Q: 16
A company is creating a mobile app to enable individuals to upload images and videos, and analyze
this data using ML to provide lifestyle improvement recommendations. The signup form has the
following data fields:
1.First name
2.Last name
3.Mobile number
4.Email ID
5.New password
6.Date of birth
7.Gender
In addition, the app obtains a device's IP address and location information while in use.
What GDPR privacy principles does this violate?
Options
Discussion
Looks like it's D here. The way I see it, collecting IP and location without strong safeguards could mess with Integrity and Confidentiality under GDPR, since these are sensitive personal data. Open to being convinced otherwise though.
A is wrong, it's A. Official IAPP guides and practice tests cover GDPR core principles like data minimization and purpose limitation pretty well, so I'd check those again for this kind of scenario.
A , D is a trap since it's not about data security but about too much being collected compared to the stated purpose.
A tbh, because they're scooping up more data than needed for the stated ML analysis. GDPR says stick to what's necessary (data minimization) and make sure you only collect for the declared purpose (purpose limitation). Not 100 percent sure though, since sometimes extra data is justified, but in this case it seems excessive. Disagree?
D imo
A, since they're collecting way more data than what's strictly needed for lifestyle analysis. Purpose limitation and data minimization stick out here. If the app just needs image/video content, asking for DOB and constant location crosses the line. Unless there's a clear justification, this is a classic GDPR issue.
Be respectful. No spam.
