M13: Privacy and GDPR Flashcards
Why do ecommerce sites use personalized features?
To build relationships with customers and increase purchases.
What is a major privacy concern with ecommerce personalization?
Users worry about their personal data being inferred and accessed by others.
What might cause users to avoid ecommerce sites?
Privacy concerns and fear of unsolicited marketing.
How can personalization systems improve user trust?
By enhancing privacy and ensuring data security.
What is one risk of personalization related to marketing?
Receiving unwanted emails, calls, and mail.
Why might users feel uncomfortable with personalization?
Because computers can infer personal information about them.
What is price discrimination in the context of personalization?
Charging different prices based on user profiles.
How can personalization lead to unauthorized access?
If profiles contain passwords or sensitive information.
What is a potential legal risk of storing user profiles?
Information might be subpoenaed in legal cases.
How can personalization systems limit data collection?
By only collecting necessary data and using pseudonymous profiles.
What is a pseudonymous profile?
A profile that uses a fake name to protect the user’s identity.
How can client-side profiles enhance privacy?
By storing data on the user’s computer instead of a server.
What is the benefit of user-initiated personalization?1
Users are more aware and in control of the data being collected.
How can sites make personalization more privacy-friendly?
By providing clear notices and options to disable personalization.
What is the role of fair information practice principles in personalization?
They guide the design of systems to protect user privacy.
What is the main focus of the document?
The document focuses on data protection and security requirements under GDPR, specifically Articles 25 and 32.
What is Article 32 about?
Article 32 deals with ensuring the security of data processing by implementing appropriate technical and organizational measures.
Why is data protection by design important?
It ensures that data protection measures are integrated from the start of system development, making it easier to comply with GDPR.
What does “data protection by default” mean?
It means setting systems and processes to automatically provide the highest level of data protection without requiring user intervention.
What are some risks mentioned in the document?
Risks include unauthorized access, data breaches, accidental loss, and misuse of data.
What is pseudonymization?
Pseudonymization is a process where personal data is processed in such a way that it cannot be attributed to a specific individual without additional information.
Why is encryption important?
Encryption makes data unreadable to unauthorized users, protecting its confidentiality and integrity.
What should be done in case of a data breach?
Organizations should have a plan to quickly restore access to data and ensure that the breach is contained and reported if necessary.
What is the role of risk assessment in data protection?
Risk assessment helps identify potential threats to data security and determine the appropriate measures to mitigate those risks.
What are some technical measures for data protection?
Technical measures include
* Antivirus software
* Firewalls,
* Encryption
* Regular software updates.
What are some organizational measures for data protection?
Organizational measures include
* Employee training
* Access controls
* A clear data protection policy.
How does GDPR define sensitive personal data?
Sensitive personal data includes information like
* Racial or ethnic origin,
* Political opinions
* Religious beliefs
* Health data.
What is the purpose of data minimization?
Data minimization aims to collect only the data that is necessary for a specific purpose, reducing the risk of misuse.
What is the significance of ISO 27001?
ISO 27001 is an international standard for managing information security, helping organizations implement effective security controls.
How can organizations ensure ongoing data protection?
By regularly reviewing and updating their data protection measures, conducting audits, and staying informed about new threats and regulations.