CIPP-E Test Questions and Complete Solutions Graded A+

CIPP-E Test Questions
and Complete Solutions
Graded A+
Rationales for Data Protection - Answer: 1) Increase in internet use

2) databanks more prevalent

3) Telecommunications allow internet across borders

4) Cross border sharing made sharing more prevalent which makes misuse more likely

5) Sharing data is generally a good thing for society

6) Balance free trade and personal privacy



E.U. v U.S. difference in Fundamental Right to Privacy - Answer: In E.U. it is a fundamental right. It is also
a fundamental right under the Universal Declaration of Human Rights (adopted by U.N.)



Universal Declaration of Human Rights [Generally what did it provide] - Answer: Adopted in 1948 by the
U.N. states that people have an undeniable right to privacy.

Via Article 12 - Right to Privacy and Family Life

Article 19 Freedom of Expression

Must be balanced with legitimate interests of democratic society, morality, and public order



Universal Declaration of Human Rights [Article 12 - Right to Privacy and Family Life - Answer: No person
shall have their home, family, privacy, correspondence, honor, or reputation arbitrarily interfered with



Universal Declaration of Human Rights [Article 19 - Right to Expression] - Answer: Person shall have the
right to express or impart opinion/ideas in any media without interference

,Universal Declaration of Human Rights [Article 29 - Limit on Fundamental Rights] - Answer: Rights under
12 and 19 are not obsolete and instead must be balanced with morality, democratic society, and public
order



European Declaration of Human Rights [Generally] - Answer: Adopted in 1958 by the European
Commission; applied only to European member states;

similar to Constitution of the U.S. fundamental rights + data privacy rights of the Universal Declaration of
Human Rights



European Declaration of Human Rights [Rights] - Answer: Life

liberty

opinion

no torture

no slavery

marriage

privacy in home and family (similar to article 12 of UDHR)

speech

association

religion

expression

fair trial



European Declaration of Human Rights [Enforcement] - Answer: Originally it was the European Court of
Human Rights, which was then changed to a single court dedicated to human rights that can issue
opinions on the EDHR

Court findings are binding on member states



Organization of Economic Co-operation and Development [Generally] - Answer: 1) Non-binding on the
EU states

2) intended to provide guidance in order to create a common set of principles to facilitate cross border
data exchange while protecting privacy

3) EU states are free to interpret and implement how they want

,4) Does not discriminate based on technology or sector (private or public)

5) 1980



Organization of Economic Co-operation and Development [8 Principles] - Answer: Accountability (will
take accountability for compliance with OECD)

Collection (fair and lawful and consent where necessary)

Openness (general transparency to data practices)

Individual Participation (data rights)

Purpose (limited purpose and data collection based on that purpose and use based on that purpose,
state the purpose)

Quality (relevant, accurate, up to date)

Use (use in accordance with purpose)

Security



Convention 108 [Generally] - Answer: 1) the first worldwide, binding data privacy law where any country
could participate

2) Based off of earlier Council of Europe resolutions 73, 74 and 507



Convention 108 [Chapter II Substantive Law - Principles of 108] - Answer: 1) PI is processed lawfully and
fairly

2) Limited collection to what is necessary (relevant and non-excessive)

3) Not retained longer than necessary

4) Reasonable security as to prevent unauthorized access, use, disclosure

5) Processing in line with purpose

6) Sensitive data is not automatically processed

7) Accurate and kept up to date

8) Right to communicate, rectify, and erase data (end user data right)



Convention 108 [Chapter II Substantive Law - Exceptions to Principles] - Answer: Where a measure is
necessary for state security or criminal investigation

, Convention 108 [Chapter III Trans-border Flows] - Answer: 1) If a country is part of 108, then no other
requirements can be placed on that country by another country in order to conduct a trans-border data
flow (limited exception); rationale is that they've met the requirements of 108

2) Exceptions: (i) if not a 108 entity then can place additional safeguards; (ii) can place additional
safeguards if for a particular kind of data and the other country doesn't have similar safeguards



Convention 108 [Sensitive Data] - Answer: Sexual life, religion, gender, politics, health



Convention 108 [Mutual Assistance] - Answer: Section 108 members must appoint a data supervisory
authority of which helps assist end users exercise their data rights



European Data Protection Directive [Reason for Implementation] - Answer: A replacement to 108
because 108 was too open-ended and allowed member states too much authority to interpret and
implement; made it difficult for compliance in each state.



European Data Protection Directive [Generally] - Answer: 1) Binding on all member states

2) Allowed the to adopt implementation schemes

3) Was intended to replace 108

4) Still provided too much discretion on how to implement



Charter of Fundamental Rights of the European Union [Generally] - Answer: Consolidates the
fundamental rights within the EU.

Similar to EDHR in privacy

Charter became binding after the Treaty of Lisbon made it so.



Charter of Fundamental Rights of the European Union [Article 8 - Privacy] - Answer: 1) Everyone has
right to protection of their personal information

2) Right to access

3) Right to rectify

4) Supervisory authority oversee compliance

5) Processed fairly based on consent or some other legitimate purpose