Week 6

Question 1

What is ‘Dataveillance’?

Answer 1

Surveillance using personal data instead of physical observation; includes mass and personal surveillance.

Question 2

Three Aspects of Privacy

Answer 2

1) Information in one’s own possession
2) Information in the possession of others
3) Transborder data flows.

Question 3

Why is transborder data flow problematic?

Answer 3

Can bypass local laws, e.g., data accessible in one country may be illegal in another.

Question 4

Purpose of Data Protection Act 1998

Answer 4

Protect individual rights to privacy and regulate personal data processing; now replaced by GDPR.

Question 5

Key Objectives of GDPR

Answer 5

Protect fundamental rights to privacy; give individuals control over their personal data.

Question 6

Who is the Data Controller?

Answer 6

Person/entity determining the purpose and means of processing personal data.

Question 7

Who is a Data Processor?

Answer 7

Processes data on behalf of the controller (e.g., ISP, freelance analyst).

Question 8

Who is a Data Subject?

Answer 8

An individual whose personal data is being processed.

Question 9

What is Personal Data?

Answer 9

Data identifying a living individual directly or indirectly, including opinions or intentions.

Question 10

What is Processing?

Answer 10

Obtaining, recording, storing, altering, retrieving, using, disclosing, erasing data, etc.

Question 11

What is required for DPA registration?

Answer 11

Data types, purposes, recipients, and non-EU transfers must be declared.

Question 12

Offence for Failing to Register

Answer 12

Strict liability; fines up to £5,000 (Magistrates) or unlimited (Crown Court).

Question 13

First Data Protection Principle

Answer 13

Fair and lawful processing; consent or legal basis required; sensitive data needs explicit consent.

Question 14

Second Principle & Case Example

Answer 14

Use data only for specified purposes. Case: British Gas Trading v. DP Registrar (1998).

Question 15

Third Principle & Case Examples

Answer 15

Data must be adequate, relevant, not excessive. Case: Runneymede Council & Alitalia Airport.

Question 16

Fourth Principle & Case Example

Answer 16

Data must be accurate and current. Case: Credit card refusal due to outdated debt record (Greece, 2004).

Question 17

Fifth Principle

Answer 17

Do not retain data longer than necessary.

Question 18

Sixth Principle

Answer 18

Respect data subject rights; must provide access on request.

Question 19

Seventh Principle

Answer 19

Ensure security against unauthorized access or accidental loss; written contract with processors required.

Question 20

Eighth Principle

Answer 20

Transfers outside EU require adequate protection or consent from data subject.

Question 21

Right of Subject Access

Answer 21

Request info about held data, processing purposes, and automated decisions (may include a fee).

Question 22

Rights to Prevent Processing

Answer 22

Prevent processing causing distress or for direct marketing or automated decisions.

Question 23

Right to Rectification/Erasure

Answer 23

Apply for inaccurate data to be corrected/erased; third parties should be informed too.

Question 24

Right to Compensation

Answer 24

Available if harm is caused and controller failed to take reasonable care.

Question 25

Full Exemptions from GDPR

Answer 25

National security, personal/family use, journalism (public interest).

Question 26

Partial Exemptions (1st Principle)

Answer 26

Crime detection, tax collection - no need for consent or access rights.

Question 27

Health & Education Exemptions

Answer 27

Health or school records may be exempt by Secretary of State order; anonymised research data exempt.

Question 28

Examination Exemptions

Answer 28

Exam scripts exempt; marks can be delayed for up to 5 months or 40 days post-results.

Question 29

Main GDPR Takeaways

Answer 29

Protects personal data with 8 principles; enforces individual rights and data controller duties.