CIPP/E Exam: Introduction to European Data Protection Questions and Answers

Increase in the use of computers for communications in the 1970s, Rise in trans-border trade - Answer- The rationale for data protection Universal Declaration of Human Rights (UDHR) - Answer- - Adopted by the United Nations General Assembly in 1948, this declaration outlined "the inherent dignity and the equal and inalienable rights of all members of the human race in the foundation of freedom, justice, and peace in the world" - Contains specific provisions in connection with the right to a private and family life and to freedom of expression regardless of frontiers Universal Declaration of Human Rights Article 12 - Answer- right to privacy; right to a private life and associated freedoms Universal Declaration of Human Rights Article 19 - Answer- right to freedom of expression; right to freedom of information/transfer info Universal Declaration of Human Rights Article 29 (2) - Answer- individual rights of Articles 12 & 19 are not absolute, balance must be struck European Convention on Human Rights (ECHR) - Answer- - An international treaty, sponsored by the Council of Europe, binding member states to protect human rights and fundamental freedoms. - entered into force on 3 September 1953 European Convention on Human Rights Article 8 - Answer- right to respect for private and family life; right to privacy (1998) protects the rights of individuals for their personal information to remain private. this is not an absolute right and necessity and proportionality may justify the breaching an individual's privacy rights in the public interest. European Convention on Human Rights Article 10 - Answer- right to freedom of expression and right to share information across borders; right to freedom of expression/information (1998) European Convention on Human Rights Article 10 (2) - Answer- - promotes balance between Articles 8 and 10 of the ECHR, reasons to breach rights (1998) - recognizes a need for balance between the rights of individuals and the justifiable interference with these rights Organization for Economic Cooperation and Development - Answer- OECD; not legally binding; laid out basic rules governing trans-border data flows and the protection of personal information and privacy in order to facilitate the harmonization of data protection law between countries Collection Limitation Principle - Answer- OECD Guideline: data must be collected fairly, lawfully, and with the knowledge or consent of the individual concerned Data Quality Principle - Answer- OECD Guideline: data must be relevant, accurate and up to date Purpose Specification Principle - Answer- OECD Guideline: purpose for which the personal information is to be used must be specified at the time of collection, and any use must be compatible with that purpose. Use Limitation Principle - Answer- OECD Guideline: states that personal data should never be disclosed without either the consent of the individual or a legal requirement. Security Safeguards Principle - Answer- OECD Guideline: personal data should be reasonably protected against unauthorized use, disclosure, or alteration. Openness Principle - Answer- OECD Guideline: the collection and use of personal data should be readily available. Individual Participation Principle - Answer- OECD Guideline: individuals should have control over their data; sets out what an individual is entitled to receive from a data controller pursuant to a request for his or her personal information. Accountability Principle - Answer- OECD Guideline: individuals should have the right to challenge the content of any personal data being held and have a process for updating their personal data if found to be inaccurate or incomplete. Convention 108 - Answer- Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data; First binding international instrument to set standards for the protection personal data and balance with free flow of info for int'l trade; required signatories to apply the principles in their domestic legislation (28 January 1981) Convention 108 v. OECD Guidelines - Answer- Convention 108 differs from the Guidelines in that it required signatories to take the necessary steps in their domestic legislation to apply the principles it lays down. The EU Data Protection Directive (95/46/EC) - Answer- EU directive that regulates processing of personal data in EU; set out general data protection principles and obligations, requiring EU member states to transpose and implement them Charter of Fundamental Rights (2000) - Answer- collection of individuals' rights, including the fundamental right to the protection of personal data Charter of Fundamental Rights Article 7 - Answer- right to private and family life; a reflection of the provisions of the ECHR Charter of Fundamental Rights Article 8 - Answer- data protection rights; (1) everyone has the right to the protection of personal data concerning him or her, (2) specified purpose, (3) legit basis for processing, (4) individual right to access and rectify personal data, (5) supervisory authority to oversee compliance Charter of Fundamental Rights Article 10 - Answer- right to transfer of information; a reflection of the provisions of the ECHR Charter of Fundamental Rights Article 52 - Answer- necessity and proportionality (balance) Ecommerce Directive (Directive 2000/31/EC) - Answer- Issues relating to personal data are outside of its scope. Treaty of Lisbon (2007) - Answer- In force in 2009. i. Aimed to strengthen and improve the core structures of the EU to enable it to function more efficiently. ii. Amended the two core EU treaties: a) Treaty on European Union (TEU) b) Treaty Establishing the European Community (renamed Treaty on the Functioning of the European union, or TFEU iii. Promoted Charter of Fundamental Rights and requires countries wishing to join the EU to respect its core values—this was not previously required. (gave the Charter of Fundamental Rights of the EU full legal effect in the EU) General Data Protection Regulation (GDPR) - Answer- Replaced the data Protection directive and became law in 2016 and enforceable 25th of May 2018. European Parliament European Council Council of the EU European Commission The Court of Justice of the EU (CJEU) European Central Bank Court of Auditors - Answer- 7 EU Institutions Established by the Treaty of Lisbon European Parliament - Answer- The only European institution