Q: 7
Based on GDPR Article 35, which of the following situations would trigger the need to complete a
DPIA?
Options
Discussion
C. but if the dating app wasn’t using third-party data for profiling, it might not hit that DPIA threshold. Anyone else think adding third-party sources is what actually flips this into high risk under Article 35?
Its C for this one. Building a dating app that profiles users based on both location and third-party data definitely hits the "systematic and extensive evaluation" requirement in Article 35. That combo is high risk for privacy, so a DPIA would be needed. Pretty sure A and B aren't quite there legally but correct me if anyone sees it differently.
Wouldn’t using location data for delivery trucks (D) not trigger DPIA since it’s not about people, while the dating app in C involves profiling individuals? Just want to double-check my reasoning on what counts as high risk here.
C is the right call. Profiling users for a dating app with both location and third-party data is classic DPIA territory under GDPR Article 35. A is tempting but doesn’t reach the same level of high risk, I think. Disagree?
It’s C here, not B. Profiling with third-party data in a dating app is a textbook high-risk DPIA trigger under Article 35.
B , since inferring habits from location data can feel like profiling, which might be risky enough for DPIA.
Definitely C. Profiling for a dating app with location and external sources means high risk per GDPR Art 35. The others don’t really hit the systematic evaluation or legal effect threshold imo but open to debate if I missed something.
My vote is A. Combining location with customer data feels risky enough for a DPIA requirement, I think.
Why would option D not count as high risk? Tracking trucks isn’t directly personal but could capture driver data if linked, right?
C, Saw a similar question pop up in recent exam reports, so pretty sure this is the DPIA trigger scenario.
Be respectful. No spam.
