Week 11: Social Issues of the Information Age

Questions and Answers

What are the three key aspects of privacy as identified in the content?

• Freedom from government oversight, data security, right to be forgotten
• Control of personal data, right to anonymity, freedom of speech
• Access to public records, right to privacy, control over one’s image
• Freedom from intrusion, control of information, freedom from surveillance (correct)

What was one of the main concerns highlighted by the Younger Report in 1972?

• Data encryption methods
• Compiling personal profiles on single databases (correct)
• The rise of mobile technology
• Increased social media usage

Which of the following is NOT a right related to privacy as per the content?

• Control of information about oneself
• Freedom from intrusion
• Freedom from data encryption (correct)
• Freedom from surveillance

Why was the UK considered a 'data haven' in the 1970s?

No legal control or regulation on data (C)

Which of the following is NOT a lawful basis for processing personal data?

Administrative efficiency (C)

What governmental action was taken by Sweden regarding personal data in 1974?

Banned the export of Swedish personal data to the UK (C)

What must occur for personal data processing to be considered lawful?

There must be specific grounds identified (A)

Which decade marked an increase in the collection and distribution of information as a commercial activity?

1960s (D)

Which of the following is NOT one of the three areas of concern listed in the Younger Report?

Surveillance of public spaces (D)

Which lawful basis for processing personal data is related to protecting someone's life?

Vital interests (B)

Which lawful basis for processing personal data involves performing a task in the public interest?

Public task (C)

What does the right to privacy entail according to the content?

Right to live privately without government interference (A)

If a company processes personal data based on legitimate interests, what is crucial to ensure?

Individual’s interests must not be overridden (C)

How should data be processed to adhere to principles of lawfulness?

Lawfully, fairly, and transparently (A)

What is a requirement when processing data for a contract with the individual?

Processing must be necessary for the contract (C)

Which of the following principles does NOT relate to the processing of personal data?

Profitability (A)

What does the term 'Renewal Term' refer to?

The period after the initial subscription term for a service (C)

What can Zoom do regarding the Services it provides?

Contingently modify the Services without any notice (B)

What is the nature of the agreements known as Terms of Service?

Legal agreements between a service provider and a user (A)

What does agreeing to the privacy policy imply for a user?

A user acknowledges the service's collection and use of data (B)

What type of updates will Zoom provide during the subscription term?

Standard updates generally available to all users (D)

What does the lack of prior notice from Zoom in service modifications imply?

Services can be modified at any time without user consent (B)

What can be inferred about the termination of services?

Services can be discontinued solely at the discretion of the provider (B)

How are Terms of Service perceived in a legal context?

They are legally binding contracts between parties (B)

Who is not eligible to use Zoom Services?

Persons who are not legally eligible to be bound by these terms (C)

What does the term 'Affiliate' refer to in this context?

An entity that controls a Party or is under common control with it (C)

What was the fine imposed on HIV Scotland for the email data breach?

£10,000 (C)

Which of the following principles ensures that data is processed securely?

Integrity and confidentiality (C)

What is one of the system requirements for using the Services?

High speed Internet access is recommended (B)

What does 'Service Effective Date' signify?

The date an Initial Subscription Term begins (B)

What aspect of accountability is emphasized in the context of data protection?

The need for a data protection officer (C)

What is typically included in an Order Form?

Additional terms and conditions regarding ordered Services (B)

Which of the following is NOT a privacy right of individuals under the GDPR?

The right to a refund (D)

In the case of British Airways, what was the reason for the reduction in their fine?

Economic impact of Covid-19 (A)

What is the implication of having outdated software for using the Services?

It may hinder your ability to access and use the Services (C)

Which of the following is part of the definition of 'End User'?

A Host or Participant who uses the Services (C)

Which right allows individuals to request deletion of their personal data?

Right to erasure (B)

What principle under GDPR requires companies to be responsible for proving compliance?

Accountability (A)

What responsibility do users have regarding system requirements?

To ensure their devices meet the changing system requirements (B)

Which technology platform is mentioned as allowing users to download their data?

Instagram (C)

What was the main reason for WindTre's €17 million fine?

Unsolicited marketing communications without consent (D)

Which principle of the General Data Protection Regulation requires data to be collected only for specific legitimate purposes?

Purpose limitation (A)

According to the General Data Protection Regulation, how should personal data be maintained?

Only as long as necessary (C)

What is a requirement for ensuring the integrity and confidentiality of data under the General Data Protection Regulation?

Data must be processed securely (D)

What does the accuracy principle of the General Data Protection Regulation require?

Personal data should be updated where necessary (D)

Which action reflects a potential violation of the General Data Protection Regulation related to unsolicited marketing?

Calling users without their prior consent (C)

How long must organizations respond to a personal data breach according to the regulation?

Within 72 hours (D)

What is NOT a requirement of the data minimization principle?

Data should be excessive and redundant (A)

Flashcards

Data Protection Act

A legal framework designed to protect personal data and individuals' privacy. It establishes rules for collecting, storing, using, and disclosing personal information.

Privacy in Human Rights

The right to live a private life without unnecessary government interference.

Three Aspects of Privacy

Three key aspects of privacy: freedom from intrusion, control of personal information, and freedom from surveillance.

Commercial Data Collection

The practice of collecting, storing, and using personal information for commercial purposes.

Data Matching

The process of combining data from multiple databases to create a more complete profile of an individual.

Data Haven

A country or region with weak or no legal protections for data privacy, making it appealing for organizations seeking to store or process data without stringent regulations.

General Data Protection Regulation (GDPR)

A set of rules for protecting personal data within the European Union (EU), emphasizing data subjects' rights and imposing stricter regulations on data processing.

Sneaky Responses

Responses or actions intended to deceive or mislead individuals about the true purpose or extent of data collection or usage.

Renewal Term

The period for which a customer subscribes to a service after their initial subscription term has ended.

Terms of Service

The legal agreements between a service provider and a user outlining the rules and responsibilities for using the service.

Privacy Policy

A written statement that details how a company collects, uses, and protects personal information.

Initial Subscription Term

The initial period for which you subscribe to a Zoom service, as specified in your order.

Service Effective Date

The date when your initial subscription to a Zoom service officially begins.

Affiliate

Any company that is directly or indirectly controlled by Zoom, or that controls Zoom.

End User

A person who hosts or participates in a Zoom meeting, using the Zoom service.

System Requirements

The minimum requirements for your device, internet connection, and software to effectively use Zoom.

Agreement

The legal agreement outlining the terms and conditions for using Zoom services.

Services Description

A document that lists the different Zoom services offered.

Order Form

Additional terms and conditions that apply to a specific Zoom service you choose.

What are the six lawful bases for processing personal data under GDPR?

The legal basis for processing personal data must be one of these six grounds, ensuring data handling complies with GDPR regulations.

What is Transparency in relation to GDPR?

This principle requires organizations to be transparent about how they use individuals' personal data, informing them clearly about their data processing practices.

What is Fairness in relation to GDPR?

This principle emphasizes the importance of treating individuals fairly and respecting their rights in relation to their personal data.

What is Lawfulness in relation to GDPR?

This principle ensures that personal data is handled lawfully, in line with GDPR regulations and specific authorized purposes.

What is Consent in GDPR?

In the context of GDPR, this refers to the individual's agreement to allow the processing of their personal data for a specific purpose. It must be explicit, informed and freely given.

What is Contract in GDPR?

This lawful basis applies when processing personal data is necessary for fulfilling a contract between an individual and an organization.

What is Legal Obligation in GDPR?

This lawful basis allows processing personal data when required by law to comply with a legal obligation placed on the organization.

What is Vital Interest in GDPR?

This lawful basis applies when processing personal data is necessary to protect the vital interests of an individual or another person.

Purpose limitation

The GDPR principle stating that data should be collected only for specific and legitimate purposes. This means that organizations must have a clear reason for collecting data and must not use it for other purposes.

Accuracy

This GDPR principle ensures that personal data is kept accurate and updated where necessary. Organizations must take steps to ensure that the data they hold is correct and reflects the current situation.

Storage limitation

The GDPR principle dictating that data should be stored only as long as necessary. It means that organisations should not store personal data indefinitely, but only for as long as it is required for the original purpose.

Data minimization

The GDPR principle requiring that personal data collected must be adequate, relevant, and limited to what is necessary for the specified purpose. It means organizations should collect only the data that is essential.

Integrity and confidentiality

This principle of the GDPR mandates that personal data should be processed in a way that ensures security. This involves safe storage techniques and implementing suitable measures to prevent unauthorized access, disclosure, alteration, or destruction of personal data.

WindTre Fine

WindTre was fined € 17 million by the Italian data protection authority for violating the GDPR principle of "purpose limitation." The company was found to have collected user consent for various purposes, including marketing, profiling, and sharing data with third parties, without providing explicit and separate consent for each purpose.

Data Security (Integrity & Confidentiality)

Ensuring data is processed securely to maintain its integrity and confidentiality. This includes implementing measures to protect against unauthorized access, use, disclosure, alteration, or destruction.

Accountability in Data Protection

A fundamental principle of data protection that emphasizes the responsibility of organizations to demonstrate they are complying with data protection principles. This includes establishing clear processes and accountability mechanisms.

Right to Erasure (Right to be Forgotten)

A right under GDPR allowing individuals to request the deletion of their personal data if specific conditions are met, such as when the data is no longer necessary for the original purpose.

Right to be Informed (Transparency)

A requirement for organizations to provide individuals with clear and concise information about how their personal data will be processed.

Right to Restrict Processing

A right under GDPR allowing individuals to request that their data be processed only under specific conditions or purposes.

Right of Access (Know Your Data)

A right under GDPR allowing individuals to access their personal data held by an organization.

Right to Data Portability

A right under GDPR allowing individuals to receive a copy of their personal data in a structured, commonly used, and machine-readable format, facilitating data transfer between services.

Right to Rectification (Correct Your Data)

A right under GDPR allowing individuals to request the correction of inaccurate or incomplete personal data held by an organization.

Study Notes

Week 11: Social and Professional Issues of the Information Age

• The presentation covers data protection, privacy, and the history of data protection legislation.
• The key topic is the General Data Protection Regulation (GDPR).
• The presentation discusses the 2018 EU regulation on data protection and privacy.
• The GDPR defines how organizations process personal data.
• Personal data is defined as any information related to a natural person who can be identified, directly or indirectly.
• The presentation discusses the six principles of GDPR: lawful, fairness, and transparency; purpose limitation; data minimization; accuracy; storage limitation; and integrity and confidentiality.

Sneaky Responses

• Terms of service and terms of use are legal agreements between a service provider and a user.
• These agreements are legally binding, and companies can refuse to provide service if these terms are not met.
• The presentation gives examples like data sharing, subscription services and more.

Data Protection Act 1984

• The Act regulates automatically processed information relating to individuals and provides services regarding this information.
• It focuses on personal data concerning identifiable living individuals.
• The Act defines data subjects (individuals whose data is processed), data users (who process the data), and computer bureaux (who only process data).
• The Data Protection Registrar was responsible for promoting data protection and enforcing the Act.

Back in the 60s and 70s

• Information collection and distribution expanded from academic and military settings to commercial activities in the 1960s.
• The 1970s witnessed governmental centralization of information about individuals' private affairs.
• The Younger Report (1972) identified three primary concerns related to computer use:
  • Compiling personal profiles on single databases.
  • Data matching across multiple databases.
  • Unauthorized access to personal information.
• Sweden banned the export of Swedish personal data to the UK in 1974 due to the UK not having proper data regulation, classifying it as a "data haven".

Privacy

• Privacy encompasses three key aspects: freedom from intrusion, control over one's personal information, and freedom from surveillance.
• Privacy can be compromised when individuals share information with strangers in order to conduct transactions.

Previously

• Information collection and distribution became increasingly commercial.
• The UK was seen as a "data haven."
• The Data Protection Act 1984 was introduced. Companies had started using unfair or dishonest data collection techniques before the act.

Privacy Rights of Individuals

• Data subjects (individuals) have various rights under GDPR.
  • The right to be informed, access, rectification, erasure, restriction of processing, data portability, and object.
• The presentation also includes information about rights like the right to be forgotten. This includes the removal of personal information from services under specific circumstances, like when data is no longer needed, or consent is withdrawn, or information is unlawfully collected.
• The internet never forgets.