CIPP/US Exam UPDATED Study Guide
QUESTIONS AND CORRECT ANSWERS
EU versus the Council of Europe - CORRECT ANSWERS All of the
EU belongs to the Council of Europe, but NOT vice versa
European Union (EU) - CORRECT ANSWERS An economic and
political union of 27 member states.
Privacy and Data Protection Laws in the EU - CORRECT ANSWERS
Charter of Fundamental Rights of the EU (CFREU)
Treaty of the Functioning of the EU (TFEU)
Lisbon Treaty
GDPR
ePrivacy
National Data Protection Laws across Europe
Council of Europe - CORRECT ANSWERS 46 member states, an
international organisation- not just the EU
Council of Europe Privacy and Data Protection laws - CORRECT ANSWERS
European Convention on Human Rights (ECHR)- a treaty designed to
protect human rights, democracy and the rule of law
CoE Convention (also called Convention 108)
EU member states - CORRECT ANSWERS Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czechia, Denmark, Estonia, Finland, France, Germany,
Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta,
Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden
,The European Economic Area (EEA) - CORRECT ANSWERS EU plus
Norway, Liechtenstein, and Iceland- which are not in EU but are linked closely
in an Economic Relationship. Non-EU conuntires in the EEA are required to
adopt EU legislation regarding the single market. Based on the agreement of the
EEA (1994), Allows members of the European Free Trad Association to
participate fully in the internal market:
Switzerland is not part of the EEA agreement but it does have a bilateral
agreement with the EU
European Free Trade Association (EFTA) - CORRECT ANSWERS A
free trade association including Norway, Iceland, Liechtenstein, and
Switzerland.
UK-EU relationship - CORRECT ANSWERS The Trade and
Cooperation Agreement singed between the EU and the UK in 2020 allowed
transfer of data for up to 6 months. The European Commission has now
declared the UK adequate under the GDPR and Law Enforcement Directive
(LED)
Charter of Fundamental Rights of the European Union (CFEUR)- 2000 -
CORRECT ANSWERS Comprehensive Collection of Individual Rights,
these rights became binding via the treaty of Lisbon (2007). Limitations
provided for by law.
Respect the essence of the right.
Genuinely meet the objectives of general interest reconginsed by the EU or the
need to protect the rights and freedoms of others
Neccessary and proportionate
Interpretation of the CFREU may not contravene the ECHR, but may provide
higher level of protection.
,European Convention on Human Rights (ECHR) 1950-53 - CORRECT
ANSWERS Member state ratiriciation, based on universal declaration of
human rights, key document for fundamental rights in Europe, not just EU
In accordance with the law
Neccessary in a democratic society for Public safety, economic well being,
prevention of disorder or crime, protecting health, morals and the rights and
freedoms of others
-Article 8-- open ended provisions (Right to privacy/family life)
The Court of Justice of the EU - CORRECT ANSWERS The judcial
body of the EU
Decides on issues of EU law and enforces those decisions
Comprises of the Court of Justice and the General Court (renamed Court of
First Instance CFI). Data protection as it related to cases brought by national
courts and by the commission against member states
The European Court of Human Rights (ECHR) - CORRECT ANSWERS
In Strasbourg upholds privacy and data protection laws through its
enforcement of the ECHR and Convention 108. It is not Part of the EU, part of
the apparatus to the Council of Europe. Judges sit in their invidiual capacity and
do not represent any state. Data protection as it relates to article 8
The privacy tug of war: right to Privacy vs freedom of speech - CORRECT
ANSWERS Contridicition between two fundamental rights- increasing
relevance in the information age, the right to withdraw consent and the right to
lodge a complaint
Google Spain v. AEPD & González (European Court of Justice, 2014) -
CORRECT ANSWERS Mr. Costeja sued Google Spain, Google Inc. and
La Vanguardia newspaper because personal data about him was
available through a Google search in the newspaper's online archives. The Court
of Justice of the EU ruled that
, Google Spain must remove the links to the article.
Data Protection Laws: OECD Guidelines - CORRECT ANSWERS
1980: Organisation for Economic Co-operation and Development Guidelines on
the Protection
of Privacy and Transborder Flows of Personal Data)
-Non-binding
-Protection of personal data in a global economy
-Principles on collection and use
-2013 revision
Convention 108/CoE Convention - CORRECT ANSWERS (The
Council of Europe Convention for the Protection of Individuals with
Regard to the Automatic Processing of Personal Data of 1981)
Legally binding treaty of member states (also open to nonmembers) of the
Council of Europe
• Protection of data subject privacy
• Automatically processed personal data
In October 2018, Convention 108+, a version of Convention 108 overhauled to
align with the GDPR, was signed by 20
states of the Council of Europe, including the UK. Since then, more states have
followed. According to the European
Commission, it serves as a means for third countries (those outside the EU) to
adopt the basic tenets of the GDPR.
The EU Data Protection Directive (95/46/EC)-1995 - CORRECT ANSWERS
Directive 95/46 EC focuses on the protection of individuals regarding
the processing of personal data and on the free movement of such data. Legally
binding transposition (give force to a directive by passing appropriate
implementation measures) of member states of the EU
QUESTIONS AND CORRECT ANSWERS
EU versus the Council of Europe - CORRECT ANSWERS All of the
EU belongs to the Council of Europe, but NOT vice versa
European Union (EU) - CORRECT ANSWERS An economic and
political union of 27 member states.
Privacy and Data Protection Laws in the EU - CORRECT ANSWERS
Charter of Fundamental Rights of the EU (CFREU)
Treaty of the Functioning of the EU (TFEU)
Lisbon Treaty
GDPR
ePrivacy
National Data Protection Laws across Europe
Council of Europe - CORRECT ANSWERS 46 member states, an
international organisation- not just the EU
Council of Europe Privacy and Data Protection laws - CORRECT ANSWERS
European Convention on Human Rights (ECHR)- a treaty designed to
protect human rights, democracy and the rule of law
CoE Convention (also called Convention 108)
EU member states - CORRECT ANSWERS Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czechia, Denmark, Estonia, Finland, France, Germany,
Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta,
Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden
,The European Economic Area (EEA) - CORRECT ANSWERS EU plus
Norway, Liechtenstein, and Iceland- which are not in EU but are linked closely
in an Economic Relationship. Non-EU conuntires in the EEA are required to
adopt EU legislation regarding the single market. Based on the agreement of the
EEA (1994), Allows members of the European Free Trad Association to
participate fully in the internal market:
Switzerland is not part of the EEA agreement but it does have a bilateral
agreement with the EU
European Free Trade Association (EFTA) - CORRECT ANSWERS A
free trade association including Norway, Iceland, Liechtenstein, and
Switzerland.
UK-EU relationship - CORRECT ANSWERS The Trade and
Cooperation Agreement singed between the EU and the UK in 2020 allowed
transfer of data for up to 6 months. The European Commission has now
declared the UK adequate under the GDPR and Law Enforcement Directive
(LED)
Charter of Fundamental Rights of the European Union (CFEUR)- 2000 -
CORRECT ANSWERS Comprehensive Collection of Individual Rights,
these rights became binding via the treaty of Lisbon (2007). Limitations
provided for by law.
Respect the essence of the right.
Genuinely meet the objectives of general interest reconginsed by the EU or the
need to protect the rights and freedoms of others
Neccessary and proportionate
Interpretation of the CFREU may not contravene the ECHR, but may provide
higher level of protection.
,European Convention on Human Rights (ECHR) 1950-53 - CORRECT
ANSWERS Member state ratiriciation, based on universal declaration of
human rights, key document for fundamental rights in Europe, not just EU
In accordance with the law
Neccessary in a democratic society for Public safety, economic well being,
prevention of disorder or crime, protecting health, morals and the rights and
freedoms of others
-Article 8-- open ended provisions (Right to privacy/family life)
The Court of Justice of the EU - CORRECT ANSWERS The judcial
body of the EU
Decides on issues of EU law and enforces those decisions
Comprises of the Court of Justice and the General Court (renamed Court of
First Instance CFI). Data protection as it related to cases brought by national
courts and by the commission against member states
The European Court of Human Rights (ECHR) - CORRECT ANSWERS
In Strasbourg upholds privacy and data protection laws through its
enforcement of the ECHR and Convention 108. It is not Part of the EU, part of
the apparatus to the Council of Europe. Judges sit in their invidiual capacity and
do not represent any state. Data protection as it relates to article 8
The privacy tug of war: right to Privacy vs freedom of speech - CORRECT
ANSWERS Contridicition between two fundamental rights- increasing
relevance in the information age, the right to withdraw consent and the right to
lodge a complaint
Google Spain v. AEPD & González (European Court of Justice, 2014) -
CORRECT ANSWERS Mr. Costeja sued Google Spain, Google Inc. and
La Vanguardia newspaper because personal data about him was
available through a Google search in the newspaper's online archives. The Court
of Justice of the EU ruled that
, Google Spain must remove the links to the article.
Data Protection Laws: OECD Guidelines - CORRECT ANSWERS
1980: Organisation for Economic Co-operation and Development Guidelines on
the Protection
of Privacy and Transborder Flows of Personal Data)
-Non-binding
-Protection of personal data in a global economy
-Principles on collection and use
-2013 revision
Convention 108/CoE Convention - CORRECT ANSWERS (The
Council of Europe Convention for the Protection of Individuals with
Regard to the Automatic Processing of Personal Data of 1981)
Legally binding treaty of member states (also open to nonmembers) of the
Council of Europe
• Protection of data subject privacy
• Automatically processed personal data
In October 2018, Convention 108+, a version of Convention 108 overhauled to
align with the GDPR, was signed by 20
states of the Council of Europe, including the UK. Since then, more states have
followed. According to the European
Commission, it serves as a means for third countries (those outside the EU) to
adopt the basic tenets of the GDPR.
The EU Data Protection Directive (95/46/EC)-1995 - CORRECT ANSWERS
Directive 95/46 EC focuses on the protection of individuals regarding
the processing of personal data and on the free movement of such data. Legally
binding transposition (give force to a directive by passing appropriate
implementation measures) of member states of the EU
