International Commercial Law - Digital Trade and Data Protection

Can you answer these practice questions about international commercial law? Good luck!

Based on a course by Andreas von Goldbeck.

Quiz by

Rate:

Last updated: October 12, 2024

You have not attempted this quiz yet.

More quiz info >>

First submitted	October 12, 2024
Times taken	7
Average score	60.0%
Report this quiz	Report

Quiz and answer stats >>

Friends stats >>

3:00

The quiz is paused. You have remaining.

Scoring
You scored / = %

    This beats or equals
    % of test takers
    also scored 100%
    
The average score is 

      Your high score is
      
    
Your fastest time is 
more stats >>
friends stats >>

Keep scrolling down for answers and more stats ...

1. OceanCorp, a U.S.-based e-commerce company, handles significant volumes of personal data from European customers. Following the Schrems II decision, the company can no longer rely on the Privacy Shield for transferring data between the U.S. and the EU. OceanCorp decides to use Standard Contractual Clauses (SCCs) instead, but its legal team is unsure whether the SCCs provide sufficient protection given U.S. government surveillance practices. What must OceanCorp ensure to comply with GDPR when using SCCs to transfer personal data from the EU to the U.S.?

Following the Schrems II decision, companies must implement additional measures beyond SCCs if there are concerns about foreign surveillance. They must ensure that the data transferred is protected in compliance with EU standards.

The SCCs must be signed by both the data exporter and the importer, and the U.S. must implement equivalent data protection laws as the EU.

The SCCs must include specific guarantees for protecting personal data from government surveillance in line with EU standards, and additional measures may be necessary.

OceanCorp can use SCCs without worrying about U.S. surveillance laws, as they are automatically considered sufficient under EU law.

OceanCorp must shift all data processing operations to the EU to comply with GDPR fully.

2. FinData, a fintech company, develops an AI-driven credit scoring tool. The system processes vast amounts of customer data, including personal financial histories, to generate accurate predictions. However, the company faces challenges complying with the GDPR’s principle of data minimization, as the AI requires large datasets to function effectively. Which of the following strategies can FinData employ to ensure GDPR compliance while still leveraging AI?

Pseudonymization is a technique that allows AI systems to use data while reducing risks of privacy violations, as it masks personal data but still allows processing under GDPR.

Continue processing all available data, as AI systems are exempt from the GDPR’s data minimization principle due to their complexity.

Use pseudonymization techniques to anonymize personal data while retaining its usefulness for AI processing.

Limit the data collection to only structured financial data and ignore unstructured data to minimize compliance risks.

Store data indefinitely to allow the AI to refine its predictions over time without violating GDPR’s purpose limitation.

3. SecureNet, a blockchain-based company, stores personal transaction data on a decentralized, immutable ledger. A customer from the EU requests that SecureNet delete their personal data in accordance with GDPR’s “Right to Be Forgotten.” However, due to the blockchain’s immutability, SecureNet cannot directly alter the recorded data. How can SecureNet address this request while remaining compliant with GDPR?

To reconcile blockchain’s immutability with GDPR’s “Right to Be Forgotten,” companies can store personal data off-chain while storing a cryptographic hash on the blockchain. This allows data modification or deletion off-chain.

Inform the customer that data stored on a blockchain cannot be deleted and refuse the request.

Use off-chain storage for personal data and store only cryptographic hashes on the blockchain, ensuring compliance with GDPR.

Transfer the customer’s data to a different blockchain that allows for deletion to comply with the request.

Encrypt the personal data on the blockchain and destroy the encryption keys to render the data inaccessible without altering the blockchain.

4. TechHire, an AI-powered recruitment platform, uses machine learning algorithms to screen job applicants. It has been reported that the AI system tends to favor male candidates over female candidates because the training data primarily consisted of male resumes. This raises concerns about potential discrimination. What should TechHire do to address the bias in its AI system while complying with data protection regulations?

TechHire must address bias by retraining its AI system with a more balanced dataset. This reduces the risk of discriminatory outcomes and aligns with legal and ethical obligations under data protection laws.

Allow the AI to continue operating without changes, as any modifications could disrupt the recruitment process.

Retrain the AI model using more diverse datasets to reduce bias and ensure fairness in decision-making.

Inform candidates that AI decision-making is inherently biased and offer manual review options for female applicants only.

Remove the AI system entirely, as AI use in hiring violates GDPR’s data protection principles.

5. GlobalBank introduces an AI-driven credit scoring system that makes automated decisions on loan approvals. An applicant who was denied a loan requests more information about how the decision was made and asks for the decision to be reviewed by a human. Which of the following rights under GDPR applies to this situation?

GDPR grants individuals the right to request human intervention in decisions made solely by automated systems, especially when such decisions have legal or significant effects on them.

The right to data portability, allowing the applicant to request a copy of the AI model used.

The right to rectification, which requires GlobalBank to adjust the applicant’s credit score upon request.

The right to be informed, requiring GlobalBank to provide clear information on how the AI decision was made.

The right not to be subject to a decision based solely on automated processing, allowing the applicant to request human intervention.

Your Next Quiz

• US States Quiz

• NBA Basketball Teams Quiz

• NATO Military Alphabet

• World Languages by Clue #2

Comments

No comments yet

Countries of the World Quiz

US States Quiz

12 Months in 15 Seconds

World Capitals Quiz

US States by Borders in 30 Seconds

NBA Basketball Teams Quiz

Countries by First Two Letters in 90 Seconds

Random Capital to Country

Countries by First and Last Two Letters

Original 151 Pokémon

NBA MVPs Quiz

Countries that Start with G

Africa Capitals Quiz

All Major North American Pro Sports Teams

Flags of Europe Quiz

Save Your Progress

Quiz series by baptistegorce

International Commercial Law - Advanced Topics in International Commercial Arbitration

International Commercial Law - Contract Law in International Commerce

International Commercial Law - Corporate Social Responsibility and Sustainability

...

International Commercial Law - European Law and Its Impact on Business

International Commercial Law - International Law and Global Commerce

International Commercial Law - Introduction to Key Themes