Special Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

CIPP-E Exam Dumps - Certified Information Privacy Professional/Europe (CIPP/E)

Go to page:
Question # 57

In the Planet 49 case, what was the man judgement of the Coon of Justice of the European Union (CJEU) regarding the issue of cookies?

A.

If the cookies do not track personal data, then pre-checked boxes are acceptable.

B.

If the ePrivacy Directive requires consent for cookies, then the GDPR's consent requirements apply.

C.

If a website's cookie notice makes clear the information gathered and the lifespan of the cookie, then pre-checked boxes are acceptable.

D.

If a data subject continues to scroll through a website after reading a cookie banner, this activity constitutes valid consent for the tracking described in the cookie banner.

Full Access
Question # 58

In the wake of the Schrems II ruling, which of the following actions has been recommended by the EDPB for companies transferring personal data to third countries?

A.

Adopting a risk-based approach and implementing supplementary measures as needed.

B.

Ensuring that all data transfers are encrypted with unbreakable encryption algorithms.

C.

Obtaining explicit consent from each EU citizen for every individual data transfer.

D.

Storing all personal data within the borders of the European Union.

Full Access
Question # 59

Under Article 80(1) of the GDPR, individuals can elect to be represented by not-for-profit organizations in a privacy group litigation or class action. These organizations are commonly known as?

A.

Law firm organizations.

B.

Civil society organizations.

C.

Human rights organizations.

D.

Constitutional rights organizations.

Full Access
Question # 60

To which of the following parties does the territorial scope of the GDPR NOT apply?

A.

All member countries of the European Economic Area.

B.

All member countries party to the Treaty of Lisbon.

C.

All member countries party to the Paris Agreement.

D.

All member countries of the European Union.

Full Access
Question # 61

SCENARIO

Please use the following to answer the next question:

Brady is a computer programmer based in New Zealand who has been running his own business for two years. Brady’s business provides a low-cost suite of services to customers throughout the European Economic Area (EEA). The services are targeted towards new and aspiring small business owners. Brady’s company, called Brady Box, provides web page design services, a Social Networking Service (SNS) and consulting services that help people manage their own online stores.

Unfortunately, Brady has been receiving some complaints. A customer named Anna recently uploaded her plans for a new product onto Brady Box’s chat area, which is open to public viewing. Although she realized her mistake two weeks later and removed the document, Anna is holding Brady Box responsible for not noticing the error through regular monitoring of the website. Brady believes he should not be held liable.

Another customer, Felipe, was alarmed to discover that his personal information was transferred to a third- party contractor called Hermes Designs and worries that sensitive information regarding his business plans may be misused. Brady does not believe he violated European privacy rules. He provides a privacy notice to all of his customers explicitly stating that personal data may be transferred to specific third parties in fulfillment of a requested service. Felipe says he read the privacy notice but that it was long and complicated

Brady continues to insist that Felipe has no need to be concerned, as he can personally vouch for the integrity of Hermes Designs. In fact, Hermes Designs has taken the initiative to create sample customized banner advertisements for customers like Felipe. Brady is happy to provide a link to the example banner ads, now posted on the Hermes Designs webpage. Hermes Designs plans on following up with direct marketing to these customers.

Brady was surprised when another customer, Serge, expressed his dismay that a quotation by him is being used within a graphic collage on Brady Box’s home webpage. The quotation is attributed to Serge by first and last name. Brady, however, was not worried about any sort of litigation. He wrote back to Serge to let him know that he found the quotation within Brady Box’s Social Networking Service (SNS), as Serge himself had posted the quotation. In his response, Brady did offer to remove the quotation as a courtesy.

Despite some customer complaints, Brady’s business is flourishing. He even supplements his income through online behavioral advertising (OBA) via a third-party ad network with whom he has set clearly defined roles. Brady is pleased that, although some customers are not explicitly aware of the OBA, the advertisements contain useful products and services.

Based on the scenario, what is the main reason that Brady should be concerned with Hermes Designs’ handling of customer personal data?

A.

The data is sensitive.

B.

The data is uncategorized.

C.

The data is being used for a new purpose.

D.

The data is being processed via a new means.

Full Access
Question # 62

Read the following steps:

    Discover which employees are accessing cloud services and from which devices and apps Lock down the data in those apps and devices

    Monitor and analyze the apps and devices for compliance

    Manage application life cycles

    Monitor data sharing

An organization should perform these steps to do which of the following?

A.

Pursue a GDPR-compliant Privacy by Design process.

B.

Institute a GDPR-compliant employee monitoring process.

C.

Maintain a secure Bring Your Own Device (BYOD) program.

D.

Ensure cloud vendors are complying with internal data use policies.

Full Access
Question # 63

SCENARIO

Please use the following to answer the next question:

ABC Hotel Chain and XYZ Travel Agency are U.S.-based multinational companies. They use an internet-based common platform for collecting and sharing their customer data with each other, in order to integrate their marketing efforts. Additionally, they agree on the data to be stored, how reservations will be booked and confirmed, and who has access to the stored data.

Mike, an EU resident, has booked travel itineraries in the past through XYZ Travel Agency to stay at ABC Hotel Chain’s locations. XYZ Travel Agency offers a rewards program that allows customers to sign up to accumulate points that can later be redeemed for free travel. Mike has signed the agreement to be a rewards program member.

Now Mike wants to know what personal information the company holds about him. He sends an email requesting access to his data, in order to exercise what he believes are his data subject rights.

In which of the following situations would ABC Hotel Chain and XYZ Travel Agency NOT have to honor Mike’s data access request?

A.

The request is to obtain access and correct inaccurate personal data in his profile.

B.

The request is to obtain access and information about the purpose of processing his personal data.

C.

The request is to obtain access and erasure of his personal data while keeping his rewards membership.

D.

The request is to obtain access and the categories of recipients who have received his personal data to process his rewards membership.

Full Access
Question # 64

When may browser settings be relied upon for the lawful application of cookies?

A.

When a user rejects cookies that are strictly necessary.

B.

When users are aware of the ability to adjust their settings.

C.

When users are provided with information about which cookies have been set.

D.

When it is impossible to bypass the choices made by users in their browser settings.

Full Access
Go to page: