguards
- purpose cannot be achieved otherwise (even if completely different)

Question 98

scientific research exception: informing

Answer 98

the data subject does not have to be informed

Question 99

scientific research exception: the right to erasure criteria

Answer 99

exceptempted from if:
- it must be necessary for the purpose of scientific research
- safeguards
- erasure must be impossible or seriously impair the achievement of the objectives of that processing

Question 100

advantages of ADM and profiling

Answer 100

• efficient
• saves resources
• personalization

Question 101

disadvantages of ADM and profiling

Answer 101

• risks the individual’s rights and freedoms (because opaque and existing biases)

Question 102

why is ADM regulated?

Answer 102

since it is scoring between people

Question 103

problems with scoring

Answer 103

• opacity
• arbitrary assessments
• disparate impact

Question 104

opacity

Answer 104

Scoring cannot be fully understood by those who are subject to it or by supervisory
authorities, since the opacity is inherit in the algorithms or by trade secrets. Therefore,
it cannot be effectively resisted nor challenged.

Question 105

arbitary assessments

Answer 105

significant variations exists between ratings on the same criteria

Question 106

disparate impact

Answer 106

Algorithms absorb the bias of the data and perhaps their creators. They amplify bias towards
traditionally disadvantaged groups.

Question 107

when has a data subject the right not to be subject of a decision based solely on automated processing (including profiling)?

Answer 107

if it produces legal effects concerning them or similarly significantly effects them

Question 108

what qualifies as human intervention?

Answer 108

the controller must ensure that there is meaningful human
oversight, carried out by someone who has the authority and competence to change the
decision, and all the available input and output data should be considered.

Question 109

profiling

Answer 109

any form of automated processing of personal data consisting to evaluate
certain personal aspects to a natural person

Question 110

exceptions for ADM and profiling

Answer 110

1. If the decision is necessary for entering into or the performance of a contract
2. If the decision is authorised by law to which the controller is subject
3. If explicit consent is obtained

Question 111

which rights should still be given, even if there is an exception for ADM and profiling?

Answer 111

• rights of human intervention
• express their point of view
• right to contest

Question 112

When can ADM use sensitive data?

Answer 112

if the sensitive data is processed based on the ground of valid explicit consent and processing of sensitive data is necessary for reasons of substantial public interest. Safeguards are necessary

Question 113

safeguards

Answer 113

• scientific/methodological correctness
• minimize the risk of errors
• data security
• prevent discriminatory effects

Question 114

ADM: transparency criteria

Answer 114

• information about the existence of ADM
• meaningful information about the logic
• significance
• consequences (real, tangible examples!)