I.

True or False

1. ______An individual's email address is considered personal data under the

GDPR.
2. ______Information about an individual's hobbies and interests is not
considered personal data.
3. ______An individual's social security number or national identification
number is sensitive personal data.
4. ______Data about an individual's race or ethnic origin is classified as special
category personal data under the GDPR.
5. ______A
T
person's biometric data, such as fingerprints or facial recognition
data, is considered personal data.
6. ______Information
F
about an individual's current job title and employer is
not considered personal data.
7. ______The unique device identifier (UDID) of a mobile device is
F

considered personal data under the GDPR.

8. Data about an individual's religious beliefs is not subject to special
protections under the GDPR.
9. ______A
T
person's browsing history and online search queries are considered
personal data when they can be linked to an identifiable individual.
10.______Data about an individual's physical or mental health, such as medical
records, is considered sensitive personal data under the GDPR.

II. True or False about special types of personal data

1. ______Data related to an individual's racial or ethnic origin is considered

special category personal data under the GDPR.
2. ______Information about an individual's political opinions is not considered
sensitive personal data.
3. ______Genetic data, such as DNA profiles, is classified as special category
personal data.
4. ______The religious beliefs of an individual are not subject to special
protections under the GDPR.
5. ______Data concerning an individual's sexual orientation is considered
special category personal data.
6. ______Information about an individual's criminal convictions and offenses
is not considered sensitive personal data.
7. ______Biometric data, such as fingerprints or facial recognition data, is not
categorized as special category personal data.
8. ______Medical records and health-related information are examples of
special category personal data under the GDPR.
9. ______Data related to an individual's trade union membership is not
considered sensitive personal data.
10.______Details about an individual's past or future sexual activities or
preferences are not protected as special category personal data.

III. Quiz

1. Under the GDPR, ________ data is considered a special category of

personal data that requires additional protection due to its sensitive nature.
2. Special category data includes information such as racial or ethnic origin,
political opinions, religious or philosophical beliefs, trade union
membership, genetic data, biometric data for the purpose of uniquely
identifying an individual, health data, and data concerning a person's
________ life.
3. Processing of special category data is generally prohibited unless one of the
________ conditions set out in Article 9 of the GDPR applies.
4. One of the conditions for processing special category data is explicit
________ consent, which must be freely given, specific, informed, and
unambiguous.
5. Special category data can also be processed when it is necessary for
________ purposes, such as for the provision of healthcare or social
protection.
6. Data controllers must implement ________ measures to protect special
category data, as it is particularly sensitive and requires enhanced security.
 7. Organizations processing special category data must conduct ________
impact assessments to evaluate and mitigate risks associated with the
processing.
8. Violations of the GDPR's rules regarding special category data can result in
________ fines and penalties.

Terms:
Special category, sexual, personal, legal, written, health, security, data protection,
substantial

IV. Special types of personal data under GDPR

Special types of Indicators Give example

personal data
under GDPR
personal data - Name or surname
revealing racial - Language spoken
or ethnic origin - Geographic location
- Photographs or visual
information
- Social media activity
personal data - Explicit statements
revealing - Religious symbols or clothing
political - Membership in organizations
opinions, - Participation in religious or
religious or other philosophical events
beliefs, including - Social media activity
philosophical - History of actitivities
beliefs
personal data - Membership Records
revealing trade - Membership Application Forms
union - Union Meetings or Events
membership Attendance
- Correspondence with Trade
Unions
 genetic data - DNA Profiles
processed for the - Genetic Testing
purpose of - Biobank Data
identifying a
person
biometric data - Fingerprint Scans
processed for the - Facial Recognition
purpose of - Retina or Iris Scans
identifying a - Voiceprints
person
personal data - Medical Records
concerning health - Health Surveys
- Health Insurance Information
- Doctor's Notes
- Prescription Records
personal data - Sexual Orientation
concerning - Sexual Health Records
sexual life or - Relationship Status
sexual orientation - Sexual Activity

personal data - Criminal Record

relating to - Background Checks
criminal - Police Reports
convictions and - Correctional Facility Records
offences - Court Documents
- Rehabilitation and Intervention
Programs
- Probation and Parole Records

V. GDPR cases relating to special types of personal data

Google Ireland Ltd. (Google Health)

In 2019, the Irish Data Protection Commission (DPC) announced an investigation
into Google's processing of health data through its "Project Nightingale." This case
raised concerns about the protection of sensitive health information under the GDPR.
Clearview AI
Although primarily focused on facial recognition technology and biometric data, the
use of Clearview AI's technology has sparked discussions regarding the processing
of biometric data and privacy concerns, potentially leading to GDPR-related
investigations or actions.

COVID-19 Contact Tracing Apps

Several EU member states implemented contact tracing apps during the COVID-19
pandemic. These apps processed health-related data, including the potential
exposure to COVID-19. Data protection authorities monitored the use of these apps
to ensure compliance with GDPR requirements.

Facebook Case in Ireland

Facebook has faced several investigations and cases in Ireland, including issues
related to the sharing of personal data, which may include special categories of data.
While not limited to one specific case, Facebook's practices have been scrutinized
by data protection authorities.