Law and the Internet Flashcards

1
Q

Civil Evidence Act 1968

A

Computer records became admissible in civil trials

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

List the six principles of GDPR

A

Data must be:
1. Fairly and lawfully processed
2. Processed for limited purposes
3. Adequate, relevant and not excessive
4. Accurate and up to date
5. Not kept in a form that identifies people for longer than necessary
6. Processed securely and protected against loss or damage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What does GDPR stand for?

A

General Data Protection Regulation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

GDPR includes a requirement to keep internal records of your databases. What does this include?

A
  1. Who you are, the type of data and who provided it
  2. Retention schedules
  3. Security arrangements
  4. Details of transfers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

GDPR makes it essential to identify why processing is allowed. What does this include?

A
  1. Consent: for each purpose must be freely given, specific, informed and unambiguous
  2. Contract
  3. Legal compliance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

List the rights that GDPR provides for individuals

A
  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision making and profiling
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is meant by the right to be informed?

A

Need to have a privacy notice that explains your processing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is meant by the right of access?

A

Systems need to be designed for this right to be exercisable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is meant by the right to rectification?

A

Errors need to be corrected and passed on if the data was passed on

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is meant by the right to erasure?

A

Right to be forgotten - delete data when there is no compelling reason to keep it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is meant by the right to restrict processing?

A

You can keep data, but not otherwise process it unless you have to

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Who does GDPR state that firms processing data at scale must appoint? What is their job?

A

Data Protection Officer. They advise on GDPR obligations, monitor compliance with GDPR and report to the board

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What characterises offences that fall into Section 1 of the Computer Misuse Act 1990?

A
  • Unauthorised access to a program or data
  • Requires knowledge that is unauthorised
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What characterises offences that fall into Section 2 of the Computer Misuse Act 1990?

A

As Section 1, but with intent to commit another serious offence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What characterises offences that fall into Section 3 of the Computer Misuse Act 1990?

A

Unauthorised modification of data Eg. virus writing, denial of service, making/distributing hacking tools

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What was Whitaker convicted under the Computer Misuse Act 1990 for?

A

Not disclosing a time-lock that froze bespoke software when client was late in making payments.

17
Q

Explain the Wimbledon case

A

After an appeal it was found that “mail bombing” is a Section 3 offence - test of unauthorised becomes “if I were to ask, would they say yes”

18
Q

What was Cuthbert convicted of under the Computer Misuse Act 1990?

A

Section 1 offence for trying out ../../../ URLs

19
Q

Electronic Communications Act 2000

A

Electronic signatures shall be admissible as evidence

20
Q

Investigatory Powers Act 2016

A
  • Deals with interception and communications data
  • Permits equipment interference under a warrant
  • Permits bulk interception, bulk acquisition, bulk equipment interference and collection of bulk personal datasets
21
Q

What is communications data?

A

Metadata about communications. Needs a retention regime

22
Q

What is interception?

A

Revealing content to someone other than sender/receiver

23
Q

How must interception be authorised under the Investigatory Powers Act 2016?

A

By a warrant signed by the Secretary of State ie. Home Secretary. Power can only be delegated very temporarily

24
Q

Give 2 examples of interception

A
  1. Tapping a telephone
  2. Copying an email
25
Q

What relevant power does GCHQ have?

A

They can scan international communications for “factors”

26
Q

How must regulators undertake lawful business practice with respect to the Investigatory Powers Act 2016?

A
  1. Regulations prescribe how not to commit an offence under IPA
  2. Must make all reasonable efforts to tell all users of system that interception may occur
27
Q

Which party of the Regulation of Investigatory Powers Act 2000 is still in force?

A

The part that deals with encryption

28
Q

Regulation of Investigatory Powers Act 2000

A

Basic requirement is to “put this material into an intelligible form”. You can supply the key instead. Keys can be demanded

29
Q

Consumer Rights Directive 2011

A
  1. Remote seller must identify themselves
  2. Details of contract must be delivered
  3. Right to cancel unless service already delivered
30
Q

E-Commerce Directive 2002

A

Online selling and advertising is subject to UK law if you are established in the UK - whoever you sell to. There are complexities if selling to foreign consumers if you specifically marketed to them

31
Q

Privacy and Electronics Communications Regulations 2003

A

Bans unsolicited marketing emails to natural persons

32
Q

What does legislation say about cookies?

A
  • Must give clear and comprehensive information
  • Must have consent unless cookies are strictly necessary for provision of an information society service that has been requested
33
Q

Give 2 examples where cookies may be used without permission

A
  1. Shopping carts
  2. Security on bank websites
34
Q

Give 3 examples where cookies may not be used without permission

A
  1. First and third party advertising
  2. Analytics
  3. Personalisation