Lecture 2 - Law

Question 1

Who did informational privacy emerge with and when?

Answer 1

With Warren/ Brandeis in 1890 due to paparazzi photography in saloons.

Question 2

Why is keeping logs of people’s religion a bad idea?

Answer 2

WWII example burgerregister

Question 3

Which is one of the few countries that does not have fundamental privacy laws?

Answer 3

The US (roe v. wade)

Question 4

What shift in surveillance resistance has taken place in the past few decades?

Answer 4

Shift from fear/ resistance of state surveillance to resistance against corporate surveillance through data collection

Question 5

What are some of the regulatory challenges of data privacy protection?

Answer 5

• Personal data combines the dignity of a human being with economic properties
• Companies don’t share what data they have, they only collect it
• Once data is disclosed its a public good and thus easy to move and copy
• Transnational and highly distributed data-driven economy
• Online services and platforms are built around personal data
• Individuals have little to no bargaining power vis-a-vis online service providers

Question 6

What are the effects of fundamental rights

Answer 6

• Vertical effect
• The government has the duty to protect the individuals fundamental rights
• Fundamental rights protect citizens against government
• No direct horizontal effect
• But courts interpret the law in light of fundamental rights

Question 7

What is the GDPR?

Answer 7

The General Data Protection Regulation: the EU’s data protection law.

Question 8

What are the 7 principles of personal data processing?

Answer 8

1. Lawfulness, fairness, transparency
2. Purpose limitation
3. Data minimisation
4. Accuracy
5. Storage limitation
6. Integrity and confidentiality
7. Accountability

Question 9

What are five controller obligations?

Answer 9

1. Data breach notifications
2. Data protection by design and by default
3. Data protection impact assessments
4. Data protection officer
5. Documentation duties (consent, access etc.)

Question 10

According to the GDPR data should not be processed unless..? (6)

Answer 10

1. Consent
2. Performance of a contract
3. Compliance with a legal obligation by law
4. Protection of vital interests
5. Public interest/ official authority by law
6. Legitimate interest

Question 11

What are the (8) data subject rights?

Answer 11

1. Right to be informed
2. Right of access
3. Right to rectification
4. Right to erasure
5. Right to restrict processing
6. Right to data portability
7. Right to object
8. Right in relation to automated decision making and profiling

Question 12

What are the dual objectives of the GDPR?

Answer 12

Fundamental rights protection and free movement in the internal digital market