Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Revision > Module 1: Data Protection Laws > Flashcards

Module 1: Data Protection Laws Flashcards

1
Q

Define Privacy (Charter of Fundamental Rights definition). It’s a respect for… (4 points)

A

A respect for an individual’s private life, family life, home and communications
Broad definition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Define Data Protection (Charter of Fundamental Rights definition) (5 points) (Think elements of entitlement)

A

Protection of personal data, fair processing, specified purposes, consent or lawful grounds, right of access and rectification
Narrow definition - laws and policies governing the collection and use of personal data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Name 4 types of Privacy

A

Bodily Privacy
Information Privacy
Territorial Privacy
Communications Privacy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

European Institutions: European Union
What’s it made up of?
What is it?
What are its data protection laws (5)

A

Made up of 27 member states (28 pre-Brexit)
Economic and political union
Data protection laws: Charter of Fundamental Rights of the EU (CFREU), Treaty on the Functioning of the EU (TFEU), GDPR (General Data Protection Regulation), ePrivacy Directive, National data protection laws across Europe

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Council of Europe
What’s it made up of?
What is it?
What are its data protection laws (2)

A

Made up of 47 member states
International organisation
Data protection laws: European Convention of Human Rights (ECHR), Council of Europe Convention (aka Convention 108)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Extended definition of data protection… what should be covered? TLPARSE (7 points)

A 
Transparency
Legal basis
Proportionality
Accurate/current data
Right to rectification and objection
Security
Export restrictions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is information privacy concerned with? Give an example

A

Concerned with establishing rules that govern the collection and handling of personal data
E.g. financial data, medical data, government records, recording of activity on the internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is territorial privacy concerned with? Give an example

A

Concerned with placing limits on the ability to intrude into another person’s physical environment e.g. home, workplace, public space - invasion may take form in the form of video surveillance, ID checks, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is bodily privacy concerned with? Give an example

A

Focused on person’s physical being and invasion of the body - e.g. genetic testing, drug testing, body cavity searches, birth control, abortion, adoption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is communications privacy concerned with? Give an example

A

Protection of means of correspondence (e.g. postal mail, telephone conversations, email and other forms of communicative behaviour)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the European Economic Area (EEA)?

It has an internal market and - what four freedoms?

A

An economic region including the EU and Iceland, Norway and Lietchenstein - which are not official members of the EU but closely linked by an economic relationship. Non-EU countries in the EEA are required to adopt EU legislation regarding the single market.
The EEA has an internal market and four freedoms - (goods, services, persons and capital)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which institution does the Charter of Fundamental Rights of the EU (CFREU) sit within?

A

European Union

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

When was the Charter of Fundamental Rights of the EU (CFREU) ratified?

A

2000

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the Charter of Fundamental Rights of the EU (CFREU)? What did it become binding through?

A

A comprehensive collection of individual fundamental rights which became binding through the Treaty of Lisbon (2007)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which institution does the European Convention on Human Rights (ECHR) sit within?

A

Council of Europe

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The European Convention on Human Rights (ECHR) was opened for signing in…

A

1950

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

The European Convention on Human Rights (ECHR) came into force in…

A

1953.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is CFREU?

A

Charter of Fundamental Rights of the EU (2000)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is the European Convention on Human Rights (ECHR)? What’s it based on? Who’s it ratified by?

A

The ECHR is based on the Universal Declaration of Human Rights - it’s a key document for fundamental rights in Europe (not just the EU). It’s ratified by member states.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is ECHR?

A

European Convention for Human Rights.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What does Article 7 of the Charter of Fundamental Rights EU cover? (Protection of privacy relating to…)

A

Article 7 addresses protection of privacy relating to private life, family life, home and communications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What does Article 8 of Charter of Fundamental Rights EU cover?

A

Article 8 establishes a separate right to data protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What does Article 7 of European Charter of Human Rights cover? Protection of privacy relating to…

A

Article 7 addresses protection of privacy relating to private life, family life, home and communications including the right to data protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

How can Charter of Fundamental Rights EU and European Charter of Human Rights interact?

A

Interpretation of the CFREU may not oppose the ECHR but may provide for a higher level of protection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
``` Considerations of CFREU... N&P R L G ```
Necessary and proportionate Respect the essence of the right Limitations provided for by law Genuinely meet the objectives of general interest recognised by the EU or the need to protect the rights and freedom of others
26
Considerations for ECHR... In accordance with ___ Necessary in ____ society (e.g. for...)
In accordance with the law Necessary in democratic society (e.g. public security and safety, economic well being of the country, prevention of disorder/crime, protection of health/morals, protection of rights/freedom of others)
27
Where is the Court of Justice of the EU based?
Luxembourg.
28
What is the Court of Justice of the EU?
The judicial body of the EU.
29
The judicial body of the EU is...
The Court of Justice of the EU.
30
What does the Court of Justice of the EU do? Makes decisions on... Provides clarification of...
The Court of Justice of the EU makes decisions on issues of EU law and enforces decisions either in respect of actions taken by the European Commission against a member state or by an individual or organisation to enforce his or her rights under EU law. It provides clarification of EU law to national courts to assist national courts in upholding EU law.
31
What is the Court of Justice of the EU comprised of?
The European Court of Justice (ECJ) and the General Court.
32
Name a landmark case of the Court of Justice of the EU
Lindqvist, Nowak Costeja, Schrems Weltimmo
33
Lindqvist/Nowak was a landmark case of...
The Court of Justice of the EU
34
Costeja, Schrems was a landmark case of...
The Court of Justice of the EU
35
Weltimmo was a landmark case of...
The Court of Justice of the EU
36
What is the ECHR (Court)?
The European Court of Human Rights.
37
Where is the European Court of Human Rights based?
Strasbourg, France - it's aka the Stasbourg Court
38
What does the European Court of Human Rights do?
Upholds privacy and data protection laws through its enforcement of the European Convention of Human Rights and Convention 108. The ECHR has also considered the question of the protection of personal data from the viewpoint of the right of access to such data.
39
Is the European Court of Human Rights part of the European Union?
No.
40
Name a landmark case of the European Court of Human Rights?
Niemietz, Halford, Copland Barbulescu I v Finland
41
Niemietz, Halford, Copland was a landmark case of...
The European Court of Human Rights.
42
Barbulescu was a landmark case of...
The European Court of Human Rights.
43
I v Finland was a landmark case of...
The European Court of Human Rights.
44
The Council of Europe was established in...
1949.
45
What was established in 1949?
The Council of Europe.
46
What was established in 1951?
The European Coal and Steel Community (ECSC) which over time would develop into the European Union (EU).
47
The European Coal and Steel Community (ECSC) which over time would develop into the European Union (EU), was established in...
1951.
48
What influenced data protection laws in the 1960s?
Rapid growth of international trade and increasing use of computers and telecommunications.
49
What influenced data protection laws in the 1970s - 1980s?
Greater conflict between national privacy rights and international free trade.
50
What influenced data protection laws in the 1980s - 1990s?
Rise of data management issues (direct marketing, telemarketing)
51
When was the EU established?
1993
52
The EU was established in...
1993
53
What influenced data protection laws in the 2000s?
Identity thefts
54
What influenced data protection laws in the 2010s?
Social media, cloud computing, online ads and location-based services.
55
What is the Privacy conflict?
Right to privacy vs. Freedom of speech: this is a contradiction between 2 fundamental human rights, with increasing relevance in the information age.
56
What was the Google Spain v. AEPD and Mario Costeja Gonzalez case?
Mr. Costeja sued Google Spain, Google Inc and La Vanguardia newspaper because personal data about him was available through a Google search in the newspaper's online archives. The Court of Justice of the EU ruled that Google Spain must remove the links to the article.
57
What formal set of 'guidelines' were brought forward in 1980?
Organisation for Economic Cooperation and Development Guidelines on the Protection of Privacy and Transborder flows of Personal Data.
58
What does "OECD" stand for?
Organisation for Economic Cooperation and Development
59
What guidelines did the OECD bring forward in 1980?
Guidelines on the Protection of Privacy and Transborder flows of Personal Data.
60
The OECD's Guidelines on the Protection of Privacy and Transborder flows of Personal Data...
- are non-binding - protect personal data in a global economy - provide principles on collection and use
61
The OECD's Guidelines on the Protection of Privacy and Transborder flows of Personal Data were revised in...
2013.
62
In 1981, the Council Of Europe established...
Convention 108 / the CoE convention (the Council of Europe Convention for the Protection of Individuals with Regard to the Automatic Processing of Personal Data)
63
What is the title of Convention 108?
The Council of Europe Convention for the Protection of Individuals with Regard to the Automatic Processing of Personal Data
64
Convention 108 belongs to: the EU or Council of Europe?
Council of Europe.
65
What is Convention 108?
A legally binding treaty of member states of the Council of Europe that is also open to non members. It relates to the protection of data subject privacy and automatically processed personal data.
66
When was the EU Data Protection Directive (95/46/EC) brought into force?
1995.
67
What was brought into force in 1995?
The EU Data Protection Directive (95/46/EC).
68
What is the EU Data Protection Directive (95/46/EC)?
A legally binding transposition of member states of the EU.
69
When was the Charter of Fundamental Rights of the EU (CFREU) brought into force?
2000.
70
What was brought into force in 2000?
The Charter of Fundamental Rights of the EU (CFREU) & The E-Commerce Directive of 2000 (Directive 2000/31/EC).
71
What is excluded from the scope of the The E-Commerce Directive of 2000 (Directive 2000/31/EC) ?
Issues relating to processing personal data.
72
When was the The E-Commerce Directive of 2000 (Directive 2000/31/EC) brought into force?
2000.
73
What is Convention 108+?
A version of Convention 108 that was overhauled in October 2018 to align with GDPR. It serves as a means for third countries (those outside the EU) to adopt the basic tenets of the GDPR.
74
Who signed Convention 108+ in 2018?
20 member states of the Council of Europe, including the UK, signed in 2018. Since there more states have followed.
75
What was brought into force in 2002?
The EU Directive on Privacy and Electronic Communications.
76
What does the EU Directive on Privacy and Electronic Communications address?
Communications passed over electronic channels, with particular rules around marketing, cookies and security breach notifications for internet service providers (ISP) and telecommunications companies.
77
The EU Directive on Privacy and Electronic Communications was brought into force in...
2002.
78
An amendment to the EU Directive on Privacy and Electronic Communications was made in what year? Why?
2009 in order to align with the GDPR.
79
What was brought into force in 2006?
The EU Data Retention Directive (2006/24/EC).
80
The EU Data Retention Directive (2006/24/EC) was brought into force in...
2006.
81
The EU Data Retention Directive (2006/24/EC) set out ...
Requirements of Internet Service Providers and telecommunication companies to keep metadata about communications they carried in case it needs to be accessed for law enforcement purposes. National data retention laws across the EU.
82
The validity of the EU Data Retention Directive (2006/24/EC) was challenged when/by who?
2014 Digital Rights Ireland case - was challenged and struck down by the Court of Justice for the EU.
83
What was signed by EU member states in 2007?
The Treaty of Lisbon.
84
What was enforced in 2009?
The Treaty of Lisbon.
85
What did the Treaty of Lisbon bring into affect in 2009?
The Charter of Fundamental Rights was made binding law. EU data protection law was developed.
86
The Treaty of Lisbon was signed by member states of the EU in...
2007.
87
The Treaty of Lisbon was enforced in...
2009.
88
What is the Treaty of Lisbon?
The Treaty of Lisbon is an international agreement that amends the two treaties which form the constitutional basis of the European Union. It gave the EU full legal personality.
89
When was the General Data Protection Regulation made?
2016.
90
When did the General Data Protection Regulation become enforceable?
2018.
91
What did the GDPR replace?
The Data Protection Directive (1995) (Recital 171; Articles 94, 99).
92
What was made in 2016?
General Data Protection Regulation.
93
What was enforced in 2018?
General Data Protection Regulation.
94
What replaced the Data Protection Directive (1995) in 2018?
General Data Protection Regulation.
95
Does GDPR belong to Council of Europe or the EU?
EU.
96
As an EU institution, what does the European Council do?
Defines EU priorities and sets political direction.
97
As an EU institution, what does the European Commission do?
Implements EU decisions and policies. Other broad functions including executive competence to propose legislation.
98
What (who) is the European Council made up of?
Heads of state or government of all EU countries, European Council president, European Commission president, and High Representative for Foreign Affairs and Security Policy.
99
What (who) is the European Commission made up of?
One commissioner per member state who pledges to respect the EU treaties.
100
Which EU institution is historically the most active in relation to data protection?
The European Commission.
101
What (who) is the Council of the EU made up of?
One minister from each member state, changing depending on the policy issue being discussed.
102
As an EU institution, what is the Council of the EU responsible for?
Legislative decision making (along with the parliament) - the legislation is generally proposed by the commission before being examined by the Council of the EU and parliament.
103
What (who) is the European Parliament made up of?
Elected members (only institution where members are directly elected).
104
As an EU institution, what is the European Parliament responsible for?
Legislative development and supervisory oversight of the other institutions and budget development. Its greatest impact on data protection and privacy issues is through its legislative process, and it's a frequent advocate for the right to data protection.
105
What is the co-decision procedure and who does it involve?
The co-decision procedure is the process by which the Council of the EU and the European Parliament agree on legislation.
106
The process by which the Council of the EU and the European Parliament agree on legislation is...
The co-decision procedure.
107
Who proposed legislation and to who?
The European Commission proposes legislation to the Council of the EU and European Parliament.
108
Proposed legislation submitted by the European Commission is reviewed and decided on by...
The European Parliament and the Council of the EU.
109
EU law is made by the codecision procedure made by...
European Parliament and the Council of the EU.
110
The European Parliament ____s the European Commission.
Supervises.
111
The Council of the EU ____s to the European Commission.
Appoints.
112
The Court of Justice ____s EU law.
Arbitrates.
113
EU law is arbitrated by ...
The Court of Justice.
114
How was the GDPR passed across institutions? (European Commission, European Parliament, Council of EU, ECJ)
- European Commission proposed draft legislation in 2012 and sent to European Parliament and Council of the EU - European Parliament reviews the draft and collected thousands of comments/amendments. - Council of EU also reviewed it. - Parliament/Council then tried to jointly agree on the legislation. The Commision adjudicated the proceedings (the trialogue procedure) - Other groups (e.g. national parliaments, industry advocated, consumer advocates) expressed views - In Dec 2016, Parliament and Council agreed upon the EU GDPR first proposed in 2012 - it went into affect on 25 May 2018 - The European Court of Justice (EJC) is the judicial body of the EU, involved in cases related to data protection that begin in national courts and are referred to the ECJ for ruling on interpretations of EU law.
115
What is the Data Protection Directive similar to?
Cloning - yet with variances.
116
The obligations of the Data Protection Directive were placed on...
Member states.
117
Who implemented the Data Protection Directive into local law?
Member states' governments.
118
The Data Protection Directive was transposed into...
National laws in EU.
119
What is an issue with the Data Protection Directive and the way it was rolled out?
Inconsistent - local laws and implementation differed across member states.
120
What article issued opinions/interpretation on the Data Protection Directive?
Article 29 Working Party (WP29)
121
What problem does the GDPR solve?
It's directly applicable and enforceable as law in every EU member state and provides just one set of data protection rules for all.
122
How is local law affected by GDPR?
One consistent set of data rules however 50 provisions allow for local law clarification or exception.
123
How are national laws affected by GDPR?
They have been either repealed or amended to align with the GDPR.
124
Who replaced WP29 (Article 29 Working Party) in 2018 with the introduction of GDPR?
European Data Protection Board replaced the WP29 in 2018 - WP29 GDPR guidelines were endorsed by the EDPB.
125
The European Data Protection Board gave opinion 5/2019 on...
the interplay between the ePrivacy Directive and the GDPR, the competence, tasks and powers of the data protection authorities, and the processing that triggers the material scope of both.
126
Under EDPB opinion 5/2019, ePrivacy Directive covers the scope of...
Electronic communications service and network, and service and network publicly available and offered in the EU, plus website operators (e.g. for cookies) or other businesses (e.g. for direct marketing)
127
Under EDPB opinion 5/2019, GDPR covers the scope of...
Any form of processing of personal data, regardless of the technology used.
128
Under EDPB, the concept of interplay "to particularise" relates to the fact that...
Special provisions prevail over general rules (lex specialis princple)
129
Under EDPB, the concept of interplay "to complement" relates to the fact that...
Several ePrivacy Directive provisions complement GDPR provisions
130
Under EDPB, and the concept of interplay: Article 95 of the GDPR states that the aim is to...
avoid the imposition of unnecessary administrative burdens upon controllers who would otherwise be subject to similar but to quite identical administrative burdens
131
Under EDPB, the concept of interplay "coexistence" relates to the fact that...
in cases where lex specialis does not apply, the general rule will apply
132
Define competence, tasks and powers of data protection authorities under EDPB
When processing of personal data triggers the material scope of both GDPR and the ePrivacy Directive, data protection authorities are competent to scrutinise the data processing operations which are governed by national ePrivacy rules only of national law confers with this competence on them, and such scrutiny must happen within the supervisory powers assigned to the authority by the national law transposing the ePrivacy Directive.

Revision (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions