Dear readers, welcome to a quiz format in a class of its own. In the gleaming spotlight of your desktop and before the sparkling eyes of your robot vacuum cleaner, your knowledge will be put through its paces in just a few seconds. The topic: data protection. Don't worry, there's no time limit or know-it-all opponents. You even have the answers to check under each question. The only reason to break a spontaneous sweat is the all-important final result: data protection hero or zero. Who are you? Answer questions 1 to 5 and find out!
What is a "data controller" according to the GDPR?
A "controller" is any natural or legal person, public authority or agency which alone or jointly with others determines the purposes and means of the processing of personal data. Any controller must be able to demonstrate, taking into account the nature, purpose or scope of the data collected, that the processing is carried out in accordance with the GDPR. A processing sometimes means the collection, recording, storage, adaptation or use of information.
What is personal data and when can it be legally processed?
Personal data is all that information which relates to identified or identifiable natural persons. Examples include, but are not limited to, name, date of birth, email and IP address, or video and audio recordings. The processing of personal data is only lawful if at least one of the following conditions is met:
The consent of the user is available
Processing is necessary for the performance of a contract or legal obligation
The processing is necessary for the protection of vital interests
Processing is necessary for the performance of a task carried out in the public interest
Processing is necessary for the purposes of the legitimate interests of the controller or a third party
Why does the TTDSG play such an important role with regard to smart homes?
The Telecommunications Telemedia Data Protection Act (TTDSG) is the national implementation of the ePrivacy Directive and has been in force since December 1, 2021. Article 25 is entitled "Protection of privacy in terminal equipment" and regulates the storage of and access to information on terminal equipment. The term "terminal equipment" includes all devices that communicate via telecommunications services such as WLAN and LAN, among others. This means that smartphones as well as a smart vacuum cleaner robot or the smart light bulb in the bathroom fall within the scope of this law. Specifically, the storage of information in the end user's terminal equipment or access to information already stored in the terminal equipment is only permitted if the end user has given his/her consent on the basis of clear and comprehensive information. This rule applies regardless of whether this is personal or non-personal data.
Why may dark patterns not be used to obtain consent?
Dark patterns are used on online interfaces of platforms and serve to manipulate users. Online interfaces are the point of contact between the operator/provider and the visitors of a website and appear, among other things, in the form of a cookie banner. Dark patterns aim to restrict people's ability to make free and informed choices or decisions. The Digital Services Act explicitly addresses dark patterns for the first time. According to the regulation, online platforms should not be allowed to deceive users through the structure, design or function of an online interface. This includes, among other things, design patterns that favor the provider of an online platform at the expense of the users by misleading them. These design patterns include, among others, selection options that are made more prominent by means of visual, acoustic or other elements and thus influence decision-making behavior.
What are the benefits of consent management platforms for companies?
Consent management platforms enable smart home companies to obtain consent from users, enforce it on their devices, and document it for data protection authorities. Therefore, consent management makes it possible to:
to fully exploit the potential of smart home data, because a basis for legally compliant data collection is available.
to build up trust and a privacy image and no longer differentiate by price alone.
to collect data within a legal framework and avoid fines and injunctions.
0-1 questions answered correctly = privacy zero
2-3 questions answered correctly = privacy sidekick
4-5 questions answered correctly = privacy hero
Partner & Sales Manager: Paul Jelenik
Mobile: +43 676 4636255