Questions & Answers PDF Page 1

IAPP
CIPP-E Exam
Certified Information Privacy Professional/Europe

Thank you for Downloading CIPP-E exam PDF Demo

You can also try our CIPP-E practice exam software
Download Free Demo
https://www.pass4future.com/CIPP-E.html

https://www.Pass4Future.com
Questions & Answers PDF Page 2

Version: 8.0

Question: 1

Which statement is correct when considering the right to privacy under Article 8 of the European
Convention on Human Rights (ECHR)?

A. The right to privacy is an absolute right

B. The right to privacy has to be balanced against other rights under the ECHR
C. The right to freedom of expression under Article 10 of the ECHR will always override the right to
privacy
D. The right to privacy protects the right to hold opinions and to receive and impart ideas without
interference

Answer: B
Explanation:

Article 8 of the ECHR protects the right to respect for private and family life, home and
correspondence. However, this right is not absolute and can be subject to limitations by a public
authority in accordance with the law and for a legitimate aim. The European Court of Human Rights
(ECtHR) has developed a two-stage test to determine whether such limitations are justified. First, the
court must examine whether there is a legitimate aim pursued by the public authority, such as
national security, public safety or the prevention of crime. Second, the court must assess whether
the means used by the public authority are appropriate and necessary to achieve that aim, taking
into account all relevant factors such as proportionality, necessity and less restrictive alternatives12.
Therefore, the right to privacy is not an absolute right but a qualified one that has to be balanced
against other rights under the ECHR. Reference:
Article 8 - Protection of personal data
Your right to respect for private and family life
Right to respect for private and family life
Guide on Article 8 of the European Convention on Human Rights
European Convention on Human Rights - Article 8

Reference: https://www.echr.coe.int/Documents/Guide_Art_8_ENG.pdf (15)

Question: 2

What is one major goal that the OECD Guidelines, Convention 108 and the Data Protection Directive
(Directive 95/46/EC) all had in common but largely failed to achieve in Europe?

A. The establishment of a list of legitimate data processing criteria

B. The creation of legally binding data protection principles

https://www.Pass4Future.com
Questions & Answers PDF Page 3

C. The synchronization of approaches to data protection

D. The restriction of cross-border data flow

Answer: C
Explanation:

The OECD Guidelines, Convention 108 and the Data Protection Directive (Directive 95/46/EC) all
aimed to harmonize the national data protection laws of the member states of the European
Economic Community (EEC) and to establish a common framework for the protection of personal
data. However, they largely failed to achieve this goal due to several reasons, such as:
The lack of political will and commitment from the member states to implement the directives fully
and consistently12.
The divergent interpretations and applications of the directives by different national authorities,
courts and regulators12.
The emergence of new technologies and challenges that required new or updated legal solutions,
such as electronic communications, cookies, biometrics, cloud computing, etc12.
The influence of other regional or international initiatives that addressed some aspects of data
protection differently or in conflict with the directives, such as the US Privacy Shield Framework3.
Reference: 1: Free CIPP/E Study Guide - International Association of Privacy Professionals 2: CIPP/E
Certification - International Association of Privacy Professionals 3: Schrems II: A Critical Analysis -
European Data Protection Board

Reference: https://ico.org.uk/media/about-the-ico/documents/1042349/review-of-eu-dp-
directive.pdf (99)

Question: 3

A key component of the OECD Guidelines is the “Individual Participation Principle”. What parts of the
General Data Protection Regulation (GDPR) provide the closest equivalent to that principle?

A. The lawful processing criteria stipulated by Articles 6 to 9

B. The information requirements set out in Articles 13 and 14
C. The breach notification requirements specified in Articles 33 and 34
D. The rights granted to data subjects under Articles 12 to 22

Answer: D
Explanation:

: The Individual Participation Principle is one of the Fair Information Practice Principles (FIPPs) that
are not part of any legal framework, but are widely adopted by many data privacy regulations in
force today1. The FIPPs are a set of guidelines for fair information practices that aim to protect the
privacy and security of personal information. The Individual Participation Principle holds that
individuals have a number of rights, including the right to have their personal data corrected or
erased, the right to access and obtain confirmation of their personal data, the right to be informed
about how their personal data is used and who it is shared with, and the right to object or withdraw
consent for certain purposes2.

https://www.Pass4Future.com
Questions & Answers PDF Page 4

The General Data Protection Regulation (GDPR) is a legal framework that implements the European
Union’s (EU) Data Protection Directive and provides comprehensive protection for all individuals
within the EU regarding their personal data. The GDPR grants individuals a number of rights, such as
the right to access, rectify, erase, restrict, port, object, or not be subject to automated decision-
making based on their personal data. These rights are similar to those under the FIPPs and can be
found in Articles 12 to 22 of the GDPR.
Therefore, the parts of the GDPR that provide the closest equivalent to the Individual Participation
Principle are Articles 12 to 22.
Reference:
OECD Privacy Principles
What are the 7 main principles of GDPR?
Fair Information Practice Principles (FIPPs)
Individual Participation - International Association of Privacy Professionals
What is the right to be forgotten? | Right to erasure | Cloudflare
General Data Protection Regulation - Wikipedia

Question: 4

Which EU institution is vested with the competence to propose new data protection legislation on its
own initiative?

A. The European Council

B. The European Parliament

C. The European Commission
D. The Council of the European Union

Answer: C
Explanation:

According to the CIPP/E study guide1, the European Commission is the EU institution that has the
power to propose new data protection legislation on its own initiative, as well as amend or repeal
existing laws. The European Commission is also responsible for implementing and enforcing the EU
data protection framework, in cooperation with other institutions and national authorities.
Reference: 1: Free CIPP/E Study Guide - International Association of Privacy Professionals

Reference: https://www.tandfonline.com/doi/full/10.1080/13600834.2019.1573501

Question: 5

What is an important difference between the European Court of Human Rights (ECHR) and the Court
of Justice of the European Union (CJEU) in relation to their roles and functions?

A. ECHR can rule on issues concerning privacy as a fundamental right, while the CJEU cannot.
B. CJEU can force national governments to implement and honor EU law, while the ECHR cannot.
C. CJEU can hear appeals on human rights decisions made by national courts, while the ECHR cannot.

https://www.Pass4Future.com
Questions & Answers PDF Page 5

D. ECHR can enforce human rights laws against governments that fail to implement them, while the
CJEU cannot.

Answer: B
Explanation:

The ECHR and the CJEU are part of two different legal systems: the Council of Europe and the
European Union, respectively. The ECHR is a treaty that guarantees human rights and fundamental
freedoms to individuals within the jurisdiction of its 47 member states. The CJEU is the judicial
branch of the EU that ensures the uniform interpretation and application of EU law within its 27
member states. The ECHR can only hear complaints from individuals or states alleging violations of
the rights enshrined in the convention, and it can only issue judgments that are binding on the
respondent state. The CJEU, on the other hand, can hear cases from individuals, states, EU
institutions, or national courts on any matter of EU law, and it can issue rulings that are binding on all
EU member states and institutions. The CJEU can also impose sanctions or penalties on states that
fail to comply with its judgments or EU law in general. Therefore, the CJEU has more power and
authority to enforce EU law than the ECHR has to enforce human rights law. Reference: CIPP/E
Certification, ECHR and the CJEU, The UK, the EU and a British Bill of Rights

https://www.Pass4Future.com
Questions & Answers PDF Page 6

Thank You for trying CIPP-E PDF Demo

To try our CIPP-E practice exam software visit link below

https://www.pass4future.com/CIPP-E.html

Start Your CIPP-E Preparation

Use Coupon “20OFF” for extra 20% discount on the purchase of
Practice Test Software. Test your CIPP-E preparation with actual
exam questions.

https://www.Pass4Future.com