Week 12

Question 1

What are the distinct rights related to privacy and data protection?

Answer 1

Right to respect for private life and right to personal data protection

These rights are closely related but not the same.

Question 2

When did privacy rights emerge in international human rights law?

Answer 2

With the Universal Declaration of Human Rights (UDHR) in 1948.

Question 3

What document affirmed privacy rights in Europe?

Answer 3

The European Convention on Human Rights (ECHR) in 1950.

Question 4

What is Article 8 of the ECHR about?

Answer 4

Right to respect for private and family life, home, and correspondence.

Question 5

What impact did technological advancements have on privacy rights?

Answer 5

Improved quality of life, efficiency, and productivity, but introduced new risks to private life.

Question 6

What is ‘informational privacy’?

Answer 6

The concept developed to address the collection and use of personal information, emphasizing individuals’ control over their data.

Question 7

What decade saw the emergence of data protection laws in Europe?

Answer 7

1970s.

Question 8

What article acknowledges data protection as a fundamental right in EU Law?

Answer 8

Article 16 of the Treaty on the Functioning of the EU.

Question 9

What are the key differences between the right to privacy and the right to data protection?

Answer 9

• Right to privacy: Protects private and family life, home, and communications from interference
• Right to data protection: Specifically addresses the protection of personal data.

Question 10

What was the main issue with the Data Protection Directive of 1995?

Answer 10

Inconsistent implementation across member states.

Question 11

What regulation replaced the Data Protection Directive of 1995?

Answer 11

The General Data Protection Regulation (GDPR).

Question 12

When did the GDPR become applicable?

Answer 12

May 2018.

Question 13

What are the main goals of the GDPR?

Answer 13

• Stronger data protection rules
• Enhanced individual rights
• Stricter obligations for organizations.

Question 14

What does Article 4 of the GDPR define as ‘personal data’?

Answer 14

Any information relating to an identified or identifiable natural person.

Question 15

What does ‘processing’ refer to in the context of the GDPR?

Answer 15

Any operation performed on personal data, including collection, storage, and erasure.

Question 16

What is the role of a ‘controller’ under the GDPR?

Answer 16

Determines the purposes and means of processing personal data.

Question 17

True or False: Data protection under EU law is limited to automated data processing.

Answer 17

False.

Question 18

What is required for valid consent under the GDPR?

Answer 18

• Freely given
• Specific
• Informed
• Unambiguous indication of wishes.

Question 19

What is the territorial scope of the GDPR?

Answer 19

Applies to processing of personal data in the context of activities of an establishment in the EU, regardless of where processing takes place.

Question 20

Define ‘processor’ in the context of the GDPR.

Answer 20

A natural or legal person processing personal data on behalf of the controller.

Question 21

What must a written contract between a controller and processor include?

Answer 21

• Subject matter
• Nature
• Purpose
• Duration of processing
• Type of personal data.

Question 22

What does GDPR Article 3 specify about non-EU controllers?

Answer 22

Applies if they offer goods or services to data subjects in the Union or monitor their behavior within the Union.

Question 23

What does ‘establishment’ refer to in the context of GDPR?

Answer 23

A company based in Europe that has European customers, such as a subsidiary or office.

Question 24

Fill in the blank: The GDPR applies to the processing of personal data in the context of the activities of an establishment of a ______.

Answer 24

controller or processor in the Union.

Question 25

What does Article 3 of the GDPR state about its territorial scope?

Answer 25

It applies to the processing of personal data in the context of the activities of a controller or processor in the Union, regardless of whether the processing takes place in the Union or not.

Question 26

What is required for a company outside of Europe to comply with the GDPR?

Answer 26

If the company offers goods or services to European customers or monitors their behavior within the Union, compliance is necessary.

Question 27

True or False: A company must have a physical presence in Europe to be subject to the GDPR.

Answer 27

False

Question 28

Fill in the blank: The GDPR applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to the offering of goods or services or the _______.

Answer 28

monitoring of their behaviour

Question 29

What does ‘monitoring behavior’ include according to Recital 24 of the GDPR?

Answer 29

Tracking natural persons on the internet and processing techniques such as profiling.

Question 30

List some examples of activities that might constitute the ‘monitoring’ of people’s behavior.

Answer 30

• Behavioral ads
• Geo-localization activities
• Online tracking via cookies
• Personalized diet and health analytics
• CCTV
• Market surveys
• Monitoring health

Question 31

True or False: The GDPR’s monitoring provision requires intention to monitor behavior.

Answer 31

False

Question 32

What is the significance of public international law regarding the GDPR?

Answer 32

It applies to a controller not established in the Union, such as in a Member State’s diplomatic mission.

Question 33

According to Article 2 of the GDPR, what does the Regulation not apply to?

Answer 33

• Activities outside the scope of Union law
• Member States’ activities under Chapter 2 of Title V of the TEU
• Purely personal or household activities
• Criminal law enforcement activities

Question 34

What are the principles relating to the processing of personal data as stated in Article 5 of the GDPR?

Answer 34

• Lawfulness, fairness, and transparency
• Purpose limitation
• Data minimization
• Accuracy
• Storage limitation
• Integrity and confidentiality
• Accountability

Question 35

What does ‘lawfulness, fairness, and transparency’ mean in the context of GDPR?

Answer 35

It refers to the requirement that personal data must be processed in a way that is lawful, fair, and transparent to the data subject.

Question 36

Fill in the blank: Personal data must be _______ for specified, explicit and legitimate purposes.

Answer 36

collected

Question 37

What is meant by ‘data minimization’ under the GDPR?

Answer 37

Personal data must be adequate, relevant, and limited to what is necessary for the purposes for which they are processed.

Question 38

What does the GDPR require regarding the accuracy of personal data?

Answer 38

Personal data must be accurate and kept up to date; inaccurate data must be erased or rectified without delay.

Question 39

What is the requirement for storage limitation under the GDPR?

Answer 39

Personal data should be kept in a form that permits identification of data subjects for no longer than necessary for the purposes of processing.

Question 40

What does ‘integrity and confidentiality’ entail according to the GDPR?

Answer 40

Personal data must be processed securely to protect against unauthorized processing and accidental loss.

Question 41

What is the accountability principle in the GDPR?

Answer 41

The controller must be responsible for and be able to demonstrate compliance with the processing principles.