What is cloud computing?
On-demand access to computing resources hosted on another computer.
Examples: Amazon Web Services (AWS) or Google Cloud
What are the advantages of cloud computing?
- Cost savings
- Scalability
- Ease of management
What are the 3 main cloud computing models?
- Infrastructure as a Service (IaaS)
- Platform as a Service (PaaS)
- Software as a Service (SaaS)
What is Infrastructure as a Service?
(IaaS)
- Physical infrastructure provided by a third party
- Full control by subscriber
What is Platform as a Service?
(PaaS)
- Development platform provided to build applications
- Mostly used by developers
What is Software as a Service?
(SaaS)
- Web-based applications accessed online
- Managed by a third party
- Typically no download required
What must a cloud contract include according to GDPR?
- Processing description
- Confidentiality
- Security
- Breach notification
- DSR/DPIA support
- Data deletion
- Audits
What are additional cloud service requirements beyond the contract?
- Customer assurance of compliance
- Indemnification for misuse
- Shielding provider from customer obligations
What is the EU Cloud Code of Conduct?
- A DPA-approved framework for B2B cloud processors
- Not valid for B2C or third-country transfers
What information must users be given about cookies?
- Expiration date
- Third-party access
- Processing purpose
- Controller identity
What is the difference between first-party and third-party cookies?
- First-party: set by website operator
- Third-party: set by external entity
Each is a controller.
What is an IP address?
- A unique numerical label assigned to every device on a network
- Allows data routing
- Can reveal ISP and location
What are the 2 types of IP addresses?
- Static (does not change)
- Dynamic (changes periodically)
Why can an IP address be considered personal data?
Because it can be combined with other data to identify an individual.
What is a search engine?
A software tool that helps users find information by searching and indexing web pages and other content.
What types of data are processed by search engines?
- IP address, cookies
- User logs (e.g., search history, ad clicks)
- Indexed sites
What is social media?
An interactive online platform allowing users to create, share, and engage with content and connect with others.
Who are the key actors in SMP controllership according to EDPB Guidelines 08/2020?
- Social media platforms
- Third-party service providers
- Advertisers
- Users
When does the GDPR household exemption not apply to SMP users?
When content is uploaded on behalf of an organization or access is knowingly extended beyond selected contacts.
What are the obligations of joint controllers on social media platforms?
- Define responsibilities
- Share information
- Inform data subjects of the essence of the arrangement
What does the EDPB recommend regarding data subject access on SMPs?
Data subjects should have direct, remote access to their personal data.
What does GDPR Article 8(1) require for processing children’s data?
Parental consent for children under 16.
Or lower, down to 13, depending on member state
What is the UK’s Children’s Code?
- The Age-Appropriate Design Code
- Sets data protection and design standards for services targeting children
How does targeted online advertising work?
It aggregates user behavior data to:
- Identify patterns
- Build profiles
- Infer traits
- Predict future behaviors
-
Early Data Protection Laws74
-
EU Institutions & Other Data Protection Laws94
-
Personal Data & Controller-Processor Relationship55
-
Risk Management & Data Subject Rights106
-
Data Processing Principles & Special Categories of Data69
-
Fair Processing Information & Third Country Data Transfers53
-
Territorial and Material Scope & Accountability56
-
Self-regulation & the European Data Protection Board63
-
Employee Data34
-
Surveillance and Direct Marketing64
-
Important Technology Concepts42
