Which statement is correct when considering the right to privacy under Article 8 of the European Convention on Human Rights (ECHR)?
Which statement is correct when considering the right to privacy under Article 8 of the European Convention on Human Rights (ECHR)?A . The right to privacy is an absolute rightB . The right to privacy has to be balanced against other rights under the ECHRC . The right to freedom...
When does the GDPR provide more latitude for a company to process data beyond its original collection purpose?
When does the GDPR provide more latitude for a company to process data beyond its original collection purpose?A . When the data has been pseudonymized.B . When the data is protected by technological safeguards.C . When the data serves legitimate interest of third parties.D . When the data subject has...
Which marketing-related activity is least likely to be covered by the provisions of Privacy and Electronic Communications Regulations (Directive 2002/58/EC)?
Which marketing-related activity is least likely to be covered by the provisions of Privacy and Electronic Communications Regulations (Directive 2002/58/EC)? A. Advertisements passively displayed on a website. B. The use of cookies to collect data about an individual. C. A text message to individuals from a company offering concert tickets...
How is the retention of communications traffic data for law enforcement purposes addressed by European data protection law?
How is the retention of communications traffic data for law enforcement purposes addressed by European data protection law?A . The ePrivacy Directive allows individual EU member states to engage in such data retention.B . The ePrivacy Directive harmonizes EU member states’ rules concerning such data retention.C . The Data Retention...
Who-R-U is NOT required to notify the local German DPA about the laptop theft because?
SCENARIO Please use the following to answer the next question: Joe is the new privacy manager for Who-R-U, a Canadian business that provides DNA analysis. The company is headquartered in Montreal, and all of its employees arelocated there. The company offers its services to Canadians only: Its website is in...
In which of the following cases would an organization MOST LIKELY be required to follow both ePrivacy and data protection rules?
In which of the following cases would an organization MOST LIKELY be required to follow both ePrivacy and data protection rules? A. When creating an untargeted pop-up ad on a website. B. When calling a potential customer to notify her of an upcoming product sale. C. When emailing a customer...
Which of the following is NOT considered a fair processing practice in relation to the transparency principle?
Which of the following is NOT considered a fair processing practice in relation to the transparency principle?A . Providing a multi-layered privacy notice, in a website environment.B . Providing a QR code linking to more detailed privacy notice, in a CCTV sign.C . Providing a hyperlink to the organization’s home...
Which of the following was listed as a method that would NOT be effective for communicating a breach to data subjects?
WP29’s “Guidelines on Personal data breach notification under Regulation 2016/679’’ provides examples of ways to communicate data breaches transparently. Which of the following was listed as a method that would NOT be effective for communicating a breach to data subjects?A . A postal notificationB . A direct electronic messageC ....
If Who-R-U decides to track locations using its app, what must it do to comply with the GDPR?
SCENARIO Please use the following to answer the next question: Joe is the new privacy manager for Who-R-U, a Canadian business that provides DNA analysis. The company is headquartered in Montreal, and all of its employees are located there. The company offers its services to Canadians only: Its website is...
Since blockchain transactions are classified as pseudonymous, are they considered to be within the material scope of the GDPR or outside of it?
Since blockchain transactions are classified as pseudonymous, are they considered to be within the material scope of the GDPR or outside of it?A . Outside the material scope of the GDPR, because transactions do not include personal data about data subjects m the European Union.B . Within the material scope...