Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
30 Cards in this Set
- Front
- Back
|
What is horizontal regulation? |
It means the regulation is applicable to all sectors. Akin, in a way, to money laundering rules. |
|
|
How is data protection related to fundamental rights? |
Article 8 of the European Charter of Fundamental Rights |
|
|
What are the three levels of legal foundations for data protection? |
1. European Level - requirement for properly functioning internal market - Article 8 of the ECFR 2. State level - implementing provisions 3. International level - Safe Harbor Agreement (US-EU) <-- invalid 2015 |
|
|
What is the scope of the data protection directive? |
1. applies to the processing of personal data (auto or otherwise) 2. forms part of a filing system 3. by a natural person 4. in the course of purely personal or household activity |
|
|
What are the exceptions to the scope of the data protection directive? |
1. Public security 2. Defence 3. State security (including economic wellbeing) 4. Activities of state in the areas of criminal law |
|
|
According to the former directive, with regards to data protection Member States shall provide that personal data be... (5) |
1. Processed fairly and lawfully 2. Collected for specified, explicit, and legitimate purposes and not further processed in a way incompatible with those purposes 3. Adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed 4. Accurate (kept up to date) 5. Permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected |
|
|
Member States shall provide that personal data may be processed only if... (5) |
1. subject has unambiguously given their consent 2. it is necessary for the performance of a contract 3. it is necessary for compliance with a legal obligation to which the controller is subject 4. it is necessary in order to protect the vital interests of the data subject 5. it is necessary for the performance for the performance of a task carried out in the public interest or in the exercise of official authority 6. it is necessary for legitimate interests pursued by the controller or by the third party or parties to whom the data are disclosed |
|
|
In cases of collection of data from the data subject, what must the controller disclose? (3) |
1. the identity of the controller and of his representative, if any; 2. the purposes of the processing for which the data are intended; 3. further information (see next card) |
|
|
What is included in the "further information" that a controller must give to a data subject when processing data? |
1. the recipients of the data 2. whether replies to questions are obligatory or voluntary, as well as possible consequences of failure to reply 3. existence of the right to access to and the right to rectify the data 4. having regard to the specific circumstances in which the data are collected, to guarantee fair processing |
|
|
What is the right of access? |
Every data is subject to the right to obtain from the controller: - without constraint at reasonable intervals and without excessive delay/expense - as appropriate the rectification, erasure or blockage of data which does not comply with Directive - notification to third parties to whom the data has been disclosed of erasure/blockage (unless impossible or disproportionate effort) |
|
|
What are the two legislative instruments of the 2012 data protection proposal? |
1. regulation setting out a general EU framework for data protection 2. directive on protecting personal data processed for the purposes of prevention, detection, investigation, prosecution of criminal offences |
|
|
What are the justifications for the 2012 data protection proposal? |
1. technological progress and globalisation 2. 27 EU Member States have implemented the 1995 rules differently, need coherence |
|
|
What is the current framework for data protection in the EU? |
1. single set of rules on data protection 2. unnecessary administrative requirements removed 3. increased responsibility and accountability for those processing personal data 4. organizations will only have to deal with a single national data protection authority in the EU country where they have their main establishment. 5. wherever consent is required for data to be processed, it is clarified that it has to be given explicitly |
|
|
What other benefits are there for the current EU framework for data protection? (5) |
1. people will have better acess to their data + right to data portability 2. right to be forgotten 3. EU rules must apply if personal data is handled abroad by companies active in EU market 4. independent national data protection authorities are strengthened so they can enforce rules at home 5. Data Protection new Directive applies to general data protection principles and rulesfor police and judicial cooperation in criminal matters. |
|
|
What is the institutional layout of data protection in the EU? (2) |
1. European Level - EDPS - Article 29 Working Party 2. National level - supervisory, independent authority with quasi-constitutional nature - wide enforcement |
|
|
What will become of the Article 29 Working Party? |
It will be replaced by the European Data Protection Board, composed of the head of one supervisory authority of each Member State and of the European Data Protection Supervisor, or their respective representatives. |
|
|
What are the new rules on the right to be forgotten in the EU? |
1. scope: when offering services to European customers, must apply European rules 2. burden of proof: EC proposes reversing it, demonstrate that data cannot be deleted 3. obligations: controller to inform third parties that individual wants data removed 4. fines: up to 2% of company turnover 5. balancing elements: freedom of expression, public health, statistical purposes |
|
|
What is the summary of the benefits of the new data protection framework of the EU for citizens? |
1. easier access to your own data 2. right to data portability 3. right to be forgotten 4. right to know when your data has been hacked |
|
|
What is the summary of the benefits of the new data protection framework of the EU for businesses? |
1. one continent, one law 2. one-stop-shop 3. European rules on European soil 4. risk-based approach 5. rules fit for innovation |
|
|
What are the different elements of agency enforcement? |
- injunctions - imposing fines and other sanctions - the promotion of compliance regulatory remedies to parties and stakeholders broader market oversight - a complex set of interrelated decisions |
|
|
What are the different agency procedures for enforcement? |
- imposition and oversight of regulatory conditions to operations - fast reconvention of non-important deviations (compliance) - deterrence sanctioning for breach - market investigation/inquiries |
|
|
What is the DREAM framework? |
- Detecting - Responding - Enforcing - Assessing - Modifying |
|
|
What is detecting in the DREAM framework? |
Gaining of information on undesirable and non-compliant behavior |
|
|
What is an example of innovative participation in detection? |
Leniency programmes from competition authorities. |
|
|
What is responding in the DREAM framework? |
The development of policies, rules, and tools to deal with the problems discovered. |
|
|
What is the table of eleven for predicting compliance? |
A. The spontaneous compliance dimensions 1. knowledge of rules 2. costs/benefits 3. extent of acceptance 4. target group's respect for authority 5. non-official (social control) B. enforcement dimensions 6. risk of being reported 7. risk of inspection 8. risk of detection 9. selectivity 10. risk of sanction 11. severity of sanction |
|
|
What is enforcing in the DREAM framework? |
The application of policies, rules, and toold on the ground. You must look at enforcement styles, as well as the intervention stage. |
|
|
What are the instruments for enforcement? |
1. sanctions—criminal or quasi 2. revocation of licenses 3. restorative tools 4. behavioral or structural undertakings 5. disclosure instruments |
|
|
What are assessing and modification under the DREAM framework? |
- measuring of success or failure in enforcement activities - adjusting tools and strategies in order to improve compliance and address problematic behavior |
|
|
What are some issues regarding enforcement? |
- enforcement and effectiveness of policy devised and regulation in place (realistic, plausible, incentive-based) - creative compliance - inclusiveness - accountability and transparency - due process |
