CIPP-E > Surveillance and Direct Marketing > Flashcards

Surveillance and Direct Marketing Flashcards

Learn the privacy rules governing surveillance activities and direct marketing practices in the EU. (64 cards)

Study These Flashcards
1
Q

What is surveillance?

A

Observing, monitoring, or investigating people, behaviors, or information to manage or direct outcomes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is surveillance capitalism?

A

An economic system where companies collect, analyze, and commodify personal data, often without awareness, to influence behavior for profit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Who are common actors involved in surveillance?

A
  • Law enforcement
  • Governments
  • Businesses
  • Private individuals
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are common types of surveillance?

A
  • Physical
  • Electronic/digital
  • Public health
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are key areas of surveillance data?

A
  • Communications
  • Video surveillance
  • Biometric
  • Location
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What must be balanced in surveillance regulation and case law?

A

The right to privacy vs. legitimate government need

Examples: law enforcement or national security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are common Internet of Things (IoT) and surveillance devices?

A
  • Mobile phones
  • Smart devices
  • Voice assistants
  • Laptops
  • Tablets
  • CCTV
  • Credit/debit cards
  • Web browsers
  • Websites
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are common purposes for collecting surveillance data from devices?

A
  • Social network analysis
  • Data mining
  • Profiling
  • Satellite imaging
  • Telecom surveillance
  • Online behavioral advertising
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which legal authorities govern surveillance in Europe?

A
  • Article 7 CFR
  • Article 8 ECHR
  • Court of Justice of the EU case law
  • European Court of Human Rights case law
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the purpose of EDPB 02/2020?

A

To assess whether surveillance laws meet privacy and data protection standards expected by the Charter of Fundamental Rights.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What requirements does EDPB 02/2020 outline for surveillance?

A
  • Clear rules
  • Demonstrated necessity and proportionality
  • Independent oversight
  • Effective remedies for individuals
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the 2 main types of communications data?

A
  • Traditional
  • Telecommunications
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are examples of traditional surveillance communications?

A
  • Physical mail
  • Human spies
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are examples of telecommunications surveillance data?

A
  • Digital communications
  • Internet activity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What does the content of telecommunications data include?

A
  • Language exchange
  • Metadata
  • Traffic data
  • Location data
  • Subscriber data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is metadata?

A

Data about data generated during message transmission.

Includes traffic, location, and subscriber data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are examples of metadata?

A
  • File format
  • Time created
  • Duration
  • Origin and destination
  • Transmission protocol
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What information does location data include?

A
  • Latitude
  • Longitude
  • Altitude
  • Direction of travel
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What does subscriber data describe?

A
  • Who
  • What
  • Where
  • When
  • How
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What did the Data Retention Directive require?

A

Telecom companies and ISPs were required to store communications data longer than business needs required.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Why was the Data Retention Directive invalidated by the CJEU in 2014?

A

It disproportionately infringed on privacy rights under the Charter of Fundamental Rights.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What does the CJEU prohibit regarding data retention?

A

Indiscriminate retention of communications data by private entities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Under what conditions does the CJEU allow bulk data retention?

A

If a member state faces a genuine, present, and foreseeable threat to national security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is the likely lawful basis for CCTV processing?

A

Legitimate interest of the data controller.

Examples: preventing theft or vandalism

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
What is a **Legitimate Interest Assessment**? | (LIA)
A **structured process** for **justifying data processing under legitimate interest** using a three-part test.
26
What are the **3 parts** of a **Legitimate Interest Assessment**?
1. Purpose 2. Necessity 3. Balancing
27
What is assessed in the **purpose stage** of an LIA?
**Whether there is** a legitimate interest behind the processing.
28
What is assessed in the **necessity stage** of an LIA?
Whether the processing **is necessary** and there is no less intrusive method.
29
What is assessed in the **balancing stage** of an LIA?
Whether the **individual's rights, interests, or freedoms override** the legitimate interest.
30
What are key **technical considerations** in **Privacy by Design** for video surveillance?
* Camera type * Location * Zoom * Image blur/delete * Image freezing
31
How should **footage retention** be handled in video surveillance?
Footage should be maintained **only as long as necessary**.
32
What organizational measures **support Privacy by Design** in video surveillance?
* Employee training * System's privacy policy * Regular audits
33
What does **transparency require** in video surveillance?
**Public notice** of recording with layered notice. ## Footnote e.g., sign and QR code for details
34
What are the **2 forms of biometric data**?
1. Raw data 2. Biometric templates
35
What is a **biometric template**?
A unique **digital or mathematical representation** of biometric characteristics.
36
What are the **2 main uses** of biometric systems?
1. Identification (Who are you?) 2. Authentication (Are you who you say you are?)
37
What is a **Location-Based Service**? | (LBS)
A service that **uses location data** from sensors **to deliver targeted services**.
38
What are the **main technologies** used in LBS?
* Satellite network-generated data (e.g., GPS) * Mobile network data (e.g., LTE, 5G) * Chip-card generated data (e.g., credit cards)
39
Why might location data be **considered sensitive** under GDPR?
It may **reveal visits to sensitive locations**. ## Footnote Examples: churches, clinics, or bars
40
What guidelines does the EDPB provide for **contact tracing apps**?
* Usage should be voluntary * Data collection should stop when no longer needed * DPIAs should be conducted
41
What is **direct marketing**?
Communication of advertising or marketing material **directed to particular individuals**, using personal data. ## Footnote Examples: emails, text messages, phone calls, direct mail, social media targeted ads
42
What are **key characteristics** of direct marketing?
* Directed at individuals * Promotes products/services/ideals * Uses personal data
43
What are examples of communications that are **not direct marketing**?
* Appointment reminders * Service notifications * General updates * Leaflet drops * Market research
44
What is **MMS** in the context of marketing?
* Multimedia Messaging Service * A protocol for sending images, videos, and audio over mobile carrier networks
45
What **rights** do data subjects have regarding **direct marketing**?
* Right to opt out * Withdraw consent or object to processing * Be informed of this right
46
What **obligations** do controllers have when **processing opt-out requests**?
* Must act in a timely manner * May not charge * Must delete all personal and profiling data
47
What is the purpose of **suppression lists**?
To **retain minimal data** to ensure opt-out or objection preferences are honored.
48
What are '**Robinson Lists**'?
National or regional services that **let individuals opt out** of all direct marketing.
49
What is **Online Behavioral Advertising**? | (OBA)
A digital marketing technique **delivering personalized ads** based on **users' past online activities** and behaviors.
50
What is the **goal** of OBA?
To **increase click-through rate** and likelihood of user engagement or purchase.
51
What is **first-party advertising**?
When the **site publisher** recommends products based on the user's previous interactions with their site.
52
Who are the **key players** in **third-party advertising**?
* Advertisers * Publishers * Networks or platforms like Google Ads
53
How does the **third-party OBA** process work?
* User visits a site * Ad network places a cookie * Tracks activity * Builds a profile * Uses profile to display relevant ads on future visits
54
What did the ECJ rule in the 2018 **Wirtschaftsacademie** and 2019 **Fashion ID** cases?
Social media providers, publishers, and ad networks **may be considered joint controllers** of personal data.
55
Who is considered a **Social Media Provider**? | (SMP)
An entity providing a platform where **users build networks, share information, and connect**.
56
Who is considered a **Targeter** in OBA?
**An advertiser** using social media **to direct specific messages** to user groups.
57
What does **Article 5(3)** of the **ePrivacy Directive** cover?
Use of cookies **to access or store information on a user’s device**, requiring user consent and disclosure.
58
How is **ePrivacy consent** interpreted?
**Same as GDPR consent**: must be specific, informed, freely given, and affirmative before cookies are placed.
59
What is **postal marketing**?
**Physical mail** (snail mail) marketing ## Footnote Not subject to ePrivacy laws but subject to GDPR if personal data is processed
60
What is an **automated calling system**?
A system that **initiates calls** to one or more recipients **without human intervention**.
61
What does '**electronic mail**' include under the ePrivacy Directive?
Any text, voice, sound, or image **sent over a public network**. ## Footnote Includes email, SMS, and MMS
62
What is the '**soft opt-in**' exception?
Allows marketing **without prior consent** if there is **an existing business relationship** and opt-out was offered.
63
What **conditions must be met** for the **soft opt-in exception** to apply?
* Marketing of controller's own similar products * Prior opt-out option given * Opt-out remains free and available
64
What is **fax marketing**?
Using **fax machines to send unsolicited advertising** or promotional messages to individuals or businesses.
CIPP-E
flashcards
Decks in class (11)
# Cards
Brainscape helps you reach your goals faster, through stronger study habits.
© 2026 Bold Learning Solutions. Terms and Conditions