CIPP/E EXAM 170 QUESTIONS & CORRECT ANSWERS
LATEST 2026
Prohibition of cross border data transfers under Data Privacy Directive 95/46/EC
apply when - ANSWER-data transferred from a jurisdiction in the EU to a third
country.
What treaty or convention allowed the Data Protection Directive 95/46/EC to be
used as a harmonising measure for European Member states. - ANSWER-The
Treaty of Rome
Direct marketing would include: - ANSWER-Email promoting new book on sale.
What two opposing forces needed to be considered in formulating a privacy
framework in the European Economic Community? - ANSWER-Concerns for
personal freedom and privacy and ability to support free trade.
What principle is contained in art 12 of the Human Rights Declaration? -
ANSWER-The right to a private life and associated freedoms.
What right is protected by art 19 of the Human Rights Declaration? - ANSWER-
The right to freedom of opinion and expression.
Which article of the Human Rights Declaration reconciles articles 12 and 19 and
how is it stated? - ANSWER-Article 29(2) states that individual rights are not
absolute and there are instances where a balance must be struck to limit their
exercise.
,What was the purpose of the European Convention on Human Rights? -
ANSWER-It was an international treaty to protect human rights and fundamental
freedoms.
Name special categories of data. - ANSWER-Racial or ethnic origin, political
affiliations/opinions, health information, sex life, religious beliefs, trade union
membership.p 58
What are the specific rights enumerated in the ECHR? - ANSWER-right to life,
prohibition of torture, prohibition of slavery and forced labour, right to liberty and
security, right to a fair trial, no punishment w/o law, respect for private and family
life, freedom of thought, conscience and religion, freedom of expression, freedom
of assembly and association, right to marry, right to an effective remedy and
prohibition of discrimination.
What are the two rights provided under article 8 of the ECHR? - ANSWER-1. right
to respect for private and family life and his correspondence.
2. No interference by public authority of this right except in accordance to law and
is necessary in a democratic society in the interest of national security public
safety...
What does article 10 of the ECHR deal with? - ANSWER-Right to freedom of
expression and to share information and ideas across borders but qualified so as to
protect the privacy of individuals
What are the obligations imposed on EU member states as seen under the Data
Protection Directive 95/45/EC or the Data Protection Director or 'the Directive'? -
ANSWER-The Directive sets out general principles and leaves the member states
to implement these principles as they see fit. p 38
,What are the exceptions to the consent required for cookies under the e-Privacy
directive 2002/58/EC? - ANSWER-where 1) storage or access is for the sole
purpose of carrying out transmission of communication over an electronic network
and 2) strictly necessary for information service explicitly requested by user p 43
What is the most pertinent amendment to the e-Privacy Directive? - ANSWER-
Cookies require prior information and consent. p 43
When could a data controller collect data from 3rd parties without notification to
the data subjects under Data Protection Directive 95/49/EC? - ANSWER-A pre-
approved marketing effort. p 43.
Who makes sure directive are implemented properly by the member states? -
ANSWER-The European Commission. p 27-28
What institution adopts adequacy findings(by which non members are regarded as
providing adequate levels of data protections) for the European Union? -
ANSWER-The European Commission. p 29
Which directive or convention contains specific provisions for data breaches? -
ANSWER-The Privacy and Electronic Communications Directive. p 42
What is the exemption in the e-Privacy Directive 2002/58/EC allowing data
controllers to send electronic marketing information? - ANSWER-The recipients
are existing customers. p 43.
Under the Data Protection Directive (95/46/EC) what type of data subject is not
covered? - ANSWER-Legal persons would seem not to be but is not prohibited
either(and some local laws afford some protection) and also deceased individuals
, do not constitute 'natural persons' although in some member states (Italy) data
protection rules apply to deceased individuals under certain circumstances. p 63.
Name some of the conditions to be satisfied in order to process personal data in
line with European Data Protection concepts/principles. - ANSWER-Obtained and
processed fairly and lawfully, for legitimate purposes, adequate/relevant/not
excessive for purposes, accurate/up to date, preserved for no longer than required.
p 81
Name an incompatible purpose for processing data beyond originally specified
purpose. - ANSWER-Performance of a contract. If this were not true, then a mere
contract would allow processing data for any purpose. One exception is research p
87- specifically allowed p 85-86.
In the Data Protection Directive 95/46/EC what is "any freely given specific and
informed indication of his wishes by which the data subject signifies his agreement
to persona data relating to him being processed"? - ANSWER-Unambiguous
consent. p 94
Under Data Protection Directive 95/46/EC what info must be included in the
notification of data processing? - ANSWER-Name of the data controller
processing data and the purpose of the processing. p 109
If personal data is not obtained directly from the data subject when should fair
processing information be provided? - ANSWER-At the time personal data is
recorded or if disclosure to 3rd party contemplated then no later than at the time
data is first disclosed. p 111
When should a company respond to a former employee's request for his personal
information (email, etc.)? - ANSWER-ASAP-taking into account local data
protection rules. p 126
LATEST 2026
Prohibition of cross border data transfers under Data Privacy Directive 95/46/EC
apply when - ANSWER-data transferred from a jurisdiction in the EU to a third
country.
What treaty or convention allowed the Data Protection Directive 95/46/EC to be
used as a harmonising measure for European Member states. - ANSWER-The
Treaty of Rome
Direct marketing would include: - ANSWER-Email promoting new book on sale.
What two opposing forces needed to be considered in formulating a privacy
framework in the European Economic Community? - ANSWER-Concerns for
personal freedom and privacy and ability to support free trade.
What principle is contained in art 12 of the Human Rights Declaration? -
ANSWER-The right to a private life and associated freedoms.
What right is protected by art 19 of the Human Rights Declaration? - ANSWER-
The right to freedom of opinion and expression.
Which article of the Human Rights Declaration reconciles articles 12 and 19 and
how is it stated? - ANSWER-Article 29(2) states that individual rights are not
absolute and there are instances where a balance must be struck to limit their
exercise.
,What was the purpose of the European Convention on Human Rights? -
ANSWER-It was an international treaty to protect human rights and fundamental
freedoms.
Name special categories of data. - ANSWER-Racial or ethnic origin, political
affiliations/opinions, health information, sex life, religious beliefs, trade union
membership.p 58
What are the specific rights enumerated in the ECHR? - ANSWER-right to life,
prohibition of torture, prohibition of slavery and forced labour, right to liberty and
security, right to a fair trial, no punishment w/o law, respect for private and family
life, freedom of thought, conscience and religion, freedom of expression, freedom
of assembly and association, right to marry, right to an effective remedy and
prohibition of discrimination.
What are the two rights provided under article 8 of the ECHR? - ANSWER-1. right
to respect for private and family life and his correspondence.
2. No interference by public authority of this right except in accordance to law and
is necessary in a democratic society in the interest of national security public
safety...
What does article 10 of the ECHR deal with? - ANSWER-Right to freedom of
expression and to share information and ideas across borders but qualified so as to
protect the privacy of individuals
What are the obligations imposed on EU member states as seen under the Data
Protection Directive 95/45/EC or the Data Protection Director or 'the Directive'? -
ANSWER-The Directive sets out general principles and leaves the member states
to implement these principles as they see fit. p 38
,What are the exceptions to the consent required for cookies under the e-Privacy
directive 2002/58/EC? - ANSWER-where 1) storage or access is for the sole
purpose of carrying out transmission of communication over an electronic network
and 2) strictly necessary for information service explicitly requested by user p 43
What is the most pertinent amendment to the e-Privacy Directive? - ANSWER-
Cookies require prior information and consent. p 43
When could a data controller collect data from 3rd parties without notification to
the data subjects under Data Protection Directive 95/49/EC? - ANSWER-A pre-
approved marketing effort. p 43.
Who makes sure directive are implemented properly by the member states? -
ANSWER-The European Commission. p 27-28
What institution adopts adequacy findings(by which non members are regarded as
providing adequate levels of data protections) for the European Union? -
ANSWER-The European Commission. p 29
Which directive or convention contains specific provisions for data breaches? -
ANSWER-The Privacy and Electronic Communications Directive. p 42
What is the exemption in the e-Privacy Directive 2002/58/EC allowing data
controllers to send electronic marketing information? - ANSWER-The recipients
are existing customers. p 43.
Under the Data Protection Directive (95/46/EC) what type of data subject is not
covered? - ANSWER-Legal persons would seem not to be but is not prohibited
either(and some local laws afford some protection) and also deceased individuals
, do not constitute 'natural persons' although in some member states (Italy) data
protection rules apply to deceased individuals under certain circumstances. p 63.
Name some of the conditions to be satisfied in order to process personal data in
line with European Data Protection concepts/principles. - ANSWER-Obtained and
processed fairly and lawfully, for legitimate purposes, adequate/relevant/not
excessive for purposes, accurate/up to date, preserved for no longer than required.
p 81
Name an incompatible purpose for processing data beyond originally specified
purpose. - ANSWER-Performance of a contract. If this were not true, then a mere
contract would allow processing data for any purpose. One exception is research p
87- specifically allowed p 85-86.
In the Data Protection Directive 95/46/EC what is "any freely given specific and
informed indication of his wishes by which the data subject signifies his agreement
to persona data relating to him being processed"? - ANSWER-Unambiguous
consent. p 94
Under Data Protection Directive 95/46/EC what info must be included in the
notification of data processing? - ANSWER-Name of the data controller
processing data and the purpose of the processing. p 109
If personal data is not obtained directly from the data subject when should fair
processing information be provided? - ANSWER-At the time personal data is
recorded or if disclosure to 3rd party contemplated then no later than at the time
data is first disclosed. p 111
When should a company respond to a former employee's request for his personal
information (email, etc.)? - ANSWER-ASAP-taking into account local data
protection rules. p 126
