CIPP/E Exam Questions and Answers |
Comprehensive Study with Detailed
Explanations | Grade A+
• What is the CLOUD Act? -✓✓Clarifying Lawful Overseas Use of Data
• What are main points of CLOUD Act? -✓✓1. Applies to information anywhere
in the world if data is in the "possession, custody or control" of the recipient of the
warrant.
2. A recipient can seek to quash the subpoena if it can show that the affected
individual is not a United States person and that the required disclosure of that
individual's data would violate the laws of a "qualifying foreign government".
3. Third, requires courts considering a motion to quash to conduct a comity
analysis.
• What is a "qualifying foreign government" under the CLOUD Act? -✓✓Those
who have signed an executive agreement with the United States to cooperate in
cross-border data access. To qualify, a foreign government would need the
approval of the State Department and the U.S. Department of Justice. They would
also have to agree to adhere to significant substantive and procedural privacy and
civil liberties protections.
• What factors are considered in a comity analysis under the CLOUD Act? -✓✓1.
Location of the target
2. Nationalities involved
3. Alternative avenues to the data
4. Interests of the United States
5. Interests of the foreign sovereign
• What are the 6 European Institutions -✓✓1. Council of Europe
2. European Court of Human Rights
3. European Parliament
4. European Commission
5. European Council
6. European Court of Justice
,• What is the legislative Framework for EU Privacy? -✓✓1. The Council of Europe
Convention for the Protection of Individuals with Regard to the Automatic
Processing of Personal Data of 1981 (CoE Convention)
2. EU Data Protection Directive (95/46/EC)
3. EU Directive on Privacy and Electronic Communications (2002/58/EC), as
amended
4. EU Directive on Electronic Commerce (2000/31/EC)
5. European data retention regimes
6. GDPR
• What are the 6 data protection principles -✓✓1. Fairness and lawfulness
2. Purpose limitation
3. Proportionality
4. Accuracy
5. Storage limitation
6. Integrity and confidentiality
• What are the 5 Legitimate Processing Criteria? -✓✓1. Consent
2. Contractual necessity
3. Legal obligation, vital interests, public interests
4. Legitimate interests
5. Special categories of processing
• What are 7 Data Subject Rights? -✓✓1. Access
2. Rectification
3. Erasure and Right to be Forgotten
4. Restriction and objection
5. Automated decision making, including profiling
6. Data portability
7. Restrictions
• What is the Treaty of Lisbon? -✓✓"On 13 December 2007, the Treaty of Lisbon
('Lisbon Treaty') was signed by the EU member states; it became effective 1
December 2009. Its main aim is to strengthen and improve the core structures of
the European Union to enable it to function more efficiently."
• Article 1 -✓✓Subject matter and objectives
• Article 2 -✓✓Material scope
,• Article 3 -✓✓Territorial scope
• Article 4 -✓✓Definitions
• Article 5 -✓✓Principles relating to processing of personal data
• Article 6 -✓✓Lawfulness of processing
• Article 7 -✓✓Conditions for consent
• Article 8 -✓✓Conditions applicable to child's consent in relation to information
society services
• Article 9 -✓✓Processing of special categories of personal data
• Article 10 -✓✓Processing of personal data relating to criminal convictions and
offenses
• Article 11 -✓✓Processing which does not require identification
• GDPR, Chapter 2 -✓✓Principles
• GDPR, Chapter 3 -✓✓Rights of the Data Subject
• GDPR, Chapter 1 -✓✓General Provisions
• Article 12 -✓✓Transparent information, communication and modalities for the
exercise of the rights of the data subject
• Article 13 -✓✓Information to be provided where personal data are collected from
the data subject
• Article 14 -✓✓Information to be provided where personal data have not been
obtained from the data subject
• Article 15 -✓✓Right of access by the data subject
, • Article 16 -✓✓Right to rectification
• Article 17 -✓✓Right to erasure
• Article 18 -✓✓Right to restriction of processing
• Article 19 -✓✓Notification obligation regarding rectification or erasure of
personal data or restriction of processing
• Article 20 -✓✓Right to data portability
• Article 21 -✓✓Right to object
• Article 22 -✓✓Automated individual decision-making, including profiling
• Article 23 -✓✓Restrictions
• Article 24 -✓✓Responsibility of the controller
• Article 25 -✓✓Data protection by design and by default
• Article 26 -✓✓Joint controllers
• Article 27 -✓✓Representatives of controllers or processors not established in the
union
• Article 28 -✓✓Processor
• Article 29 -✓✓Processing under the authority of the controller or processor
• Article 30 -✓✓Records of processing activities
• Article 31 -✓✓Cooperation with the supervisory authority
• Article 32 -✓✓Security of processing
Comprehensive Study with Detailed
Explanations | Grade A+
• What is the CLOUD Act? -✓✓Clarifying Lawful Overseas Use of Data
• What are main points of CLOUD Act? -✓✓1. Applies to information anywhere
in the world if data is in the "possession, custody or control" of the recipient of the
warrant.
2. A recipient can seek to quash the subpoena if it can show that the affected
individual is not a United States person and that the required disclosure of that
individual's data would violate the laws of a "qualifying foreign government".
3. Third, requires courts considering a motion to quash to conduct a comity
analysis.
• What is a "qualifying foreign government" under the CLOUD Act? -✓✓Those
who have signed an executive agreement with the United States to cooperate in
cross-border data access. To qualify, a foreign government would need the
approval of the State Department and the U.S. Department of Justice. They would
also have to agree to adhere to significant substantive and procedural privacy and
civil liberties protections.
• What factors are considered in a comity analysis under the CLOUD Act? -✓✓1.
Location of the target
2. Nationalities involved
3. Alternative avenues to the data
4. Interests of the United States
5. Interests of the foreign sovereign
• What are the 6 European Institutions -✓✓1. Council of Europe
2. European Court of Human Rights
3. European Parliament
4. European Commission
5. European Council
6. European Court of Justice
,• What is the legislative Framework for EU Privacy? -✓✓1. The Council of Europe
Convention for the Protection of Individuals with Regard to the Automatic
Processing of Personal Data of 1981 (CoE Convention)
2. EU Data Protection Directive (95/46/EC)
3. EU Directive on Privacy and Electronic Communications (2002/58/EC), as
amended
4. EU Directive on Electronic Commerce (2000/31/EC)
5. European data retention regimes
6. GDPR
• What are the 6 data protection principles -✓✓1. Fairness and lawfulness
2. Purpose limitation
3. Proportionality
4. Accuracy
5. Storage limitation
6. Integrity and confidentiality
• What are the 5 Legitimate Processing Criteria? -✓✓1. Consent
2. Contractual necessity
3. Legal obligation, vital interests, public interests
4. Legitimate interests
5. Special categories of processing
• What are 7 Data Subject Rights? -✓✓1. Access
2. Rectification
3. Erasure and Right to be Forgotten
4. Restriction and objection
5. Automated decision making, including profiling
6. Data portability
7. Restrictions
• What is the Treaty of Lisbon? -✓✓"On 13 December 2007, the Treaty of Lisbon
('Lisbon Treaty') was signed by the EU member states; it became effective 1
December 2009. Its main aim is to strengthen and improve the core structures of
the European Union to enable it to function more efficiently."
• Article 1 -✓✓Subject matter and objectives
• Article 2 -✓✓Material scope
,• Article 3 -✓✓Territorial scope
• Article 4 -✓✓Definitions
• Article 5 -✓✓Principles relating to processing of personal data
• Article 6 -✓✓Lawfulness of processing
• Article 7 -✓✓Conditions for consent
• Article 8 -✓✓Conditions applicable to child's consent in relation to information
society services
• Article 9 -✓✓Processing of special categories of personal data
• Article 10 -✓✓Processing of personal data relating to criminal convictions and
offenses
• Article 11 -✓✓Processing which does not require identification
• GDPR, Chapter 2 -✓✓Principles
• GDPR, Chapter 3 -✓✓Rights of the Data Subject
• GDPR, Chapter 1 -✓✓General Provisions
• Article 12 -✓✓Transparent information, communication and modalities for the
exercise of the rights of the data subject
• Article 13 -✓✓Information to be provided where personal data are collected from
the data subject
• Article 14 -✓✓Information to be provided where personal data have not been
obtained from the data subject
• Article 15 -✓✓Right of access by the data subject
, • Article 16 -✓✓Right to rectification
• Article 17 -✓✓Right to erasure
• Article 18 -✓✓Right to restriction of processing
• Article 19 -✓✓Notification obligation regarding rectification or erasure of
personal data or restriction of processing
• Article 20 -✓✓Right to data portability
• Article 21 -✓✓Right to object
• Article 22 -✓✓Automated individual decision-making, including profiling
• Article 23 -✓✓Restrictions
• Article 24 -✓✓Responsibility of the controller
• Article 25 -✓✓Data protection by design and by default
• Article 26 -✓✓Joint controllers
• Article 27 -✓✓Representatives of controllers or processors not established in the
union
• Article 28 -✓✓Processor
• Article 29 -✓✓Processing under the authority of the controller or processor
• Article 30 -✓✓Records of processing activities
• Article 31 -✓✓Cooperation with the supervisory authority
• Article 32 -✓✓Security of processing
