Cipp/e privacy book chapter 14+15 correctly answered rated A+ 2023/2024

Cipp/e privacy book chapter 14+15 Legal basis for processing employee personal data - correct answers (1) consent, (2) Processing is necessary to fulfil an employment contract, (3) Processing is necessary for a legal obligation, (4) Legitimate interests. Workplace monitoring - correct answers EU law recognizes that an employee's privacy sphere in the workplace is protected. The right to privacy should be balanced again the legitimate rights of an employer to operate its business and protect the company. Employee monitoring - correct answers The employer should ensure compliance with data protection principles (1) Necessity, (2) Legitimacy, (3) Proportionality, (4) Transparency. Employee monitoring - correct answers employees must be informed of the monitoring. The employee's expectations about how their time at work will be monitored must be set. Employers should introduce an 'acceptable use policy' (AUP). 29 WP: no covert e-mail monitoring is allowed by employers except in cases permitted by local law. The employee should be notified immediately of the detection of misuse unless there is an important reason to justify the surveillance without notifying the individual. Rights of the accuses employee - correct answers present the facts and provide an opportunity to explain his or her behavior. Sarbanes-Oxley act of 2002 (SOX) - correct answers aim is to ensure that company and accounting decision making is more responsible and accountable. Companies must establish a way to confidentially receive and deal with complaints about actual or potential fraud. EU limits the use of personal data in these circumstances due to the potential prejudice to individuals. The concern is that the subject has no right of reply to the person making the allegation. Surveillance activities - correct answers Two broad categories: (1) surveillance carried out by public law enforcement authorities (LEAs) in the course of investigations and (2) surveillance carried out by private entities for legitimate purposes. Main types of electronic communications data - correct answers (1). Content of a communication. (2) Traffic data and (3) Location data. The surveillance provisions of e-Privacy Directive - correct answers Heavily restricts any form of interception or surveillance of content and the related traffic data conveyed by means of a public ECN and publicly available ECS. Art 5(1) prohibits listening, tapping, storage or other kinds of interception, except when legally authorized. Exception when prevent technical storage that is necessary for the conveyance of a communicating or a lawful business practice (higher interests such as national security). Lawful surveillance of content and traffic data - correct answers The content of communications and/or the related traffic data conveyed by means of a public ECN and publicly available ECS can only be accessed by third parties whe (1) The consent of all users concerned is obtained, (2) When their storage of the data is necessary for the conveyance of a communication (3) If the applicable member state law permits this. Surveillance may be lawful when it is carried out by a provider of a publicly available ECS as a technical and organizational measure necessary to safeguard the security of the service. Lawful processing of traffic data - correct answers Once the data is no longer needed for the transmission of the communication, they must be erased or made anonymous. However traffic data may be further processed (1) for the purpose of subscriber billing and interconnection payments or (2) by the provider of a publicly available ECS for marketing or for value-added services. Only with consent, prior notice and option to withdraw. Closed-circuit television (CCTV) - correct answers video surveillance. The Directive applies to processing of sound and image relating to natural persons except (1) purposes of public security, national security etc. (2) Processing by natural person for personal or household activity. (3) member states may provide exemption for purposes of journalism or literary or artistic freedom. Biometrics - correct answers The intrinsic physical or behavioral characteristics of an individual. Main purpose is for identification and authentication/verification purposes. Generally we can assume that biometrics are personal data even where they are used for other purposes (due to state of the art in the future). When they reveal information about health, racial or ethnic origin it is sensitive personal data. Main types of location data used - correct answers Satellite network such as GSP, Cell-bases mobile networks such as Bluetooth and Wifi, Chip-card such as payment cards. Location based services (LBS) - correct answers The e-Privacy Directive applies to an LBS when either (a) the LBS itself or (b) the technology/service form the location data used for the LBS is derived, is a publicly available electronic communications service (ECS) in a public electronic communications network (ECN) in the EU. Lawful processing of location data for LBS purposes - correct answers WP 29 has stated that since location data always relate to an identified or identifiable person, their processing is always subject to the Data Protection Directive. This is sweeping, because the location data relates to the equipment, as opposed to the user. It may only be processed when it is anonymous or with the consent of the users and subscribers.