Week 5: IP and the information society

Question 1

Right to Privacy

Answer 1

United States
* Amendment IV US Constitution; Search and Seizure
* Not an absolute right; can be interfered with IF there is a probable cause

Europe
* Article 8 ECHR
* Not absolute
* Unlawful interference (Negative and Positive Obligation)

Question 2

Right to Data Protection

(seen as a separate right)

Answer 2

“Fair and legitimate collection, storage, use and processing of personal data (by the State or private actors)”

Question 3

Right to Privacy

Answer 3

basically closing the doors to protect the sphere of individuals

Question 4

Personal Data

GDPR

Answer 4

any information relating to an identified or identifiable natural person
(Art 4(1) GDPR)

Question 5

Sensitive Data

GDPR

Answer 5

Data revealing eg. race/ethnicity, gender/orientation, health etc. (Art 9(1) GDPR)

Processing is prohibited, unless (Art 9(2) GDPR)

Question 6

Data processing Principles (Art 5 GDPR)

Answer 6

• Lawfulness, fairness and transparency
• Purpose limitation
• Data minimization
• Accuracy
• Storage limitation
• Integrity and confidentiality
• Accountability

Question 7

Lawful grounds for data processing

Answer 7

(Art 6 GDPR)
* Consent
* Necessary for the performance of a contract
* Legal obligation
* Vital interest
* Public interest
* Legitimate interest

Question 8

Consent ; is

Answer 8

• A clear , affirmative action
• Freely given
• Specific, informed , ambiguous → no reasonable doubt, there cannot be any assumption or doubt regarding the consent of data.
• Documented
• Easily withdrawn

Question 9

Material Scope of GDPR

Answer 9

Article 2 GDPR

• Activities that fall outside the scope of the EU
• Activities in the area of Common Foreign and Security Policy
• Law enforcement activities
• Purely personal and household activities (but is suuuuper strict)

Question 10

Territorial Scope of the GDPR

Answer 10

Art 3 GDPR

• Everytime a controller or processor is established in the EU
• If controller or processor is not established in the EU but:
• Offers goods or services to data subjects in the EU, or
• Monitors behaviors of data subjects in the EU

Question 11

Key roles

Answer 11

Art 4 GDPR

Data Subject
any natural person to whom the personal data belong

Data controller
alone or jointly with others, determines the purposes and means of the processing of personal data

Data Processor
process personal data on behalf of the controller

Supervisory Authority independent public authority established by each MS

Question 12

Rights of the data subject

Answer 12

Art 12-22 GDPR

Question 13

Obligations of controllers and processors

Answer 13

Article 24-26

Question 14

Obligations in case of data breaches

Answer 14

Art 32-35 GDPR

• Notify the Supervisory authority without undue delay
• Latest within 72 hours after having become aware of breach
• Inform individuals affected if data breach is high risk!

Question 15

Data Protection Officer

Answer 15

Art 37-39 GDPR