CIPP-E > Early Data Protection Laws > Flashcards

Early Data Protection Laws Flashcards

Understand the historical foundations and evolution of data protection laws in Europe leading up to the GDPR. (74 cards)

Study These Flashcards
1
Q

What are the required security measures for data protection under Convention 108?

A
  • Administrative controls
  • Technical controls
  • Physical controls
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What rights are granted to individuals under Convention 108?

A
  • Communication
  • Access
  • Amendment
  • Erasure
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What does Convention 108 say about transfers between signatories?

A

Member states will not impose prohibitions or require special authorizations if Chapter II protections are met.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

When is derogation from Convention 108 allowed?

A

If the exporting country:

  • Has special rules, and
  • The importing country lacks similar protections, or is not a party to Convention 108
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the Additional Protocol to Convention 108?

A

A 2001 protocol addressing data transfers to non-signatory countries using the concept of adequate protection, or in legitimate interests of the individual, public interest, or with standard contractual clauses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What must signatories of Convention 108 do under the mutual assistance requirement?

A
  • Designate a supervisory authority to oversee compliance
  • Cooperate internationally
  • Help individuals exercise their rights
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a directive in EU law?

A

A legal act that sets objectives for member states to achieve but allows flexibility in implementation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a regulation in EU law?

A

A binding legal act that is directly applicable in all member states without national implementation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the European Commission?

A

The EU’s executive arm with 27 commissioners.

The Commission proposes legislation and ensures laws are implemented.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What was the goal of the 1995 Data Protection Directive proposal?

A
  • To address fragmented data protection laws
  • Promote internal market and cross-border data flows
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What areas did the Data Protective Directive extend protections to?

A

Automated and nonautomated personal data, in both public and private sectors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the Charter of Fundamental Rights of the EU?

A

A document that consolidates fundamental rights within the EU.

Became legally binding in 2009.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the European Council?

A
  • The highest level of cooperation among EU member states
  • Composed of heads of state or government
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the European Parliament?

A

A directly elected EU legislative body.

Made up of Members of European Parliament (MEPs)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the Treaty of Lisbon?

A

A treaty that strengthened and reformed the European Union.

Signed in 2007 and effective in 2009

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which two treaties were amended by the Treaty of Lisbon?

A
  1. The Treaty of Rome (1957)
  2. The Maastricht Treaty (1992)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What did the Treaty of Rome become known as after the Treaty of Lisbon?

A

The Treaty on the Functioning of the European Union

(TFEU)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What were the objectives of the Treaty of Lisbon?

A
  • Make the EU more effective
  • Promote core values
  • Create a common legal framework
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is the trilogue in EU legislation?

A

A negotiation process involving the:

  • European Commission
  • European Parliament
  • Council of the European Union
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is the Official Journal of the European Union (OJEU)?

A

The primary source of EU legislation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What year did the GDPR become enforceable?

A

2018

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What are the main objectives of the GDPR?

A
  • Protect personal data
  • Build trust
  • Create a coherent framework
  • Enable the digital economy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What are some improvements the GDPR made over the Data Protection Directive?

A
  • Stronger individual rights
  • Data protection by design and default
  • Accountability
  • More supervisory power
  • One-stop shop
  • Extraterritoriality
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is Convention 108+?

A

A 2018 modernized version of Convention 108 that reflects new information and communication technologies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
What are the **objectives** of Convention 108+?
* Improve data protection standards * Maintain compatibility with existing and new regulatory frameworks
26
What are **notable improvements** in Convention 108+?
* Pre-transfer adequacy assessments of third-country safeguards * Implementation monitoring
27
What is the **objective** of the **Law Enforcement Directive** (2016)?
To **harmonize rules** protecting fundamental rights **when personal data is processed** by criminal law enforcement authorities.
28
What was **Brexit**?
The 2016 referendum in which the **UK voted to leave the EU**. ## Footnote UK officially exited on January 31, 2020.
29
How was the GDPR **applied** in the UK **before Brexit**?
Through the: * European Communities Act (ECA) and * The Data Protection Act (2018)
30
What happened to the GDPR in the UK **after Brexit**?
It was implemented as a UK statute. ## Footnote UK GDPR maintains the same protections.
31
What is a **notable change** to UK data protection post-Brexit?
EU institutions were **replaced with UK-specific bodies**. ## Footnote Example: Information Commissioner’s Office (ICO)
32
What makes up the current **UK data protection framework**?
* UK GDPR * Data Protection Act * EU Exit Regulations * Secondary legislation * ICO codes of practice * International instruments (e.g., ECHR and Convention 108)
33
What is an **adequacy decision**?
Recognition that a non-EU country, territory, or organization provides **equivalent data protection standards**.
34
**Why** does the UK require an adequacy decision?
Because it is now a **'third country' post-Brexit**.
35
What is **substantive law**?
The body of rules that **define rights, duties, and obligations** of people and organizations.
36
What does substantive law **determine**?
What **conduct is legal or illegal** and the elements required to prove crimes or civil claims.
37
What is **procedural law**?
The set of rules and methods **governing how legal rights are enforced** and **how courts operate**.
38
What is the **European Union** (EU)?
A **supranational political and economic union** of 27 member states. ## Footnote Population of approximately 450 million.
39
**How many countries** are part of the European Union (EU)?
**27** member states
40
What is the **European Economic Area** (EEA)?
An **extension of the EU single market** that includes 27 EU states plus Iceland, Liechtenstein, and Norway.
41
Which countries are part of the EEA **but not the EU**?
1. Iceland 2. Liechtenstein 3. Norway
42
Name the **7 main institutions** of the EU.
1. European Council 2. Council of the European Union 3. European Commission 4. Court of Justice of the European Union 5. European Central Bank 6. Court of Auditors 7. European Parliament
43
What is the **significance** (for privacy) of the Universal Declaration of Human Rights (1948)?
It laid the foundation for **recognizing privacy as a human right** on a global scale.
44
Which 1950 instrument reinforced privacy as a fundamental right **in Europe**?
European Convention on Human Rights
45
What was the **focus** of Recommendation 509 (1968)?
Early guidance on data protection and privacy principles.
46
What were Resolutions **73/22** and **74/29** (1973-74)?
Council of Europe resolutions that **highlighted the need** for personal data protection.
47
What did the OECD Guidelines of 1980 introduce?
Internationally agreed **principles for privacy** and transborder data flows.
48
What was **Convention 108** (1981)?
**First binding international treaty** for data protection
49
What directive was adopted by the EU in **1995 for data protection**?
Data Protection Directive
50
What is the **Charter of Fundamental Rights** (2000)?
An EU document that **enshrines privacy and data protection as fundamental rights**.
51
What is the **relevance** of the 2009 Treaty on the Functioning of the EU?
It gave **binding legal status** to the Charter of Fundamental Rights.
52
**Who enforces** the European Convention on Human Rights?
The European Court of Human Rights | (ECtHR) ## Footnote Located in Strasbourg, France.
53
Which **organization** created the ECHR?
The Council of Europe ## Footnote An international organization with 46 member states
54
Is the right under Article 8 of the ECHR **absolute**?
No, **proportionality** allows for lawful infringement in the public interest.
55
What is the **difference** between the Council of Europe and the European Commission?
* The Council of Europe is a **human rights body** * The European Commission is an **executive branch of the EU**
56
**Why** did the OECD Guidelines emerge?
To address the **lack of consistent privacy protections** as governments and corporations began collecting more personal data.
57
What year were the OECD Guidelines adopted and revised?
* Adopted: 1980 * Revised: 2013
58
What is the **full name** of the OECD Guidelines?
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data
59
What is the Organisation for Economic Co-operation and Development (**OECD**)?
An intergovernmental organization devoted to promoting economic progress and world trade. ## Footnote 38 member countries, founded in 1961
60
What are the **objectives** of the OECD Guidelines?
To **safeguard privacy and rights** without compromising trade and to protect transborder flows of personal data.
61
Are the OECD Guidelines **legally binding**?
No
62
What **role** do the OECD Guidelines play in **legislation**?
They serve as a **foundation for national laws** on data protection.
63
What **mnemonic** helps remember the OECD's **eight privacy principles**?
Catapulting Donut Pieces Unexpectedly Surprise Oblivious Ice-cream Attendants ## Footnote Principles: collection limitation, data quality, purpose specification, use limitation, security safeguards, openness, individual participation, accountability
64
What is the **Collection Limitation** principle?
Personal data must be collected fairly, lawfully, and with consent when appropriate.
65
What is the **Data Quality** principle?
Data must be relevant, complete, accurate, and current.
66
What is the **Purpose Specification** principle?
The purpose of data collection must be stated before collection and use must be compatible with that purpose.
67
What is the **Use Limitation** principle?
Data disclosure must be consistent with the specified purpose.
68
What is the **Security Safeguards** principle?
Controls must be implemented to prevent unauthorized modification, access, deletion, or exfiltration (MADE).
69
What is the **Openness** principle?
Transparency about data collection and use, including identity and location of data controller.
70
What is the **Individual Participation** principle?
Individuals have rights to know if data is held, access it, challenge its accuracy, and request amendment.
71
What is the **Accountability** principle?
Data controllers are accountable for complying with all OECD privacy principles.
72
When is cross-border data transfer **permissible** under the OECD Guidelines?
When the recipient country **observes the Guidelines** sufficiently.
73
**When** may member states **restrict** transborder data flows?
If the sending country has **special protections** or the **recipient lacks similar safeguards**.
74
What is the **full title** of Convention 108?
The Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data
CIPP-E
flashcards
Decks in class (11)
# Cards
Brainscape helps you reach your goals faster, through stronger study habits.
© 2026 Bold Learning Solutions. Terms and Conditions