Week 12

Question 1

What are the four major categories of issues because of the internet?

Answer 1

– Information rights – your personal info
– Property rights – how can it be enforced
– Governance –is internet subject to public law?
– Public safety and welfare; gambling, porn, child
safety, bullying

Question 2

why when dealing with IT must there be legal protections?

Answer 2

Information technology is designed to transmit and associate data. This efficient
movement of data presents problems, as previously privacy relied partly on the
sheer difficulty of getting comprehensive information about a person.

Question 3

Define privacy

Answer 3

Moral right of individuals to be left alone, free from
surveillance or interference from other individuals
or organizations

Question 4

What is information privacy

Answer 4

Subset of privacy
The claim that certain information should not be
collected at all
The claim of individuals to control the use of
whatever information is collected about them

Question 5

What is a web cookie?

Answer 5

A web cookie is a small piece of data stored on the user’s computer by the web
browser while browsing a website. Cookies can also be used to remember
pieces of information that the user previously entered such as names,
addresses, passwords, phone numbers, etc. While cookies offer convenience for users, they also facilitate tracking of users
and so have data protection implications

Question 6

What does GDPR say about cookies

Answer 6

GDPR does not prohibit cookies, but requires users to give permission to use
them when they first visit a website.

Question 7

What sort of data is collected at e commerce sites

Answer 7

Personally identifitable information
– Name, address, phone, e-mail, social security
– Bank & credit accounts, gender, age, occupation,
education
– Preference data (from your browsing habits), transaction data, clickstream
data, browser type

Question 8

What effect does social networks have on a persons privacy

Answer 8

Encourages sharing personal details
Poses unique challenge to maintaining privacy
Social networks mean that people post information about themselves and this
information may not be restricted to a limited group.
Cross-referencing of this data can lead to useful information about peopl

Question 9

What si profiling

Answer 9

Creation of digital images that characterize online
individual and group behavior

Question 10

How do advertising networks work on the internet and give an example

Answer 10

– Track consumer and browsing behavior on Web
– Dynamically adjust what user sees on screen
– Build and refresh profiles of consumers
Google Adwords - Businesses pay to get their advertisements ranked at the top
of the search results page, based on the keywords that want to target

Question 11

What are some top adwords

Answer 11

Insurance
Loan
Mortgage
Attorney
Credit
Lawyer
Donate

Question 12

What is cyberlaw

Answer 12

Laws intended to regulate activities over the
Internet or via the use of electronic data
communications and storage
– Intellectual property
– Privacy
– Freedom of expression
– Jurisdiction

Question 13

What are the issues with cyberlaw

Answer 13

Identifying the jurisdiction - usually law is national. Technology changes very quickly

Question 14

What si the law in ireland to do with privacy? - When was it written

Answer 14

Data Protection Act (1984,1988,2002) Irish Data protection acts originate in EU directives
The principles have been the same from the beginning, but each act has
tightened up the restrictions

Question 15

What rights are in the data protection act

Answer 15

Obtain and process data fairly
* Specified purpose
* Disclose only if compatible with purpose
* Keep safe and secure
* Accurate, complete and up to date
* Relevant and not excessive
* Retain only as long as necessary
* Comply with access request

Question 16

What are the law in the data protection act in relation to data holders

Answer 16

– Give individuals access to their personal data
– Allow individuals to correct or delete any
information thats incorrect/ireleant
– Obtain information fairly, openly and transparently
– Use it only forpurpose for
which it was originally collected
– Secure it against unauthorised access or loss
– Ensure that it is kept accurate and up to date
- Must not further process data or retain it longer for which it was given

Question 17

Why can adhering to the data protection act be difficult and give an example

Answer 17

– Conflicts with other legislation
– Lack of clear guidelines
E.G retention of data may be desirable for any possible future criminal
investigation, but this may conflict with data protection law

Question 18

Why can adhering to the data protection act be difficult and give an example

Answer 18

– Conflicts with other legislation
- The internet is international
– Lack of clear guidelines
E.G retention of data may be desirable for any possible future criminal
investigation, but this may conflict with data protection law

Question 19

Explain opt-in and opt- out policies and where they are used

Answer 19

Opt in is the EU standard -You must give your
explicit consent to
have data compiled
about you
Opt out is the US standard - Data can be compiled
about you unless you
specifically request
otherwise

Question 20

What regulates government agencies in the US in relation to information systems security

Answer 20

Federal Information Security Management Act of 2002 in the US updated in 2014
by the Federal Information Security Modernization Act and also in 2022 regulates
government agencies in the USA.

Question 21

Explain informed consent int he US

Answer 21

U.S. firms can gather and redistribute transaction
information without individual’s informed consent – Illegal in Europe
– Opt-in (EU)
– Opt-out (US)
–Many U.S. e-commerce firms merely publish
information practices as part of privacy policy
without providing for any form of informed consent

Question 22

Explain the European data protection in place

Answer 22

Rules data controllers must adhere to
– Your rights as a data subject
– What can you do if your rights are violated
* Regulates data transfers to non-EU countries - there are some approved countires automatically

Question 23

What have been some agreements and protections in place between the EU and the US? Explain the current one

Answer 23

Originally Safe Harbour Agreement
– Overturned by Schrems vs Irish DPC 2015
* Then EU-U.S. Privacy Shield
– Schrems II case 2020 invalidated this
* Trans-Atlantic Data Privacy Framework 2022. Components of this:
– US data access restricted to necessary and proportionate
– new two-tier redress system
– Data Protection Review Court

Question 24

What does GDPR stand for

Answer 24

General Data Protection
Regulation

Question 25

What is the jurisdiction of the GDPR law and what are fines

Answer 25

International scope
– All organisations providing service in EU whether
paid or not. Fine are 4% of annual global turnover or €20 million

Question 26

What does personal data mean in GDPR

Answer 26

personal data’ means any information, including
data that can be combined with other
information, relating to an identified or
identifiable natural person (‘data subject’)

Question 27

Define naturla person in GDPR

Answer 27

natural person’ is one who can be identified,
directly or indirectly, in particular by reference to

Natural person
- You have to be alive
- It does not refer to companies etc
Personal data can include things that can identify a natural person
- Biometric data e.g. fingerprints
- Car reg number

Question 28

What is the concept of pseudo anonymization in GDPR

Answer 28

Processing personal data in such a way that it can’t
be attributed to a specific individual, without the
use of additional information kept separately.
Pseudoanonymised data is still a form of personal
data but its use is encouraged
– extra security of the data
– used for statistical purposes

Question 29

What is GDPR sesnitive personal data

Answer 29

– racial or ethnic origin,
– political opinions
– religious or philosophical beliefs
– trade union membership
– processing of genetic data
– biometric data
– data concerning health
– data concerning a natural person’s sex life

Question 30

What does processing mean as per GDPR

Answer 30

Performing any operations/
set of operations on personal data, including:
– obtaining, recording or keeping data;
– organising or altering the data;
– retrieving, consulting or using the data;
– disclosing the data to a third party (including
publication);
– erasing or destroying the data

Question 31

Define data controller as per GDPR

Answer 31

Data Controller: is the person or organisation
who decides the purposes for which, and the
means by which, personal data is processed. The
purpose of processing data involves ‘why’ the
personal data is being processed and the ‘means’
involves ‘how’ the data is processed

Question 32

Define data processor as per GDPR

Answer 32

Data Processor: A person or organisation that
processes personal data on behalf of a data
controller, but is not an employee of the DC above
Data might be outsourced to an external company EX: marketing strategist, data entry, analaysts

Question 33

What are the main principles of GDPR

Answer 33

Data is processed lawfully, fairly, in transparent way
Its collected for a specified, explicit and legitimate purpose
It is limited to what is relevant and necessary for the purposes of colelciton
It’s accurate and kept up to date
Data is kept no longer than necessary
It’s processed in a manner ensuring security of the data

Question 34

What are the different reasons an employee may interact with processing of data

Answer 34

Contract
Legal obligation
Vital interest
Public task
Legitimate interests

Question 35

What are the GDPR Controller obligations

Answer 35

• Privacy by design
• Ensure processors are GDPR compliant
• Keep data control records
• Keep data secure
• Report data breaches
• Carry out impact assessments
• Appoint a data protection officer (DPO)
• Comply with certification
• Ensure data transfer outside the EU is sufficiently
  compliant

Question 36

What are the rights we have under GDPR

Answer 36

• Transparency
• Subject access rights (no fee)
• Right to rectify
• Right to erasure
• Right to restriction of processing
• Right to data portability (new)- right of data transfer in machine readable format
• Right to object
• Right not to be subject to automated decision
  taking

Question 37

What are the GDPR requirements of data holders

Answer 37

Make an inventory of all personal data you hold
and examine it under the following headings:
– Why are you holding it?
– How did you obtain it and why?
– How long will you retain it and how to dispose of it?
– How secure is it?
– Do you share it with 3rd parties and on what basis?
* Many organisation don’t really know what data
they have

Question 38

Give an example of a current data breaching case

Answer 38

Luxembourg fined Amazon €746 million
– Details unclear until appeal
– But involves cookie consent.
* Amazon was given until 15 January 2022 to
ensure that its processing is GDPR compliant.
– On appeal, it was ruled that Amazon had not been
given enough clarity on what was required

Question 39

Give an example of a past data breaching/ GDPR investigation case

Answer 39

On 21/9/2020 the Irish DPC started investigating
Instagram re insufficient controls on under 18s
opening accounts
– Certain data on U-18s made public
– European countries did not agree on penalty
EU Data Protection Boards amended decision
– €405 million fine imposed.

Question 40

How do actuaries interact with GDPR

Answer 40

Actuaries must ensure that customers have given
consent for any analysis that they wish to
conduct.
– Consent policies have to be updated
* Actuaries must be careful of local stores of data
* Pseudonymisation should be systematic
* Customers have a right to know how their data is
processed

Question 41

What does the DMA stand for

Answer 41

Digital markets act

Question 42

What is the EU DMA

Answer 42

DMA regulates large gatekeeper businesses
– Allow users install apps from other sources than
the gatekeeper provider
– Prohibit the gatekeeper from favouring its services
– Prohibit data that is not available to third parties
DMA rules enter force in november of this year

Question 43

What is the EU digital services act

Answer 43

Regulates Very Large Online Platforms 45m users
– illegal content
– transparent advertising
– disinformation
* Companies are required to be transparent in what
they are doing about illegal content
* Companies are required to be transparent in why
people see certain advertisements

Question 44

What does the criminal justice act 2001 say about computer crime

Answer 44

A person who dishonestly, whether within or
outside the State, operates or causes to be
operated a computer within the State with the
intention of making a gain for himself or herself
or another, or of causing loss to another, is guilty
of an offence

Question 45

Can employees have their computers monitored?

Answer 45

Yes only is they know about it though - mponitors the employees productivity and behaviour. Employee needs to know:
– That they are being
monitored
– the reasons and
purposes why they
are monitored.
– How the information
is to be used

Question 46

What can automating process lead to (positives and negative)

Answer 46

• Improved work
  conditions
• Higher quality
  products
• Lower (unit) cost
• deskilling of workforce
• elimination of jobs