Subject practice path

Privacy and Data Protection Law Practice Tests

Practice Privacy and Data Protection Law exam questions covering core doctrines, issue spotting, applied analysis, and exam-ready explanations.

Take Free QuizUnlock Full BankSearch Case Briefs

How To Study This Subject

Learn the rule

Read the outline and identify the elements, exceptions, and policy tensions.

Test recall

Use the 20 free questions first, then move into timed premium sets.

Apply cases

Connect leading authorities to problem-question facts and ratio-based reasoning.

Write under time

Turn missed topics into IRAC plans and short timed answers.

Related Case Briefs

FTC v. Facebook, Inc.

No. 1:19-cv-02184 (D.D.C. 2019)

Failure to honor privacy commitments to users can result in significant FTC enforcement actions; companies must implement robust data protection programs.

Data Protection Commissioner v Facebook Ireland Ltd, Maximillian Schrems

C-311/18

Data exporters must verify that the recipient country ensures essentially equivalent protection; if not, SCCs must be supplemented or transfers suspended.

Opinion 1/15 (EU-Canada PNR Agreement)

Opinion 1/15

International agreements involving transfer of personal data must respect proportionality, necessity, and provide judicial redress.

Digital Rights Ireland Ltd v Minister for Communications, Marine and Natural Resources

Joined Cases C-293/12 and C-594/12

Blanket data retention without safeguards violates the principle of proportionality; retained data must be limited and subject to judicial oversight.

La Quadrature du Net and Others v Premier ministre

Joined Cases C-511/18, C-512/18, C-520/18

The fight against serious crime does not justify general data retention; measures must be targeted, time-limited, and subject to review.

Privacy International v Secretary of State for Foreign and Commonwealth Affairs

C-623/17

EU law does not exclude national security but bulk data processing requires specific safeguards and cannot be unlimited.

Robinson v. HSBC Bank USA, N.A.

984 F.3d 182 (2d Cir. 2020)

To establish standing in data breach cases, plaintiffs must show actual misuse or a substantial risk of imminent misuse of their personal data.

TK v Asociaţia de Proprietari

C-708/18

Legitimate interest must be balanced against data subjects' rights; public display of personal data is generally unlawful without consent.