CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. IAPP
  5. CIPP-E

Free CIPP-E Exam Braindumps (page: 36)

Page 36 of 68
PDF with 283 Questions

Which of the following is NOT recognized as being a common characteristic of cloud-computing services?

  1. The service's infrastructure is shared among the supplier's customers and can be located in a number of countries.
  2. The supplier determines the location, security measures, and service standards applicable to the processing.
  3. The supplier allows customer data to be transferred around the infrastructure according to capacity.
  4. The supplier assumes the vendor's business risk associated with data processed by the supplier.

Answer(s): D

Explanation:

This is not a common characteristic of cloud-computing services, as the supplier usually does not assume the vendor's business risk. In fact, the supplier often limits its liability for data breaches or losses, and the vendor remains responsible for complying with data protection laws and regulations. The other options are common characteristics of cloud-computing services, as they reflect the nature of cloud computing as a flexible, scalable, and cost-effective way of processing data, but also pose challenges for data protection and security.


Reference:

Free CIPP/E Study Guide, page 17, section 2.3.2
CIPP/E Certification, page 12, section 2.3.2
Cipp-e Study guides, Class notes & Summaries, page 23, section 2.3.2


https://www.softwaremajor.com/news-articles/64-gdpr-how-does-it-apply-to-the-cloud



When may browser settings be relied upon for the lawful application of cookies?

  1. When a user rejects cookies that are strictly necessary.
  2. When users are aware of the ability to adjust their settings.
  3. When users are provided with information about which cookies have been set.
  4. When it is impossible to bypass the choices made by users in their browser settings.

Answer(s): D

Explanation:

: According to the ICO guidance on the use of cookies and similar technologies1, browser settings and other control mechanisms can be relied upon for the lawful application of cookies only if they meet the following conditions:
They are designed to protect users' privacy and provide them with control over the use of cookies and similar technologies;
They are prominent and easy to use, and do not require users to take unnecessary steps or provide unnecessary information;

They are specific and granular enough to allow users to express their preferences for different types and purposes of cookies and similar technologies;
They are sufficiently informed and clear about the cookies and similar technologies that will be set or accessed, and the purposes for which they will be used; They are regularly reviewed and updated to reflect any changes in the cookies and similar technologies that are used or the purposes for which they are used; They are not overridden or circumvented by other software or settings that may interfere with users' choices;
They provide an effective means of withdrawing consent at any time. Therefore, browser settings and other control mechanisms can be a valid way of obtaining consent for cookies and similar technologies, but only if they meet these high standards and ensure that users have a real and meaningful choice over the use of cookies and similar technologies on their devices.


Reference:

1 How do we comply with the cookie rules? | ICO. Available at: 4 (Accessed: 11 December 2023).



SCENARIO

Please use the following to answer the next question:

The fitness company Vigotron has recently developed a new app called M-Health, which it wants to market on its website as a free download. Vigotron's marketing manager asks his assistant Emily to create a webpage that describes the app and specifies the terms of use. Emily, who is new at Vigotron, is excited about this task. At her previous job she took a data protection class, and though the details are a little hazy, she recognizes that Vigotron is going to need to obtain user consent for use of the app in some cases. Emily sketches out the following draft, trying to cover as much as possible before sending it to Vigotron's legal department.

Registration Form

Vigotron's new M-Health app makes it easy for you to monitor a variety of health-related activities, including diet, exercise, and sleep patterns. M-Health relies on your smartphone settings (along with other third-party apps you may already have) to collect data about all of these important lifestyle elements, and provide the information necessary for you to enrich your quality of life. (Please click here to read a full description of the services that M-Health provides.)

Vigotron values your privacy. The M-Heaith app allows you to decide which information is stored in it, and which apps can access your data.
When your device is locked with a passcode, all of your health and fitness data is encrypted with your passcode. You can back up data stored in the Health app to Vigotron's cloud provider, Stratculous. (Read more about Stratculous here.)
Vigotron will never trade, rent or sell personal information gathered from the M-Health app.
Furthermore, we will not provide a customer's name, email address or any other information gathered from the app to any third- party without a customer's consent, unless ordered by a court, directed by a subpoena, or to enforce the manufacturer's legal rights or protect its business or property.

We are happy to offer the M-Health app free of charge. If you want to download and use it, we ask that you first complete this registration form. (Please note that use of the M-Health app is restricted to adults aged 16 or older, unless parental consent has been given to minors intending to use it.) First name:
Surname:
Year of birth:
Email:
Physical Address (optional*):
Health status:
*If you are interested in receiving newsletters about our products and services that we think may be of interest to you, please include your physical address. If you decide later that you do not wish to receive these newsletters, you can unsubscribe by sending an email to unsubscribe@vigotron.com or send a letter with your request to the address listed at the bottom of this page.
Terms and Conditions
1. Jurisdiction. [...]
2. Applicable law. [...]
3. Limitation of liability. [...]
Consent
By completing this registration form, you attest that you are at least 16 years of age, and that you consent to the processing of your personal data by Vigotron for the purpose of using the M-Health app. Although you are entitled to opt out of any advertising or marketing, you agree that Vigotron may contact you or provide you with any required notices, agreements, or other information concerning the services by email or other electronic means. You also agree that the Company may send automated emails with alerts regarding any problems with the M-Health app that may affect your well being.
Emily sends the draft to Sam for review.
Which of the following is Sam most likely to point out as the biggest problem with Emily's consent provision?

  1. It is not legal to include fields requiring information regarding health status without consent.
  2. Processing health data requires explicit consent, but the form does not ask for explicit consent.
  3. Direct marketing requires explicit consent, whereas the registration form only provides for a right to object
  4. The provision of the fitness app should be made conditional on the consent to the data processing for direct marketing.

Answer(s): C

Explanation:

According to the GDPR, personal data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. This means that data controllers must inform data subjects about the purposes of data processing and obtain their consent or another lawful basis for any new or different purposes. In the scenario, Brady transferred his customers' personal data to Hermes Designs, a third-party contractor, to fulfill a requested service. However, Hermes Designs used the data for a new purpose that was not disclosed to the customers: creating sample customized banner advertisements and conducting direct marketing. This is a violation of the purpose limitation principle and could expose Brady to legal risks and customer complaints.
Therefore, Brady should be concerned with Hermes Designs' handling of customer personal data and take appropriate measures to ensure compliance with the GDPR. I hope this helps. If you have any other questions, please feel free to ask.
1: Article 5(1)(b) of the GDPR 2: Article 6(4) of the GDPR



SCENARIO

Please use the following to answer the next question:

The fitness company Vigotron has recently developed a new app called M-Health, which it wants to market on its website as a free download. Vigotron's marketing manager asks his assistant Emily to create a webpage that describes the app and specifies the terms of use. Emily, who is new at Vigotron, is excited about this task. At her previous job she took a data protection class, and though the details are a little hazy, she recognizes that Vigotron is going to need to obtain user consent for use of the app in some cases. Emily sketches out the following draft, trying to cover as much as possible before sending it to Vigotron's legal department.

Registration Form

Vigotron's new M-Health app makes it easy for you to monitor a variety of health-related activities, including diet, exercise, and sleep patterns. M-Health relies on your smartphone settings (along with other third-party apps you may already have) to collect data about all of these important lifestyle elements, and provide the information necessary for you to enrich your quality of life. (Please click here to read a full description of the services that M-Health provides.)

Vigotron values your privacy. The M-Heaith app allows you to decide which information is stored in it, and which apps can access your data.
When your device is locked with a passcode, all of your health and fitness data is encrypted with your passcode. You can back up data stored in the Health app to Vigotron's cloud provider, Stratculous. (Read more about Stratculous here.)
Vigotron will never trade, rent or sell personal information gathered from the M-Health app.
Furthermore, we will not provide a customer's name, email address or any other information gathered from the app to any third- party without a customer's consent, unless ordered by a court, directed by a subpoena, or to enforce the manufacturer's legal rights or protect its business or property.

We are happy to offer the M-Health app free of charge. If you want to download and use it, we ask that you first complete this registration form. (Please note that use of the M-Health app is restricted to adults aged 16 or older, unless parental consent has been given to minors intending to use it.) First name:
Surname:
Year of birth:
Email:
Physical Address (optional*):
Health status:
*If you are interested in receiving newsletters about our products and services that we think may be of interest to you, please include your physical address. If you decide later that you do not wish to receive these newsletters, you can unsubscribe by sending an email to unsubscribe@vigotron.com or send a letter with your request to the address listed at the bottom of this page.
Terms and Conditions
1. Jurisdiction. [...]
2. Applicable law. [...]
3. Limitation of liability. [...]
Consent
By completing this registration form, you attest that you are at least 16 years of age, and that you consent to the processing of your personal data by Vigotron for the purpose of using the M-Health app. Although you are entitled to opt out of any advertising or marketing, you agree that Vigotron may contact you or provide you with any required notices, agreements, or other information concerning the services by email or other electronic means. You also agree that the Company may send automated emails with alerts regarding any problems with the M-Health app that may affect your well being.
If a user of the M-Health app were to decide to withdraw his consent, Vigotron would first be required to do what?

  1. Provide the user with logs of data collected through use of the app.
  2. Erase any data collected from the time the app was first used.
  3. Inform any third parties of the user's withdrawal of consent.
  4. Cease processing any data collected through use of the app.

Answer(s): D



Page 36 of 68



Post your Comments and Discuss IAPP CIPP-E exam with other Community members:

Martinez commented on September 21, 2024
This exam was so hard, I thought I'd need a miracle. Turns out, exam dumps are the next best thing.
NETHERLANDS
upvote

Filipa commented on August 27, 2024
Question 143 is incorrect, the answer is should be B, and the explanation is unrelated to the scenario. Other than that great work
PORTUGAL
upvote

Nell commented on August 18, 2024
Hello. This is very helpful
UNITED KINGDOM
upvote

X commented on August 08, 2024
answers are correct
Anonymous
upvote