CIPP/E PRACTICE QUESTION PERFECTLY PERFORMED 2024/2025.

Universal Declaration of Human Rights - Passage - Answers1948 Universal Declaration of Human Rights - Article 12 - AnswersThe right to a private life and associated freedoms. Universal Declaration of Human Rights - Article 19 - AnswersFreedom of expression. Universal Declaration of Human Rights - Article 29(2) - AnswersRights are not absolute and there are instances where a balance must be struck. European Convention on Human Rights - AnswersTreaty drawn up by the Council of Europe that protects fundamental rights. Adopted in 1953 and based on the Universal Declaration of Human Rights. European Convention on Human Rights - Enforcement - AnswersEnforced by the European Court of Human Rights European Convention on Human Rights - Article 8 - AnswersProtects rights of individuals European Convention on Human Rights - Article 10 - AnswersProtects the right of freedom of expression and the right to share information and ideas across national boundaries. OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (1980) - AnswersGuidelines comprised basic non-legally binding rules governing transferred flows and the protection of personal information and privacy in order to facilitate the harmonization of data protection law between countries. Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data - AnswersAlso known as Convention 108. Was the first legally binding international instrument in the area of data protection. Convention 108 sets the standard for the protection of the personal data of individuals while also seeking to find a balance for the need to maintain the free flow of personal data for the purposes of international trade. Convention 108 v. OECD Guidelines - AnswersConvention 108 differs from the Guidelines in that it required signatories to take the necessary steps in their domestic legislation to apply the principles it lays down. Treaty of Lisbon - AnswersIn force in 2009. Aims to strengthen and improve the core structures of the EU to enable it to function more efficiently and ensures that all institutions of the EU must have regard to the protection of individuals when processing personal data. European Parliament - AnswersThe only European institution whose members are directly elected. It has four responsibilities: 1. Legislative development; 2. Supervisory oversight of the other institutions; 3. democratic representation; and 4. Development of the budget. European Council - AnswersThe heads of the Member States, together with the president of the European Commission, meet four times a year to define EU's priorities and set political direction for the EU. Council of the EU - AnswersThe main decision-making body of the EU, having a central role in both political and legislative decisions. The Council's meetings are attend by one minister from each member state, where ministers have the power to commit their government. European Commission - AnswersDescribed as the executive body of the EU. It implements the EU's decisions and politics, but it also has other broad functions, including the power to initiate legislation. European Court of Human Rights - AnswersNot an institution of the EU and it has no powers of enforcement. But, as the case law of the ECHR shows, it has been active in data protection. The ECHR has also considered the question of the protection of personal data form the viewpoint of the right of access to such data. Court of Justice of the European Union - AnswersThe judicial body of the EU that makes decisions on issues of EU law and enforces European decisions either in respect of actions taken by the European Commission against a member state or action taken by an individual to enforce his rights under EU law. Data Protection Directive (95/46/EC) - AnswersSets out general principles and leaves member states to implement these as they see fit. E-Privacy Directive - AnswersConcerns the processing of personal data and the protection of privacy in the electronic communications sector and covers all forms of electronic communications. E-Privacy Directive Amendment - AnswersThe changes generally relate to the introduction of mandatory notification of personal data breaches by electronic communications services provider. Perhaps the most pertinent and controversial amendment concerns the new provision affecting cookies: the storing of information (or the gaining of access to information already stored) in the terminal equipment of a subscriber or user is allowed only on the condition that the user concerned has given consent, having been provided with clear and comprehensive information. Data Retention Directive (2006/24/EC) - AnswersRetention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communication networks amends the relevant data retention provisions of the e-Privacy Directive. The Directive does not cover retention of the actual content of communications--rather it applies to traffic and location data of both individuals and organizations, as well as to the relevant data necessary to identify the subscriber or registered user. Personal Data - AnswersAny information relating to an identified or identifiable natural person. Sensitive Personal Data - AnswersPersonal data revealing: 1. Racial or ethnic origin; 2. Political opinions; 3. Religious beliefs; 4. Philosophical beliefs; 5. Trade union membership; 6. Health; or 7. Sex life. Controller - AnswersNatural or legal person, public authority, agency, or any other body that alone or jointly with others determines the purposes and means of the processing of personal data. Processor - AnswersA person (other than an employee of the controller) who processes personal data on behalf of a controller. A processor may be more closely involved in the processing of personal data but does not have the authority to allocate responsibility that a controller has. The processor is only acting on behalf of the controller, although the processor's status can have a direct legal effect. Data Protection Directive - Article 4(1)(a) - AnswersThe law of a member state applies when the data processing is carried out in the context of the activities of an establishment of the controller on the territory of the member state. Where the controller has establishments in more than one member state, it must follow each national law attributable to its data processing operations. Data Protection Directive - Article 4(1)(c) - AnswersThe provision is intended to allow a member state to apply its national data protection law to a controller who, although not established in the EU, makes use of equipment situated in that member state unless that equipment is used only for the purposes of transit though EU. Data Protection Principles - Answers1. Fairness and lawfulness 2. Purpose limitation (AKA principle of finality) 3. Proportionality 4. Data quality Fairness - AnswersFor data processing to be fair, the controller must provide data subjects with: