Week 12 Flashcards
What are the distinct rights related to privacy and data protection?
Right to respect for private life and right to personal data protection
These rights are closely related but not the same.
When did privacy rights emerge in international human rights law?
With the Universal Declaration of Human Rights (UDHR) in 1948.
What document affirmed privacy rights in Europe?
The European Convention on Human Rights (ECHR) in 1950.
What is Article 8 of the ECHR about?
Right to respect for private and family life, home, and correspondence.
What impact did technological advancements have on privacy rights?
Improved quality of life, efficiency, and productivity, but introduced new risks to private life.
What is ‘informational privacy’?
The concept developed to address the collection and use of personal information, emphasizing individuals’ control over their data.
What decade saw the emergence of data protection laws in Europe?
1970s.
What article acknowledges data protection as a fundamental right in EU Law?
Article 16 of the Treaty on the Functioning of the EU.
What are the key differences between the right to privacy and the right to data protection?
- Right to privacy: Protects private and family life, home, and communications from interference
- Right to data protection: Specifically addresses the protection of personal data.
What was the main issue with the Data Protection Directive of 1995?
Inconsistent implementation across member states.
What regulation replaced the Data Protection Directive of 1995?
The General Data Protection Regulation (GDPR).
When did the GDPR become applicable?
May 2018.
What are the main goals of the GDPR?
- Stronger data protection rules
- Enhanced individual rights
- Stricter obligations for organizations.
What does Article 4 of the GDPR define as ‘personal data’?
Any information relating to an identified or identifiable natural person.
What does ‘processing’ refer to in the context of the GDPR?
Any operation performed on personal data, including collection, storage, and erasure.
What is the role of a ‘controller’ under the GDPR?
Determines the purposes and means of processing personal data.
True or False: Data protection under EU law is limited to automated data processing.
False.
What is required for valid consent under the GDPR?
- Freely given
- Specific
- Informed
- Unambiguous indication of wishes.
What is the territorial scope of the GDPR?
Applies to processing of personal data in the context of activities of an establishment in the EU, regardless of where processing takes place.
Define ‘processor’ in the context of the GDPR.
A natural or legal person processing personal data on behalf of the controller.
What must a written contract between a controller and processor include?
- Subject matter
- Nature
- Purpose
- Duration of processing
- Type of personal data.
What does GDPR Article 3 specify about non-EU controllers?
Applies if they offer goods or services to data subjects in the Union or monitor their behavior within the Union.
What does ‘establishment’ refer to in the context of GDPR?
A company based in Europe that has European customers, such as a subsidiary or office.
Fill in the blank: The GDPR applies to the processing of personal data in the context of the activities of an establishment of a ______.
controller or processor in the Union.
What does Article 3 of the GDPR state about its territorial scope?
It applies to the processing of personal data in the context of the activities of a controller or processor in the Union, regardless of whether the processing takes place in the Union or not.
What is required for a company outside of Europe to comply with the GDPR?
If the company offers goods or services to European customers or monitors their behavior within the Union, compliance is necessary.
True or False: A company must have a physical presence in Europe to be subject to the GDPR.
False
Fill in the blank: The GDPR applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to the offering of goods or services or the _______.
monitoring of their behaviour
What does ‘monitoring behavior’ include according to Recital 24 of the GDPR?
Tracking natural persons on the internet and processing techniques such as profiling.
List some examples of activities that might constitute the ‘monitoring’ of people’s behavior.
- Behavioral ads
- Geo-localization activities
- Online tracking via cookies
- Personalized diet and health analytics
- CCTV
- Market surveys
- Monitoring health
True or False: The GDPR’s monitoring provision requires intention to monitor behavior.
False
What is the significance of public international law regarding the GDPR?
It applies to a controller not established in the Union, such as in a Member State’s diplomatic mission.
According to Article 2 of the GDPR, what does the Regulation not apply to?
- Activities outside the scope of Union law
- Member States’ activities under Chapter 2 of Title V of the TEU
- Purely personal or household activities
- Criminal law enforcement activities
What are the principles relating to the processing of personal data as stated in Article 5 of the GDPR?
- Lawfulness, fairness, and transparency
- Purpose limitation
- Data minimization
- Accuracy
- Storage limitation
- Integrity and confidentiality
- Accountability
What does ‘lawfulness, fairness, and transparency’ mean in the context of GDPR?
It refers to the requirement that personal data must be processed in a way that is lawful, fair, and transparent to the data subject.
Fill in the blank: Personal data must be _______ for specified, explicit and legitimate purposes.
collected
What is meant by ‘data minimization’ under the GDPR?
Personal data must be adequate, relevant, and limited to what is necessary for the purposes for which they are processed.
What does the GDPR require regarding the accuracy of personal data?
Personal data must be accurate and kept up to date; inaccurate data must be erased or rectified without delay.
What is the requirement for storage limitation under the GDPR?
Personal data should be kept in a form that permits identification of data subjects for no longer than necessary for the purposes of processing.
What does ‘integrity and confidentiality’ entail according to the GDPR?
Personal data must be processed securely to protect against unauthorized processing and accidental loss.
What is the accountability principle in the GDPR?
The controller must be responsible for and be able to demonstrate compliance with the processing principles.
