Privacy / Level 1 / Correct answers

Scenario 1

Currently, we visit many websites and services over the Internet. Often it is easy to click on a button or a link which results in receiving unwanted advertising. By selecting appropriate options that should be offered by the websites, it is possible to avoid receiving unsolicited product or service information.

This is called…...


Opt-out option. Opt-out in this scenario means that you would rather not receive any material and you would like to opt-out of this. Services you visit should offer you this opportunity.

Scenario 2

Internet users are increasingly being tracked and profiled: this is tailoring online content, especially advertisements, to visitors based on their inferred interests. For example, a like button (such as the one used by Facebook) tracks users across sites; each time a user visits a site that contains a Facebook ‘Like’ button, the social networking site is informed about it even if the user does not click on this button.

This profiling practice carries some risks for the users among which a relevant one is…..


Risks for privacy and exclusion from services. Indeed, the way you use the web will be used to construct a detailed profile about you, which not only endangers your privacy, but may also lead to adverse consequences such as exclusion from services. 

Scenario 3

Recently you have created an account for a new Social Network website that is getting increasingly popular. When you created the account you were asked to agree to certain rules about how the website provider will treat your privacy and personal data.

What is the common name given to the document you agree with in cases like this?


Privacy policy. Indeed privacy policies are the common name of documents used by service providers in which they detail how your privacy is treated and how your data can be used by them. In privacy policies, service providers’ detail how they collect and manage user data and the document fulfils a legal obligation for data protection.

Scenario 4

The documents related with privacy and data protection you agree with when creating an account on an online service are usually called privacy policies. However, with privacy policies you can only expect that the proper treatment of your privacy depends on the good will of the service provider (e.g. the owner of the website). A better way to ensure your privacy would be that service providers embed privacy decisions directly in the technology itself rather than only in legal documents.

Embedding privacy decisions in technology goes by the name of….  


Privacy-by-Design. Privacy-by-Design is an approach that promotes privacy by ensuring that data protection safeguards are be built into products and services from the earliest stage of development of a software. The need for Privacy-by-Design is also addressed by the European Commission in their new proposal for a General Data Protection Regulation. See for more information the ENISA report Privacy and Data Protection by Design

Scenario 5

Whenever you use a digital device and for example browse the internet and visit websites, you leave behind small traces of your activities. These activities can be stored both in your device and also by the websites visited.

What is the common name given to these small traces?


Digital Footprints. Digital footprints are indeed traces that are left by users when they interact in digital environments and use digital devices. These footprints can be passive when these traces are collected by third parties without knowledge of the user. This could include for instance the time and day when you visited a specific website. Footprints can also be active when the user deliberately leave information, such as posts on a Social Network Website.

Scenario 6

Each year European Union Member States and European Institutions celebrate the Data Protection Day with the purpose to raise awareness and promote privacy and data protection.

What is the official date of the Data Protection Day each year?


28th of January. The Data Protection Day is celebrated each year on the 28th of January. This date is the anniversary of the signature of the Council of Europe's Convention 108, the first legally binding international instrument for data protection related to automatic processing of personal data. The document is available here:

See for more information also:

Furthermore, every year we celebrate Safer Internet Day in February and entire October is Cyber Security Month.

Scenario 7

According to the existing EU Regulation on Data Protection, and in particular Article 4 Scope of Data Protection, what is the name given to “any information relating to an identified or identifiable natural person”?


Personal Data. From the Glossary of the European Data Protection Supervisor:

The name and the social security number are two examples of personal data which relate directly to a person. But the definition also extends further and also encompasses for instance e-mail addresses and the office phone number of an employee.

Scenario 8

You have just received a brand new smartphone as a gift for your birthday. Now you have to get rid of your old phone, and you would like to recycle it, specifically give it to a charity that will reuse it.

For your privacy, it is advisable that you…


Wipe all the existing data such as pictures or contact numbers from the old phone. Before recycling an old phone, it is important to wipe all the personal data. This will ensure your privacy and that your information will not end up in the hands of unwanted third parties. One option for cleaning some of your personal data is to use the ‘factory reset tool’ of your smartphone. However, using the factory reset might not always be enough, see:

Scenario 9

You often enjoy checking your social media accounts while drinking a cappuccino at the local coffee shop. The shop has free open Wi-Fi and you can connect to it with your tablet. However, one of your friends told you that there might be dangers with such open networks.

What could these dangers be?


Personal and sensitive information can be stolen from my communications on the open Wi-Fi. There are various risks connected with using open Wi-Fi such as spoofing, with other people being able not only to see what pages you have opened, but also stealing personal and sensitive data. A further risk is that if infected computers are connected to this kind of network, they may attempt to infect your device as well.

Scenario 10

A Cloud storage is a way to keep your file saved on third parties services over the internet. Common examples are Hubic, Dropbox or Amazon Cloud Drive. You have been using your personal cloud storage to backup photographs but you are considering storing documents and some may contain personal information that you would like to keep secure and private, what steps can you take to ensure that this happens?

This specific right is called….


Encrypt files. This is the correct answer. The first question to ask is what kind of information is the personal information: names or emails addresses in documents would be fine, but storing any type of personal information for yourself or anyone else would not be appropriate, for example date of birth, Social Security Number, passport numbers should not be stored. If you need to store documents on your cloud storage the most secure way is to encrypt your files. If you hold the encryption key, no one else will be able to decrypt your files and therefore read or use your personal information.