Module 1: Data Protection Laws Flashcards

Question 1

Q

Define Privacy (Charter of Fundamental Rights definition). It’s a respect for… (4 points)

Answer

A

A respect for an individual’s private life, family life, home and communications
Broad definition

Question 2

Q

Define Data Protection (Charter of Fundamental Rights definition) (5 points) (Think elements of entitlement)

Answer

A

Protection of personal data, fair processing, specified purposes, consent or lawful grounds, right of access and rectification
Narrow definition - laws and policies governing the collection and use of personal data

Question 3

Q

Name 4 types of Privacy

Answer

A

Bodily Privacy
Information Privacy
Territorial Privacy
Communications Privacy

Question 4

Q

European Institutions: European Union
What’s it made up of?
What is it?
What are its data protection laws (5)

Answer

A

Made up of 27 member states (28 pre-Brexit)
Economic and political union
Data protection laws: Charter of Fundamental Rights of the EU (CFREU), Treaty on the Functioning of the EU (TFEU), GDPR (General Data Protection Regulation), ePrivacy Directive, National data protection laws across Europe

Question 5

Q

Council of Europe
What’s it made up of?
What is it?
What are its data protection laws (2)

Answer

A

Made up of 47 member states
International organisation
Data protection laws: European Convention of Human Rights (ECHR), Council of Europe Convention (aka Convention 108)

Question 6

Q

Extended definition of data protection… what should be covered? TLPARSE (7 points)

Answer

A

Transparency
Legal basis
Proportionality
Accurate/current data
Right to rectification and objection
Security
Export restrictions

Question 7

Q

What is information privacy concerned with? Give an example

Answer

A

Concerned with establishing rules that govern the collection and handling of personal data
E.g. financial data, medical data, government records, recording of activity on the internet

Question 8

Q

What is territorial privacy concerned with? Give an example

Answer

A

Concerned with placing limits on the ability to intrude into another person’s physical environment e.g. home, workplace, public space - invasion may take form in the form of video surveillance, ID checks, etc.

Question 9

Q

What is bodily privacy concerned with? Give an example

Answer

A

Focused on person’s physical being and invasion of the body - e.g. genetic testing, drug testing, body cavity searches, birth control, abortion, adoption

Question 10

Q

What is communications privacy concerned with? Give an example

Answer

A

Protection of means of correspondence (e.g. postal mail, telephone conversations, email and other forms of communicative behaviour)

Question 11

Q

What is the European Economic Area (EEA)?

It has an internal market and - what four freedoms?

Answer

A

An economic region including the EU and Iceland, Norway and Lietchenstein - which are not official members of the EU but closely linked by an economic relationship. Non-EU countries in the EEA are required to adopt EU legislation regarding the single market.
The EEA has an internal market and four freedoms - (goods, services, persons and capital)

Question 12

Q

Which institution does the Charter of Fundamental Rights of the EU (CFREU) sit within?

Answer

A

European Union

Question 13

Q

When was the Charter of Fundamental Rights of the EU (CFREU) ratified?

Question 14

Q

What is the Charter of Fundamental Rights of the EU (CFREU)? What did it become binding through?

Answer

A

A comprehensive collection of individual fundamental rights which became binding through the Treaty of Lisbon (2007)

Question 15

Q

Which institution does the European Convention on Human Rights (ECHR) sit within?

Answer

A

Council of Europe

Question 16

Q

The European Convention on Human Rights (ECHR) was opened for signing in…

Question 17

Q

The European Convention on Human Rights (ECHR) came into force in…

Question 18

Q

What is CFREU?

Answer

A

Charter of Fundamental Rights of the EU (2000)

Question 19

Q

What is the European Convention on Human Rights (ECHR)? What’s it based on? Who’s it ratified by?

Answer

A

The ECHR is based on the Universal Declaration of Human Rights - it’s a key document for fundamental rights in Europe (not just the EU). It’s ratified by member states.

Question 20

Q

What is ECHR?

Answer

A

European Convention for Human Rights.

Question 21

Q

What does Article 7 of the Charter of Fundamental Rights EU cover? (Protection of privacy relating to…)

Answer

A

Article 7 addresses protection of privacy relating to private life, family life, home and communications

Question 22

Q

What does Article 8 of Charter of Fundamental Rights EU cover?

Answer

A

Article 8 establishes a separate right to data protection

Question 23

Q

What does Article 7 of European Charter of Human Rights cover? Protection of privacy relating to…

Answer

A

Article 7 addresses protection of privacy relating to private life, family life, home and communications including the right to data protection

Question 24

Q

How can Charter of Fundamental Rights EU and European Charter of Human Rights interact?

Answer

A

Interpretation of the CFREU may not oppose the ECHR but may provide for a higher level of protection.

Question 25

Q

Considerations of CFREU...
N&amp;P
R
L
G

Answer

A

Necessary and proportionate
Respect the essence of the right
Limitations provided for by law
Genuinely meet the objectives of general interest recognised by the EU or the need to protect the rights and freedom of others

Question 26

Q

Considerations for ECHR…
In accordance with ___
Necessary in ____ society (e.g. for…)

Answer

A

In accordance with the law
Necessary in democratic society (e.g. public security and safety, economic well being of the country, prevention of disorder/crime, protection of health/morals, protection of rights/freedom of others)

Question 27

Q

Where is the Court of Justice of the EU based?

Answer

A

Luxembourg.

Question 28

Q

What is the Court of Justice of the EU?

Answer

A

The judicial body of the EU.

Question 29

Q

The judicial body of the EU is…

Answer

A

The Court of Justice of the EU.

Question 30

Q

What does the Court of Justice of the EU do?
Makes decisions on…
Provides clarification of…

Answer

A

The Court of Justice of the EU makes decisions on issues of EU law and enforces decisions either in respect of actions taken by the European Commission against a member state or by an individual or organisation to enforce his or her rights under EU law.
It provides clarification of EU law to national courts to assist national courts in upholding EU law.

Question 31

Q

What is the Court of Justice of the EU comprised of?

Answer

A

The European Court of Justice (ECJ) and the General Court.

Question 32

Q

Name a landmark case of the Court of Justice of the EU

Answer

A

Lindqvist, Nowak
Costeja, Schrems
Weltimmo

Question 33

Q

Lindqvist/Nowak was a landmark case of…

Answer

A

The Court of Justice of the EU

Question 34

Q

Costeja, Schrems was a landmark case of…

Answer

A

The Court of Justice of the EU

Question 35

Q

Weltimmo was a landmark case of…

Answer

A

The Court of Justice of the EU

Question 36

Q

What is the ECHR (Court)?

Answer

A

The European Court of Human Rights.

Question 37

Q

Where is the European Court of Human Rights based?

Answer

A

Strasbourg, France - it’s aka the Stasbourg Court

Question 38

Q

What does the European Court of Human Rights do?

Answer

A

Upholds privacy and data protection laws through its enforcement of the European Convention of Human Rights and Convention 108.
The ECHR has also considered the question of the protection of personal data from the viewpoint of the right of access to such data.

Question 39

Q

Is the European Court of Human Rights part of the European Union?

Question 40

Q

Name a landmark case of the European Court of Human Rights?

Answer

A

Niemietz, Halford, Copland
Barbulescu
I v Finland

Question 41

Q

Niemietz, Halford, Copland was a landmark case of…

Answer

A

The European Court of Human Rights.

Question 42

Q

Barbulescu was a landmark case of…

Answer

A

The European Court of Human Rights.

Question 43

Q

I v Finland was a landmark case of…

Answer

A

The European Court of Human Rights.

Question 44

Q

The Council of Europe was established in…

Question 45

Q

What was established in 1949?

Answer

A

The Council of Europe.

Question 46

Q

What was established in 1951?

Answer

A

The European Coal and Steel Community (ECSC) which over time would develop into the European Union (EU).

Question 47

Q

The European Coal and Steel Community (ECSC) which over time would develop into the European Union (EU), was established in…

Question 48

Q

What influenced data protection laws in the 1960s?

Answer

A

Rapid growth of international trade and increasing use of computers and telecommunications.

Question 49

Q

What influenced data protection laws in the 1970s - 1980s?

Answer

A

Greater conflict between national privacy rights and international free trade.

Question 50

Q

What influenced data protection laws in the 1980s - 1990s?

Answer

A

Rise of data management issues (direct marketing, telemarketing)

Question 51

Q

When was the EU established?

Question 52

Q

The EU was established in…

Question 53

Q

What influenced data protection laws in the 2000s?

Answer

A

Identity thefts

Question 54

Q

What influenced data protection laws in the 2010s?

Answer

A

Social media, cloud computing, online ads and location-based services.

Question 55

Q

What is the Privacy conflict?

Answer

A

Right to privacy vs. Freedom of speech: this is a contradiction between 2 fundamental human rights, with increasing relevance in the information age.

Question 56

Q

What was the Google Spain v. AEPD and Mario Costeja Gonzalez case?

Answer

A

Mr. Costeja sued Google Spain, Google Inc and La Vanguardia newspaper because personal data about him was available through a Google search in the newspaper’s online archives. The Court of Justice of the EU ruled that Google Spain must remove the links to the article.

Question 57

Q

What formal set of ‘guidelines’ were brought forward in 1980?

Answer

A

Organisation for Economic Cooperation and Development Guidelines on the Protection of Privacy and Transborder flows of Personal Data.

Question 58

Q

What does “OECD” stand for?

Answer

A

Organisation for Economic Cooperation and Development

Question 59

Q

What guidelines did the OECD bring forward in 1980?

Answer

A

Guidelines on the Protection of Privacy and Transborder flows of Personal Data.

Question 60

Q

The OECD’s Guidelines on the Protection of Privacy and Transborder flows of Personal Data…

Answer

A

are non-binding
protect personal data in a global economy
provide principles on collection and use

Question 61

Q

The OECD’s Guidelines on the Protection of Privacy and Transborder flows of Personal Data were revised in…

Question 62

Q

In 1981, the Council Of Europe established…

Answer

A

Convention 108 / the CoE convention (the Council of Europe Convention for the Protection of Individuals with Regard to the Automatic Processing of Personal Data)

Question 63

Q

What is the title of Convention 108?

Answer

A

The Council of Europe Convention for the Protection of Individuals with Regard to the Automatic Processing of Personal Data

Question 64

Q

Convention 108 belongs to: the EU or Council of Europe?

Answer

A

Council of Europe.

Answer 56

A

A legally binding treaty of member states of the Council of Europe that is also open to non members. It relates to the protection of data subject privacy and automatically processed personal data.

Answer 57

A

The EU Data Protection Directive (95/46/EC).

Answer 58

A

A legally binding transposition of member states of the EU.

Answer 59

A

The Charter of Fundamental Rights of the EU (CFREU) & The E-Commerce Directive of 2000 (Directive 2000/31/EC).

Answer 60

A

Issues relating to processing personal data.

Answer 61

A

A version of Convention 108 that was overhauled in October 2018 to align with GDPR. It serves as a means for third countries (those outside the EU) to adopt the basic tenets of the GDPR.

Answer 62

A

20 member states of the Council of Europe, including the UK, signed in 2018. Since there more states have followed.

Answer 63

A

The EU Directive on Privacy and Electronic Communications.

Answer 64

A

Communications passed over electronic channels, with particular rules around marketing, cookies and security breach notifications for internet service providers (ISP) and telecommunications companies.

Answer 65

A

2009 in order to align with the GDPR.

Answer 66

A

The EU Data Retention Directive (2006/24/EC).

Answer 67

A

Requirements of Internet Service Providers and telecommunication companies to keep metadata about communications they carried in case it needs to be accessed for law enforcement purposes. National data retention laws across the EU.

Answer 68

A

2014 Digital Rights Ireland case - was challenged and struck down by the Court of Justice for the EU.

Answer 69

A

The Treaty of Lisbon.

Answer 70

A

The Treaty of Lisbon.

Answer 71

A

The Charter of Fundamental Rights was made binding law. EU data protection law was developed.

Answer 72

A

The Treaty of Lisbon is an international agreement that amends the two treaties which form the constitutional basis of the European Union. It gave the EU full legal personality.

Answer 73

A

The Data Protection Directive (1995) (Recital 171; Articles 94, 99).

Answer 74

A

General Data Protection Regulation.

Answer 75

A

General Data Protection Regulation.

Answer 76

A

General Data Protection Regulation.

Answer 77

A

Defines EU priorities and sets political direction.

Answer 78

A

Implements EU decisions and policies. Other broad functions including executive competence to propose legislation.

Answer 79

A

Heads of state or government of all EU countries, European Council president, European Commission president, and High Representative for Foreign Affairs and Security Policy.

Answer 80

A

One commissioner per member state who pledges to respect the EU treaties.

Answer 81

A

The European Commission.

Answer 82

A

One minister from each member state, changing depending on the policy issue being discussed.

Answer 83

A

Legislative decision making (along with the parliament) - the legislation is generally proposed by the commission before being examined by the Council of the EU and parliament.

Answer 84

A

Elected members (only institution where members are directly elected).

Answer 85

A

Legislative development and supervisory oversight of the other institutions and budget development. Its greatest impact on data protection and privacy issues is through its legislative process, and it’s a frequent advocate for the right to data protection.

Answer 86

A

The co-decision procedure is the process by which the Council of the EU and the European Parliament agree on legislation.

Answer 87

A

The co-decision procedure.

Answer 88

A

The European Commission proposes legislation to the Council of the EU and European Parliament.

Answer 89

A

The European Parliament and the Council of the EU.

Answer 90

A

European Parliament and the Council of the EU.

Answer 91

A

Supervises.

Answer 92

A

Appoints.

Answer 93

A

Arbitrates.

Answer 94

A

The Court of Justice.

Answer 95

A

European Commission proposed draft legislation in 2012 and sent to European Parliament and Council of the EU
European Parliament reviews the draft and collected thousands of comments/amendments.
Council of EU also reviewed it.
Parliament/Council then tried to jointly agree on the legislation. The Commision adjudicated the proceedings (the trialogue procedure)
Other groups (e.g. national parliaments, industry advocated, consumer advocates) expressed views
In Dec 2016, Parliament and Council agreed upon the EU GDPR first proposed in 2012 - it went into affect on 25 May 2018
The European Court of Justice (EJC) is the judicial body of the EU, involved in cases related to data protection that begin in national courts and are referred to the ECJ for ruling on interpretations of EU law.

Answer 96

A

Cloning - yet with variances.

Answer 97

A

Member states.

Answer 98

A

Member states’ governments.

Answer 99

A

National laws in EU.

Answer 100

A

Inconsistent - local laws and implementation differed across member states.

Answer 101

A

Article 29 Working Party (WP29)

Answer 102

A

It’s directly applicable and enforceable as law in every EU member state and provides just one set of data protection rules for all.

Answer 103

A

One consistent set of data rules however 50 provisions allow for local law clarification or exception.

Answer 104

A

They have been either repealed or amended to align with the GDPR.

Answer 105

A

European Data Protection Board replaced the WP29 in 2018 - WP29 GDPR guidelines were endorsed by the EDPB.

Answer 106

A

the interplay between the ePrivacy Directive and the GDPR, the competence, tasks and powers of the data protection authorities, and the processing that triggers the material scope of both.

Answer 107

A

Electronic communications service and network, and service and network publicly available and offered in the EU, plus website operators (e.g. for cookies) or other businesses (e.g. for direct marketing)

Answer 108

A

Any form of processing of personal data, regardless of the technology used.

Answer 109

A

Special provisions prevail over general rules (lex specialis princple)

Answer 110

A

Several ePrivacy Directive provisions complement GDPR provisions

Answer 111

A

avoid the imposition of unnecessary administrative burdens upon controllers who would otherwise be subject to similar but to quite identical administrative burdens

Answer 112

A

in cases where lex specialis does not apply, the general rule will apply

Answer 113

A

When processing of personal data triggers the material scope of both GDPR and the ePrivacy Directive, data protection authorities are competent to scrutinise the data processing operations which are governed by national ePrivacy rules only of national law confers with this competence on them, and such scrutiny must happen within the supervisory powers assigned to the authority by the national law transposing the ePrivacy Directive.

Brainscape's Knowledge GenomeTM

Module 1: Data Protection Laws Flashcards

Brainscape's Knowledge Genome^TM