CIPP-E > EU Institutions & Other Data Protection Laws > Flashcards

EU Institutions & Other Data Protection Laws Flashcards

Learn how EU institutions and various international data protection laws interact and shape the European privacy landscape. (94 cards)

Study These Flashcards
1
Q

What’s the mnemonic device to remember the EU’s 7 institutions?

A

Purple Crocodiles Munched Crunchy Jelly Bean Appetizers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the role of the European Parliament?

A

Acts as a co-legislator with the Council of the European Union.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What does the European Council do?

A

Defines the EU’s general political direction and priorities.

Composed of heads of state or government.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is another name for the Council of the European Union?

A

Council of Ministers

Co-legislator with Parliament

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the function of the European Commission?

A
  • Serves as the EU’s executive body
  • Proposes new legislation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does the Court of Justice of the EU do?

A
  • Interprets EU law
  • Decides legal disputes
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the role of the European Central Bank?

A

Controls eurozone monetary policy

Also forms part of the European System of Central Banks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does the European Court of Auditors do?

A
  • Checks the proper implementation of the EU budget
  • Performs audit functions

Based in Luxembourg

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What 2 treaties did the Treaty of Lisbon amend?

A
  1. The Treaty Establishing the European Economic Community
  2. The Maastricht Treaty (EU Treaty)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How did the Treaty of Lisbon strengthen EU institutions?

A
  • It created a new institutional structure
  • Granted institutional status to the European Council and the European Central Bank
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What impact did the Treaty of Lisbon have on privacy rights?

A

It elevated the Charter of Fundamental Rights (CFR).

CFR attained the same legal status as treaties, making CFR legally binding.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does the right to good administration entail under Article 41 CFR?

A
  • Fair and impartial handling of affairs
  • Timely decisions
  • Access to personal files
  • Respect for confidentiality
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a limitation of the CFR’s legal effect?

A

It is binding only when implementing Union law.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What did the EU Withdrawal Act of 2018 do?

A
  • Repealed the European Communities Act
  • Created Retained EU Law (REUL)
  • Restricted UK courts from using the CFR to override UK laws
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the main responsibilities of the European Parliament?

A
  • Draft legislation and budget
  • Oversee EU institutions
  • Represent citizens
  • Verify treaties
  • Approve the President of the Commission
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the 3 legislative procedures involving the European Parliament?

A
  1. Ordinary procedure
  2. Consultation procedure
  3. Consent procedure
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is the ordinary legislative procedure?

A

The main decision-making process

Parliament and the Council must both agree on legislation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is the consultation procedure?

A

Council ultimately decides, but must consult Parliament.

Used for sensitive issues.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is the consent procedure?

A

Parliament must approve the legislation without the power to amend it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What oversight powers does the European Parliament have over the Commission?

A

Parliament can:

  • Censure the Commission
  • Force the resignation of Commissioners
  • Receive reports from the Commission
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

How often are European Parliament elections held?

A

Every 5 years

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

How are Members of European Parliament (MEP) organized politically?

A

By political groups, not national blocs.

Requires a minimum of 25 members from at least 1/4 of member states

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is degressive proportionality?

A

Each country gets 6 to 96 seats based on a formula.

10% equally, 50% by population, 40% by square root of population

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What happens during committee work in the European Parliament?

A

Committees:

  • Prepare legislative texts
  • Assign rapporteurs
  • Submit reports for debate and amendment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
What occurs during **plenary sessions**?
The full Parliament: * Reviews reports * Proposes amendments * Adopts a position
26
Through **which legislative procedure** is personal data law adopted in the EU?
The ordinary legislative procedure
27
What **year** was the European Council **formalized**?
1992 ## Footnote Through the Treaty of Maastricht.
28
Who **makes up** the European Council?
* The **heads of state** or government of the 27 member states * The **President** of the European Commission
29
What constitutes a **qualified majority** in the European Council?
**55% of member states** representing at least 65% of the EU population ## Footnote At least 15/27 member states
30
What types of **legal instruments** can the Council issue?
* **Binding instruments**: regulations, directives, decisions * **Non-binding**: common actions, positions, recommendations, opinions
31
What are the **main responsibilities** of the European Commission?
* Initiates legislation * Implements policies * Oversees law compliance * Executes budget * Imposes fines
32
What is the **College of Commissioners**?
The **political leadership** of the European Commission. ## Footnote One commissioner per member state
33
How are Commissioners **selected**?
Nominated **by member states**, approved by Parliament. ## Footnote Must represent the EU's general interest—not their home countries
34
What are the **2 components** of the CJEU?
1. The Court of Justice (ECJ) 2. The General Court (formerly the Court of First Instance)
35
What **principle** was established in the **Google Spain case**?
The right to be forgotten. ## Footnote Requiring search engines to remove certain links associated with a person's name
36
What was the **outcome** of the **Digital Rights Ireland** case?
The ECJ **invalidated** the **Data Retention Directive**. ## Footnote Ruled the DRD violated fundamental rights to privacy and data protection.
37
What did the ECJ decide in the **ANAF case**?
**Data subjects must be involved**, such as being notified, when personal data is shared between agencies.
38
What did the **Weltimmo case** establish?
A company can be subject to a member state’s data protection laws **even with minimal presence** or data processing in that country.
39
What was the ruling in **Schrems I**?
The ECJ **invalidated** the **Safe Harbor** adequacy decision.
40
What was the outcome of **Schrems II**?
The ECJ **invalidated** the **Privacy Shield framework**. ## Footnote Privacy Shield replaced Safe Harbor.
41
What did the ECJ rule in **Tele2 Sverige and Tom Watson**?
**Indiscriminate data retention** is **incompatible** with the **ePrivacy Directive** ## Footnote Even for law enforcement
42
What is the **European Court of Human Rights** (ECtHR)?
A court founded in 1959 to **oversee the European Convention on Human Rights** (ECHR).
43
What **organization** is the ECtHR part of?
The Council of Europe
44
What prompted the **adoption** of the **Data Protection Directive**?
The **uneven implementation** of data protection laws.
45
What is **Directive 95/46/EC** also known as?
The Data Protection Directive | (DPD)
46
What **year** was the Data Protection Directive adopted?
October 1995
47
What is **harmonization** in the context of EU law?
The process of **creating common standards** across the internal market. ## Footnote To align national laws and reduce disparities
48
What is the purpose of **articles**?
They set out substantive rules, rights, and obligations and **have direct legal effect**.
49
What role do **recitals** play?
They **explain the reasons, context, and objectives** of the legislation and aid in interpretation.
50
Why was the DPD considered **flexible**?
It set general principles but allowed member states **discretion in implementation**. ## Footnote Led to inconsistencies
51
What was **1 improvement** made in the DPD?
It **applied to manually processed data** in addition to automated processing.
52
Who **falls under the scope** of the Data Protection Directive?
1. EU-based **data controllers** 2. Organizations **using EU equipment**
53
What **authority** was mandated by the DPD in each member state?
An independent **Data Protection Authority** | (DPA)
54
What was the **Article 29 Working Party** (WP29)?
A group formed by: 1. DPA representatives 2. The European Commission 3. EDPS ## Footnote Objective: to advise and oversee data protection operations
55
What does **EDPB** stand for?
European Data Protection Board
56
What is the **role** of the EDPB?
* Ensure GDPR's consistent application * Issue guidelines * Settle disputes * Advise the Commission
57
What was the **predecessor** of the EDPB?
The Article 29 Working Party | (WP29)
58
How was the EDPB **established**?
By the GDPR.
59
What does **EDPS** stand for?
European Data Protection Supervisor
60
What is the **role** of the EDPS?
* Supervise how EU institutions handle personal data * Ensure compliance * Provide advice
61
When did the GDPR: 1. Enter into force 2. Become enforceable
1. Entered into force on May 24, 2016 2. Enforceable from May 25, 2018
62
How does **the scope** of the GDPR **differ** from the DPD?
The GDPR: * Applies across the EU without national implementation * Covers the full data lifecycle * Covers processors
63
What does **behavioral monitoring** include under the GDPR?
Use of: * Cookies * Profiling * Other techniques to predict user preferences
64
What are the GDPR consent requirements if **bundled with** terms and conditions?
Data usage **must be disaggregated** from other issues and consent can be withdrawn.
65
When is consent **not considered freely given** under GDPR?
If it is a **take-it-or-leave-it** offer.
66
What existing rights from the DPD **were retained** under the GDPR?
* Access * Rectification * Erasure * Objection
67
What **new rights** were introduced in the GDPR?
* Data portability * Restriction of processing * Right to be forgotten * Not to be subject to automated decision-making and profiling
68
What is the right to **data portability** under the GDPR?
The right to receive data in a structured, common, machine-readable format **and transmit it to another** controller.
69
What is the **difference** between the right to **erasure** and the right **to be forgotten**?
* Erasure was a **limited DPD** right * The right to be forgotten is **explicitly codified** in GDPR Article 17
70
When can the right to be forgotten **be exercised** under GDPR?
* Data is no longer needed * Consent is withdrawn * Objection is raised * Data is unlawfully processed * Erasure is required by law * Data relates to children’s online services
71
What are the **4 criteria** that define **information society services**?
1. Normally provided for **remuneration** 2. Provided at a **distance** 3. Delivered **electronically** 4. Provided **at the request of** the recipient ## Footnote Examples: web hosting, online storage, social networks, online content-sharing, e-commerce, search engines, online ads, and email services (excluding personal email)
72
What is the **role** of a **data controller**?
Determines **the purposes and means** of processing personal data.
73
What is the **role** of a **data processor**?
Processes personal data **on behalf of** the controller.
74
What is **accountability** under the GDPR?
An organization’s responsibility to: 1. Comply with laws 2. Demonstrate compliance
75
What are some specific **obligations** for **processors** under GDPR?
* Cannot subcontract without consent * Must keep records of processing activities * Must implement security * Designate DPO * Follow third-country transfer rules
76
What are lawful **mechanisms** for **cross-border data transfers** under GDPR?
* Adequacy decision * Binding Corporate Rules (BCRs) * Standard Contractual Clauses (SCCs) * Codes of conduct * Certification mechanisms
77
What is the **objective** of the **Law Enforcement Directive** (LED)?
To harmonize rules **protecting fundamental rights** when personal data is **processed by law enforcement** authorities.
78
What 3 principles must law enforcement comply with under the LED?
* Necessity * Proportionality * Lawfulness
79
What is **another name** for the **ePrivacy Directive**?
Privacy and Electronic Communications Directive | (**2002/58/EC**)
80
What does the ePrivacy Directive **govern**?
Data protection and privacy in digital communications over **public communication networks**.
81
What **types of communications** does the ePrivacy Directive cover?
All **electronic communications**, including telecom, internet, and email.
82
What are some **key provisions** of the ePrivacy Directive?
* Safeguards * Confidentiality * Opt-in consent * Restrictions on traffic and billing data * Anonymization * User notification
83
When is traffic data retention **permitted** under the ePrivacy Directive?
Only for **billing purposes** and within the statute of limitations.
84
What is a **cookie**?
A small file **placed on a user's browser** to **identify the user** or device on future visits.
85
For what **3 primary reasons** are cookies used?
1. Session management 2. Personalization 3. Tracking
86
How has the ePrivacy Directive's understanding of **consent** been **interpreted** since 2018?
As **identical** to the GDPR's definition.
87
What does **NIS** Directive stand for?
Network and Information Systems Directive
88
What year was the **first** NIS Directive adopted?
2016
89
What is the **significance** of the NIS Directive?
It is the **first EU-wide** cybersecurity legislation.
90
What is the **primary purpose** of the NIS Directive?
To **address threats** to network and information systems.
91
What **2 organizations** must EU member states establish under the **NIS Directive**?
1. A Computer Security Incident Response Team (CSIRT) 2. National NIS Authority
92
What **category of organizations** are emphasized under the NIS Directive?
Operators providing Essential Services | (**OES**) ## Footnote Examples: energy, transport, banking, healthcare, infrastructure
93
What was the **Data Retention Directive**?
A 2006 legal framework for **retaining data** from public electronic communications services and networks.
94
What was the **objective** of the Data Retention Directive?
1. **Align EU-wide data retention policies** 2. Ensure access to traffic and location data for **crime and terrorism prevention**
CIPP-E
flashcards
Decks in class (11)
# Cards
Brainscape helps you reach your goals faster, through stronger study habits.
© 2026 Bold Learning Solutions. Terms and Conditions