<< Prev Question Next Question >>

Question 40/55

SCENARIO
Please use the following to answer the next question:
Brady is a computer programmer based in New Zealand who has been running his own business for two years. Brady's business provides a low-cost suite of services to customers throughout the European Economic Area (EEA). The services are targeted towards new and aspiring small business owners. Brady's company, called Brady Box, provides web page design services, a Social Networking Service (SNS) and consulting services that help people manage their own online stores.
Unfortunately, Brady has been receiving some complaints. A customer named Anna recently uploaded her plans for a new product onto Brady Box's chat area, which is open to public viewing. Although she realized her mistake two weeks later and removed the document, Anna is holding Brady Box responsible for not noticing the error through regular monitoring of the website. Brady believes he should not be held liable.
Another customer, Felipe, was alarmed to discover that his personal information was transferred to a third- party contractor called Hermes Designs and worries that sensitive information regarding his business plans may be misused. Brady does not believe he violated European privacy rules. He provides a privacy notice to all of his customers explicitly stating that personal data may be transferred to specific third parties in fulfillment of a requested service. Felipe says he read the privacy notice but that it was long and complicated Brady continues to insist that Felipe has no need to be concerned, as he can personally vouch for the integrity of Hermes Designs. In fact, Hermes Designs has taken the initiative to create sample customized banner advertisements for customers like Felipe. Brady is happy to provide a link to the example banner ads, now posted on the Hermes Designs webpage. Hermes Designs plans on following up with direct marketing to these customers.
Brady was surprised when another customer, Serge, expressed his dismay that a quotation by him is being used within a graphic collage on Brady Box's home webpage. The quotation is attributed to Serge by first and last name. Brady, however, was not worried about any sort of litigation. He wrote back to Serge to let him know that he found the quotation within Brady Box's Social Networking Service (SNS), as Serge himself had posted the quotation. In his response, Brady did offer to remove the quotation as a courtesy.
Despite some customer complaints, Brady's business is flourishing. He even supplements his income through online behavioral advertising (OBA) via a third-party ad network with whom he has set clearly defined roles. Brady is pleased that, although some customers are not explicitly aware of the OBA, the advertisements contain useful products and services.
Based on the scenario, what is the main reason that Brady should be concerned with Hermes Designs' handling of customer personal data?

LEAVE A REPLY

Your email address will not be published. Required fields are marked *

Question List (55q)
Question 1: When hiring a data processor, which action would a data cont...
Question 2: According to the GDPR, how is pseudonymous personal data def...
Question 3: Read the following steps: Discover which employees are acces...
Question 4: SCENARIO Please use the following to answer the next questio...
Question 5: SCENARIO Please use the following to answer the next questio...
Question 6: Tanya is the Data Protection Officer for Curtains Inc., a GD...
Question 7: To which of the following parties does the territorial scope...
Question 8: A U.S.-based online shop uses sophisticated software to trac...
Question 9: What is the consequence if a processor makes an independent ...
Question 10: SCENARIO Please use the following to answer the next questio...
Question 11: When would a data subject NOT be able to exercise the right ...
Question 12: An employee of company ABCD has just noticed a memory stick ...
Question 13: SCENARIO Please use the following to answer the next questio...
Question 14: In 2016's Guidance, the United Kingdom's Information Commiss...
Question 15: When collecting personal data in a European Union (EU) membe...
Question 16: Under Article 9 of the GDPR, which of the following categori...
Question 17: According to Article 14 of the GDPR, how long does a control...
Question 18: SCENARIO Please use the following to answer the next questio...
Question 19: SCENARIO Please use the following to answer the next questio...
Question 20: Which change was introduced by the 2009 amendments to the e-...
Question 21: Which GDPR principle would a Spanish employer most likely de...
Question 22: Which of the following entities would most likely be exempt ...
Question 23: When is data sharing agreement MOST likely to be needed?...
Question 24: What is one major goal that the OECD Guidelines, Convention ...
Question 25: Which aspect of the GDPR will likely have the most impact on...
Question 26: SCENARIO Please use the following to answer the next questio...
Question 27: What type of data lies beyond the scope of the General Data ...
Question 28: Under Article 58 of the GDPR, which of the following describ...
Question 29: To provide evidence of GDPR compliance, a company performs a...
Question 30: Which of the following countries will continue to enjoy adeq...
Question 31: A company is located in a country NOT considered by the Euro...
Question 32: What are the obligations of a processor that engages a sub-p...
Question 33: Which of the following would MOST likely trigger the extrate...
Question 34: An unforeseen power outage results in company Z's lack of ac...
Question 35: Which GDPR requirement will present the most significant cha...
Question 36: SCENARIO Please use the following to answer the next questio...
Question 37: What permissions are required for a marketer to send an emai...
Question 38: Under Article 30 of the GDPR, controllers are required to ke...
Question 39: Which EU institution is vested with the competence to propos...
Question 40: SCENARIO Please use the following to answer the next questio...
Question 41: An organisation receives a request multiple times from a dat...
Question 42: In which of the following cases would an organization MOST L...
Question 43: A well-known video production company, based in Spain but sp...
Question 44: A German data subject was the victim of an embarrassing pran...
Question 45: Which of the following would require designating a data prot...
Question 46: Assuming that the "without undue delay" provision is followe...
Question 47: Why is advisable to avoid consent as a legal basis for an em...
Question 48: In which case would a controller who has undertaken a DPIA m...
Question 49: Which of the following does NOT have to be included in the r...
Question 50: SCENARIO Please use the following to answer the next questio...
Question 51: With respect to international transfers of personal data, th...
Question 52: Under what circumstances might the "soft opt-in" rule apply ...
Question 53: According to the GDPR, what is the main task of a Data Prote...
Question 54: SCENARIO Please use the following to answer the next questio...
1 commentQuestion 55: Which of the following is NOT recognized as being a common c...