M13: Privacy and GDPR

Question 1

Why do ecommerce sites use personalized features?

M13: Privacy and GDPR

Answer 1

To build relationships with customers and increase purchases.

Question 2

What is a major privacy concern with ecommerce personalization?

M13: Privacy and GDPR

Answer 2

Users worry about their personal data being inferred and accessed by others.

Question 3

What might cause users to avoid ecommerce sites?

M13: Privacy and GDPR

Answer 3

Privacy concerns and fear of unsolicited marketing.

Question 4

How can personalization systems improve user trust?

M13: Privacy and GDPR

Answer 4

By enhancing privacy and ensuring data security.

Question 5

What is one risk of personalization related to marketing?

M13: Privacy and GDPR

Answer 5

Receiving unwanted emails, calls, and mail.

Question 6

Why might users feel uncomfortable with personalization?

M13: Privacy and GDPR

Answer 6

Because computers can infer personal information about them.

Question 7

What is price discrimination in the context of personalization?

M13: Privacy and GDPR

Answer 7

Charging different prices based on user profiles.

Question 8

How can personalization lead to unauthorized access?

M13: Privacy and GDPR

Answer 8

If profiles contain passwords or sensitive information.

Question 9

What is a potential legal risk of storing user profiles?

M13: Privacy and GDPR

Answer 9

Information might be subpoenaed in legal cases.

Question 10

How can personalization systems limit data collection?

M13: Privacy and GDPR

Answer 10

By only collecting necessary data and using pseudonymous profiles.

Question 11

What is a pseudonymous profile?

M13: Privacy and GDPR

Answer 11

A profile that uses a fake name to protect the user’s identity.

Question 12

How can client-side profiles enhance privacy?

M13: Privacy and GDPR

Answer 12

By storing data on the user’s computer instead of a server.

Question 13

What is the benefit of user-initiated personalization?1

M13: Privacy and GDPR

Answer 13

Users are more aware and in control of the data being collected.

Question 14

How can sites make personalization more privacy-friendly?

M13: Privacy and GDPR

Answer 14

By providing clear notices and options to disable personalization.

Question 15

What is the role of fair information practice principles in personalization?

M13: Privacy and GDPR

Answer 15

They guide the design of systems to protect user privacy.

Question 16

What is the main focus of the document?

M13: Privacy and GDPR

Answer 16

The document focuses on data protection and security requirements under GDPR, specifically Articles 25 and 32.

Question 17

What is Article 32 about?

M13: Privacy and GDPR

Answer 17

Article 32 deals with ensuring the security of data processing by implementing appropriate technical and organizational measures.

Question 18

Why is data protection by design important?

M13: Privacy and GDPR

Answer 18

It ensures that data protection measures are integrated from the start of system development, making it easier to comply with GDPR.

Question 19

What does “data protection by default” mean?

M13: Privacy and GDPR

Answer 19

It means setting systems and processes to automatically provide the highest level of data protection without requiring user intervention.

Question 20

What are some risks mentioned in the document?

M13: Privacy and GDPR

Answer 20

Risks include unauthorized access, data breaches, accidental loss, and misuse of data.

Question 21

What is pseudonymization?

M13: Privacy and GDPR

Answer 21

Pseudonymization is a process where personal data is processed in such a way that it cannot be attributed to a specific individual without additional information.

Question 22

Why is encryption important?

M13: Privacy and GDPR

Answer 22

Encryption makes data unreadable to unauthorized users, protecting its confidentiality and integrity.

Question 23

What should be done in case of a data breach?

M13: Privacy and GDPR

Answer 23

Organizations should have a plan to quickly restore access to data and ensure that the breach is contained and reported if necessary.

Question 24

What is the role of risk assessment in data protection?

M13: Privacy and GDPR

Answer 24

Risk assessment helps identify potential threats to data security and determine the appropriate measures to mitigate those risks.

Question 25

What are some technical measures for data protection?

M13: Privacy and GDPR

Answer 25

Technical measures include
* Antivirus software
* Firewalls,
* Encryption
* Regular software updates.

Question 26

What are some organizational measures for data protection?

M13: Privacy and GDPR

Answer 26

Organizational measures include
* Employee training
* Access controls
* A clear data protection policy.

Question 27

How does GDPR define sensitive personal data?

M13: Privacy and GDPR

Answer 27

Sensitive personal data includes information like
* Racial or ethnic origin,
* Political opinions
* Religious beliefs
* Health data.

Question 28

What is the purpose of data minimization?

M13: Privacy and GDPR

Answer 28

Data minimization aims to collect only the data that is necessary for a specific purpose, reducing the risk of misuse.

Question 29

What is the significance of ISO 27001?

M13: Privacy and GDPR

Answer 29

ISO 27001 is an international standard for managing information security, helping organizations implement effective security controls.

Question 30

How can organizations ensure ongoing data protection?

M13: Privacy and GDPR

Answer 30

By regularly reviewing and updating their data protection measures, conducting audits, and staying informed about new threats and regulations.