Supervision, Enforcement and Surveillance Activities

Question 1

Define this Concept: Surveillance

Answer 1

Observation of individuals or groups, covert or carried out openly, conducted in real time or by access to store materials.

Question 2

True or False. Surveillance includes accessing observation data in stored materials (video).

Answer 2

True.

Question 3

What are examples of electronic surveillance.

Answer 3

Social network, data mining, aerial surveillance.

Question 4

What is the GDPR general rule regarding the use of surveillance.

Answer 4

Article 23 of the GDPR requires (i) necessity, and (ii) respect the essence of fundamental rights.

Question 5

What article of the GDPR governs surveillance?

Answer 5

Article 23

Question 6

True or False. Necessity is required for the use of surveillance strategies under the GDPR.

Answer 6

True.

Question 7

True or False. Private entities may conduct surveillance?

Answer 7

True.

Question 8

True or False. Public entities can conduct surveillance?

Answer 8

True. Only in interest of national security or law enforcement.

Question 9

What purpose is required for public entities to conduct surveillance?

Answer 9

National security interest or law enforcement

Question 10

What purpose is required for private entities to conduct surveillance?

Answer 10

Legitimate interests

Question 11

True or False: Private entities may conduct surveillance under the GDPR for any purpose.

Answer 11

False. Must be legitimate interest.

Question 12

What are the 3 categories of power for supervisory authorities?

Answer 12

(1) Investigate
(2) Corrective
(3) Authorization and Advisory

Question 13

How is the lead supervisory authority determined for single establishment?

Answer 13

Place of establishment in EU

Question 14

How is the lead supervisory authority determined for multiple establishments?

Answer 14

Supervisory authority is place of central administration.

Question 15

Name some supervisory authority mechanisms.

Answer 15

1. Cooperation
2. Mutual Assistance
3. Joint Operations
4. Consistency Mechanisms
5. Dispute Resolution
6. Urgency Procedures

Question 16

Define “cooperation” with respect to supervisory authority.

Answer 16

Cooperation between the lead supervisory authority and other concerned authorities.

Question 17

Define mutual assistance.

Answer 17

Provision of relevant information between supervisory authorities, facilities the provision of relevant information between SAs

Question 18

Define joint operations

Answer 18

investigations of controllers or processors in several member states or of data subjects in more than 1 member state.

Question 19

Define consistency mechanism.

Answer 19

Specific collaboration between the Commission, EDPB and supervisory authorities to ensure consistent GDPR application.

Question 20

What is the EDPB?

Answer 20

European Data Protection Board

Question 21

True or False. Article 29 WP was replaced by EDPB?

Answer 21

True.

Question 22

How many active members are participating in the EDPB?

Answer 22

27 active participants

Question 23

What is EDPB role in review of WP 29 opinions?

Answer 23

Decides what WP opinions must be updated.

Question 24

How many tiers are in the fining regime?

Answer 24

Two

Question 25

What are the two tiers for fines?

Answer 25

(A) $10 Million o4 2% of annual turnover
(B) $20 Million or 4% of annual turnover

Question 26

What standard applies to determining which penalties apply?

Answer 26

Totality of the circumstances.

Question 27

What are some examples of factors reviewed when examining the totality of the circumstances?

Answer 27

(i) Number of data subjects involved
(ii) purpose of processing
(iii) Damage suffered by data subjects
(iv) Duration of the infringement