IAPP CIPP-E dumps - 100% Pass Guarantee!

Bioface is a company based in the United States. It has no servers, personnel or assets in the European Union. By collecting photographs from social media and other web-based services, such as newspapers and blogs, it uses machine learning to develop a facial recognition algorithm. The algorithm identifies individuals in photographs who are not in its data set based the algorithm and its existing data. The service collects photographs of data subjects in the European Union and will identify them if presented with their photographs. Bioface offers its service to government agencies and companies in the United States and Canada, but not to those in the European Union. Bioface does not offer the service to individuals.

Why is Bioface subject to the territorial scope of the General Data Protection Regulation?

A. It collects data from European Union websites, which constitutes an establishment in the European Union.

B. It offers services in the European Union by identifying data subjects in the European Union.

C. It collects data from subjects and uses it for automated processing.

D. It monitors the behavior of data subjects in the European Union.

Under the GDPR, which of the following is true in regard to adequacy decisions involving cross-border transfers?

A. The European Commission can adopt an adequacy decision for individual companies.

B. The European Commission can adopt, repeal or amend an existing adequacy decision.

C. EU member states are vested with the power to accept or reject a European Commission adequacy decision.

D. To be considered as adequate, third countries must implement the EU General Data Protection Regulation into their national legislation.

Which area of privacy is a lead supervisory authority's (LSA) MAIN concern?

A. Data subject rights

B. Data access disputes

C. Cross-border processing

D. Special categories of data

Which of the following is an accurate statement regarding the "one-stop-shop" mechanism of the GDPR?

A. It can result in several lead supervisory authorities in the EU assuming competence over the same data processing activities of an organization.

B. It applies only to direct enforcement of data protection supervisory authorities (e.g.. finding a breach), but not to initiating or engaging m court proceedings

C. It gives competence to the lead supervisory authority to address privacy issues derived from processes carried out by public authorities established in different countries.

D. It allows supervisory authorities concerned (other than the lead supervisory authority) to act against organizations m exceptional cases even if they do not have any type of establishment in the Member State of the respective authority.

What is the primary purpose of Convention 108+, which amends the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data?

A. To issue updated guidelines for data transfers from the EU to third-country signatories to the Convention.

B. To modify the process for third countries to obtain an adequacy decision from the European Commission.

C. To strengthen data protection in line with the European and international regulatory framework.

D. To establish new data subject rights and safeguards for consumers in the EU member states.