CIPP/E Privacy Book Chapter 3+4+5 question n answers graded A+ 2023/2024

CIPP/E Privacy Book Chapter 3+4+5The Council of Europe Convention (1981) - correct answers It was the first legally binding international instrument with a worldwide scope. The Convention ensures appropriate protection for individual privacy but also recognizes the importance of the free flow of personal data for commerce and the exercise of public functions. It requires signatory states to implement its principles by enacting national legislation. Data Protection Directive (1995) - correct answers The Directive sets out general principles and leaves the member states to implement these principles as they see fit, resulting in differing interpretations and requirements under data protection laws across Europe. A major advance of the Directive over the Convention is its applicability to manual data. Data Protection Directive (1995) - correct answers (1) fairly and lawfully, (2) specified and legitimate purposes and not processed in a manner incompatible with those purposes, (3) Adequate, relevant and not excessive (4) Accurate and where necessary, kept up to date, (5) Kept for no longer than is necessary, (6) Processed in accordance with the rights of the individual. (7) Protected against accidental, unlawful or unauthorized processing by the use of appropriate technical and organizational measures. (8) Transferred to countries outside the European Economic Area only of those countries ensure adequate levels of data protection. Data Protection Directive (1995) - correct answers identifies 'special categories of data' as well as additional requirements for the processing of such data. Mandates the establishment of a national data protection authority (DPA) in each member state. The Privacy and Electronic Communications Directive (2002/58/EC) - correct answers It covers all electronic communications, including telecommunications, faxes, the Internet, e-mail and similar methods of communications. The e-Privacy Directive was amended again in 2009. The reforms was designed to encourage greater industry competition, consumer choice and protections - including a stronger entrenchment of the consumer's right to privacy. The Privacy and Electronic Communications Directive - correct answers Directive applies to the processing of personal data in connection with the provision of publicly available electronic communications services in public communications networks in the EU. Amendment of the E-privacy directive contains - correct answers The introductions of mandatory notification for personal data breaches. The new provisions affecting cookies. Cookie amendment - correct answers Cookies are allowed only on the condition that the user concerned has given his or her consent, having been provided with clear and comprehensive information, in accordance with the Data Protection Directive. Exceptions: Sole purpose of carrying out he transmission of a communication + Strictly necessary for the provision of an information society service explicitly requested by the subscriber of user. Data Retention Directive (2006/24/EC) - correct answers amends the relevant data retention provisions of the e-Privacy Directive. It ensures the availability of traffic and location data for serious crime and antiterrorism purposes. Does not cover retention of the actual content of communications. It applies to traffic and location data of both individuals and organization, as well as to the relevant data necessary to identify the subscriber of registered user. Data Retention Directive (2006/24/EC) - correct answers The Directive is generally applicable to communications service providers and similar entities providing such services. The data must be retained in such a way that it and any other relevant information may be transmitted to the competent national authorities of the relevant member states without 'undue delay'. The Directive permits member states to determine the retention periods to be adopted - as long as this period is between 6 months and 2 years. The data must be erased after this period expires. Personal data - correct answers (1) any information (2) relating to (3) an identified or identifiable (4) natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. Personal data - 'Any information' - correct answers (1) Nature - any type of statements about a person, both objective and subjective. Information does not need to be true. (2) Content - any sort of information. Includes information about an individual's private life and information regarding any activity undertaken by the individual. (3) Format - in any form (on paper, computer etc.) Personal data - 'Relating to' - correct answers Opinion 4/2007 of the 29 working party states that Information must be about an individual. One of the below elements must apply. (1) Content element - the information is about an individual in the most common sense of the word. (2) Purpose element - The information is processed to evaluate, consider or analyze the individual in a certain way. (3) Result element - the processing of certain information has an impact on the individual's rights and interests.