Free IAPP CIPP-E Exam Questions

Question 1

Start-up company MagicAl is developing an AI system that will be part of a medical device that detects skin cancer. To take measures against potential bias in its AI system, the IT team decides to collect data about users’ ethnic origin, nationality, and gender.Start-up company MagicAl is developing an AI system that will be part of a medical device that detects skin cancer. To take measures against potential bias in its AI system, the IT team decides to collect data about users’ ethnic origin, nationality, and gender.

A : Processing necessary for scientific or statistical purposes.

B : Processing necessary for reasons of substantial public interest.

C : Processing necessary for purposes of preventive or occupational medicine.

D : Processing necessary for the defense of legal claims in potential negligence cases.

Answer: C

Question 2

SCENARIO

Please use the following to answer the next question:

The fitness company Vigotron has recently developed a new app called M-Health, which it wants to market on its website as a free download. Vigotron's marketing manager asks his assistant Emily to create a webpage that describes the app and specifies the terms of use. Emily, who is new at Vigotron, is excited about this task. At her previous job she took a data protection class, and though the details are a little hazy, she recognizes that Vigotron is going to need to obtain user consent for use of the app in some cases. Emily sketches out the following draft, trying to cover as much as possible before sending it to Vigotron's legal department.

Registration Form

Vigotron's new M-Health app makes it easy for you to monitor a variety of health-related activities, including diet, exercise, and sleep patterns. M-Health relies on your smartphone settings (along with other third-party apps you may already have) to collect data about all of these important lifestyle elements, and provide the information necessary for you to enrich your quality of life. (Please click here to read a full description of the services that M-Health provides.)

Vigotron values your privacy. The M-Heaith app allows you to decide which information is stored in it, and which apps can access your data. When your device is locked with a passcode, all of your health and fitness data is encrypted with your passcode. You can back up data stored in the Health app to Vigotron's cloud provider, Stratculous. (Read more about Stratculous here.)

Vigotron will never trade, rent or sell personal information gathered from the M-Health app. Furthermore, we will not provide a customer's name, email address or any other information gathered from the app to any third-party without a customer's consent, unless ordered by a court, directed by a subpoena, or to enforce the manufacturer's legal rights or protect its business or property.

We are happy to offer the M-Health app free of charge. If you want to download and use it, we ask that you first complete this registration form. (Please note that use of the M-Health app is restricted to adults aged 16 or older, unless parental consent has been given to minors intending to use it.)

• First name:

• Surname:

• Year of birth:

• Email:

• Physical Address (optional']:

• Health status:

if you are interested in receiving newsletters about our products and services that we think may be of interest to you, please include your physical address. If you decide later that you do not wish to receive these newsletters, you can unsubscribe by sending an email to unsubscribe@vigotron.com or send a letter with your request to the address listed at the bottom of this page.

Terms and Conditions

1. Jurisdiction. [...] 2. Applicable law. [...] 3. Limitation of liability. [...]

Consent

By completing this registration form, you attest that you are at least 16 years of age, and that you consent to the processing of your personal data by Vigotron for the purpose of using the M-Health app. Although you are entitled to opt out of any advertising or marketing, you agree that Vigotron may contact you or provide you with any required notices, agreements, or other information concerning the services by email or other electronic means. You also agree that the Company may send automated emails with alerts regarding any problems with the M-Health app that may affect your well being.

Emily sends the draft to Sam for review. Which of the following is Sam most likely to point out as the biggest problem with Emily's consent provision?

A : is not legal to include fields requiring information regarding health status without consent

B : ocessing health data requires explicit consent, but the form does not ask for explicit consent.

C : Direct marketing requires explicit consent, whereas the registration form only provides for a right to object

D : provision of the fitness app should be made conditional on the consent to the data processing for direct marketing.

Answer: C

Question 3

An employee of company ABCD has just noticed a memory stick containing records of client data, including their names, addresses and full contact details has disappeared. The data on the stick is unencrypted and in clear text. It is uncertain what has happened to the stick at this stage, but it likely was lost during the travel of an employee. What should the company do?

A : tify as soon as possible the data protection supervisory authority that a data breach may have taken place.

B : unch an investigation and if nothing is found within one month, notify the data protection supervisory authority.

C : voke the "disproportionate effort" exception under Article 33 to postpone notifying data subjects until more information can be gathered.

D : mediately notify all the customers of the company that their information has been accessed by an unauthorized person.

Answer: A

Question 4

Start-up company MagicAl is developing an AI system that will be part of a medical device that detects skin cancer. To take measures against potential bias in its AI system, the IT team decides to collect data about users’ ethnic origin, nationality, and gender.Start-up company MagicAl is developing an AI system that will be part of a medical device that detects skin cancer. To take measures against potential bias in its AI system, the IT team decides to collect data about users’ ethnic origin, nationality, and gender.

A : Processing necessary for scientific or statistical purposes.

B : Processing necessary for reasons of substantial public interest.

C : Processing necessary for purposes of preventive or occupational medicine.

D : Processing necessary for the defense of legal claims in potential negligence cases.

Answer: C

Question 5

Many businesses print their employees' photographs on building passes, so that employees can be identified by security staff. This is notwithstanding the fact that facial images potentially qualify as biometric data under the GOPR. Why would such practice be permitted?

A : cause use of biometric data to confirm the unique identification of data subjects benefits from an exemption.

B : Because photographs qualify as biometric data only when they undergo a "specific technical processing".

C : cause employees are deemed to have given their explicit consent when they agree to be photographed by their employer.

D : cause photographic ID is a physical security measure which is "necessary for reasons of substantial public interest".

Answer: B