A resource for privacy and data protection law

Privacy Test Prep is a free resource for individuals studying for privacy and data protection certification exams, and for those seeking to learn more about the field of privacy and data protection laws and understand their rights as data subjects.

CIPP

CIPP-E

Outlines for the CIPP/E certification exam administered by the IAPP.

  • Rationale for data protection

    Background and Rationale: The notion of privacy and invasion of one’s private space have existed in the human consciousness for a long time. In 1890, Samuel Warren and Justice Louis Brandeis framed a common law right to privacy for the first time in an essay titled, “The Right to Privacy“. This was the first time […]

    Read now
  • Personal data

    Key References Art. 4(1) Key elements Recital 26 Recital 27 Recital 30 Patrick Breyer v. Bundesrepublik Deutschland (In Case C‑582/14)

    Read now
  • Controller

    Controller Key References: Art. 4(7) on definition of controller: Art. 26.1: Where two or more controllers jointly determine the purposes and means of processing, they shall be joint controllers. GDPR Obligations and requirements for controllers: Guidance, Cases, Judgments on the concept of controller “a natural or legal person who exerts influence over the processing of personal […]

    Read now
  • Processor

    Processor Key References: GDPR Art. 4(8) definition GDPR Arts. 27-28, 32-33 GDPR Art. 30 (ROPA requirements) Accountability obligations In the matter of WhatsApp Ireland Limited (DPC Inquiry Reference: IN-18-12-2) Breaking down the definition of processor under Art. 4(8): a natural or legal person, public authority, agency or other body which processes personal data on behalf of […]

    Read now
  • Establishment in the EU

    Key References: Art. 3(1) Recital 22 EDPB Guidelines 3/2018 on the territorial scope of the GDPR (Article 3)  Significant cases: Google v Spain, Weltimmo v NAIH, VKI v Amazon Breaking down the definition of Art. 3(1): This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the […]

    Read now
View All

Case Law

Decisions from the CJEU, ECtHR, and other tribunals.

  • CJEU Case (Digital Rights Ireland) invalidating the EU Data Retention Directive

    Tldr: In Digital Rights Ireland Ltd v Minister for Communications, Marine and Natural Resources and Ors, the CJEU ruled that the EU Data Retention Directive (2006/24/EU) was invalid for violating Articles 7 and 8 of the Charter of Fundamental Rights of the European Union. The broadly framed Directive failed the necessity/proportionality test. Facts of the case: […]

    Read now
View All
top