What is one major goal that the OECD Guidelines, Convention 108 and the Data Protection Directive
(Directive 95/46/EC) all had in common but largely failed to achieve in Europe?
Correct Answer: C
Explanation:
The OECD Guidelines, Convention 108 and the Data Protection Directive (Directive 95/46/EC) all
aimed to harmonize the national data protection laws of the member states of the European
Economic Community (EEC) and to establish a common framework for the protection of personal
data. However, they largely failed to achieve this goal due to several reasons, such as:
The lack of political will and commitment from the member states to implement the directives fully
and consistently12.
The divergent interpretations and applications of the directives by different national authorities,
courts and regulators12.
The emergence of new technologies and challenges that required new or updated legal solutions,
such as electronic communications, cookies, biometrics, cloud computing, etc12.
The influence of other regional or international initiatives that addressed some aspects of data
protection differently or in conflict with the directives, such as the US Privacy Shield Framework3.
Reference: 1: Free CIPP/E Study Guide - International Association of Privacy Professionals 2: CIPP/E
Certification - International Association of Privacy Professionals 3: Schrems II: A Critical Analysis -
European Data Protection Board
Question 2
A key component of the OECD Guidelines is the “Individual Participation Principle”. What parts of the
General Data Protection Regulation (GDPR) provide the closest equivalent to that principle?
Correct Answer: D
Explanation:
: The Individual Participation Principle is one of the Fair Information Practice Principles (FIPPs) that
are not part of any legal framework, but are widely adopted by many data privacy regulations in
force today1. The FIPPs are a set of guidelines for fair information practices that aim to protect the
privacy and security of personal information. The Individual Participation Principle holds that
individuals have a number of rights, including the right to have their personal data corrected or
erased, the right to access and obtain confirmation of their personal data, the right to be informed
about how their personal data is used and who it is shared with, and the right to object or withdraw
consent for certain purposes2.
The General Data Protection Regulation (GDPR) is a legal framework that implements the European
Union’s (EU) Data Protection Directive and provides comprehensive protection for all individuals
within the EU regarding their personal data. The GDPR grants individuals a number of rights, such as
the right to access, rectify, erase, restrict, port, object, or not be subject to automated decision making based on their personal data. These rights are similar to those under the FIPPs and can be
found in Articles 12 to 22 of the GDPR.
Question 3
Through a combination of hardware failure and human error, the decryption key for a bank's
customer account transaction database has been lost. An investigation has determined that this was
not the result of hacking or malfeasance, simply an unfortunate combination of circumstances.
Which of the following accurately indicatesthe nature of thisincident?
Correct Answer: D
Explanation:
A data breach is broadly defined as any incident that leads to the unauthorized access, disclosure,
alteration, or destruction of personal data. While options A and B might seem plausible at first
glance, they focus on a narrow interpretation of a breach.
The key here is the loss of confidentiality and/or integrity. Even though no one has actively stolen the
data, the bank can no longer guarantee the confidentiality of the information, nor can it ensure the
integrity of the data since it cannot be accessed or modified securely. This constitutes a loss of
control over the data and thus qualifies as a data breach.
Reference:
IAPP CIPP/E textbook, Chapter 5: Data Breach Notification (specifically, the definition of a personal
data breach)
GDPR Article 4(12) - Definition of a personal data breach
Demo Practice Mode
You are viewing only the questions marked as Demo.