Podcast Beta
Questions and Answers
Which activities are affected by data protection law?
What is the most important source of data protection law for the private sector?
What does 'personal data' mean according to data protection law?
Which one of the following is a transfer tool listed under Chapter V of the GDPR for transferring personal data to a third country?
Signup and view all the answers
What must the controller ensure when engaging a processor for data processing?
Signup and view all the answers
When is a separate legal ground required for engaging a processor?
Signup and view all the answers
According to the text, what is one of the legal grounds for processing personal data in an online shop?
Signup and view all the answers
What type of data processing activity does Article 9 specifically apply to?
Signup and view all the answers
In an online shop, what legal ground is often used for age verification and fraud prevention?
Signup and view all the answers
What must normally justify any use of personal data that goes beyond the processing necessary for the main purpose of a contract in an online shop?
Signup and view all the answers
Which of the following is the primary purpose of the right of data portability under GDPR?
Signup and view all the answers
Under Article 16 of GDPR, what right does the data subject have?
Signup and view all the answers
What is the purpose of the right to erasure (‘right to be forgotten’) under GDPR?
Signup and view all the answers
What is the duty to inform when setting up a trading website under GDPR?
Signup and view all the answers
According to the GDPR, personal data that has undergone pseudonymisation is considered as non-personal data.
Signup and view all the answers
Which of the following activities is excluded from the scope of the GDPR?
Signup and view all the answers
Who is considered as the 'controller' under the GDPR?
Signup and view all the answers
What is the territorial scope of the GDPR?
Signup and view all the answers
According to Article 7(4) of the GDPR, consent must be 'freely given', 'specific', 'informed', 'unambiguous' and by an 'affirmative act'. Which of the following does NOT constitute valid consent?
Signup and view all the answers
When requesting consent, it is important to present the request in a manner that is clearly distinguishable from other matters. This is to avoid which of the following?
Signup and view all the answers
Under the GDPR, if a data subject withdraws their consent, what happens to the lawfulness of processing based on consent before its withdrawal?
Signup and view all the answers
When considering whether further processing of personal data is compatible with the initial purposes, what factors should be taken into account?
Signup and view all the answers
According to § 165(3) TKG, under what condition is the storing of information in the terminal equipment of a user allowed?
Signup and view all the answers
What type of consent is required for storing access credentials?
Signup and view all the answers
What is the term used to describe manipulative designs of consent boxes that make accepting all cookies more prominent and burdensome to make a choice?
Signup and view all the answers
What does 'privacy by default' mean?
Signup and view all the answers
Study Notes
Data Protection Law
- Data protection law affects activities involving personal data, including collecting, storing, using, and sharing.
Definition of Personal Data
- Personal data refers to any information relating to an identified or identifiable natural person.
Transferring Personal Data
- A transferring tool listed under Chapter V of the GDPR for transferring personal data to a third country is Binding Corporate Rules.
Engaging a Processor
- The controller must ensure that the processor provides sufficient guarantees to implement appropriate technical and organizational measures to protect personal data.
- A separate legal ground is required for engaging a processor when processing personal data beyond the initial purpose.
Legal Grounds for Processing
- One of the legal grounds for processing personal data in an online shop is the performance of a contract.
- Age verification and fraud prevention in an online shop often use the legal ground of legitimate interest.
Special Categories of Personal Data
- Article 9 specifically applies to processing of special categories of personal data, such as genetic data, biometric data, and data concerning health.
Right of Data Portability
- The primary purpose of the right of data portability under GDPR is to empower data subjects to take control of their personal data.
Right of Access and Rectification
- Under Article 16 of GDPR, the data subject has the right to request rectification of inaccurate personal data.
Right to Erasure
- The purpose of the right to erasure (‘right to be forgotten’) under GDPR is to enable data subjects to request erasure of their personal data.
Duty to Inform
- The duty to inform when setting up a trading website under GDPR involves providing clear and transparent information to data subjects.
Pseudonymisation
- Personal data that has undergone pseudonymisation is still considered personal data.
Scope of GDPR
- The following activity is excluded from the scope of the GDPR: Anonymous data processing.
Controller and Territorial Scope
- The controller is the natural or legal person, public authority, agency, or other body that determines the purposes and means of processing personal data.
- The territorial scope of the GDPR applies to the processing of personal data in the context of the activities of an establishment of a controller or processor in the EU.
Consent
- Consent must be freely given, specific, informed, unambiguous, and by an affirmative act.
- A pre-ticked checkbox does not constitute valid consent.
- When requesting consent, it is important to present the request in a manner that is clearly distinguishable from other matters to avoid bundling.
Lawfulness of Processing
- If a data subject withdraws their consent, the lawfulness of processing based on consent before its withdrawal remains unaffected.
Further Processing
- When considering whether further processing of personal data is compatible with the initial purposes, factors to be taken into account include the context in which the personal data was collected and the reasonable expectations of the data subject.
Storing Information
- According to § 165(3) TKG, storing of information in the terminal equipment of a user is allowed under certain conditions, such as obtaining the user's consent.
Consent for Storing Access Credentials
- Explicit consent is required for storing access credentials.
Dark Patterns
- The term used to describe manipulative designs of consent boxes is dark patterns.
Privacy by Default
- "Privacy by default" means that data protection safeguards are built into products and services from the outset, protecting personal data by default.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
Quiz: Understanding Consent and Data Storage in the Digital Age Test your knowledge on the legal requirements surrounding data storage and user consent in accordance with the GDPR. Learn about the conditions for storing and accessing information on user terminals and the exceptions that apply. Gain a better understanding of how these regulations impact data transmission and the responsibilities of service providers.
