CDPSE · Question #102
A technology company has just launched a mobile application tor tracking health symptoms_ This application is built on a mobile device technology stack that allows users to share their location and de
The correct answer is D. Data usage without consent. Collecting sensitive health and location data via a mobile app without user consent is the most serious privacy concern because it violates fundamental data subject rights and regulatory requirements.
Question
A technology company has just launched a mobile application tor tracking health symptoms_ This application is built on a mobile device technology stack that allows users to share their location and details of their symptoms. Which of the following is the GREATEST privacy concern with collecting this data via mobile devices?
Options
- AClient-side device ID
- BData storage requirements
- CEncryption of key data elements
- DData usage without consent
How the community answered
(50 responses)- A6% (3)
- B26% (13)
- C14% (7)
- D54% (27)
Why each option
Collecting sensitive health and location data via a mobile app without user consent is the most serious privacy concern because it violates fundamental data subject rights and regulatory requirements.
Client-side device ID is a tracking identifier concern but is less critical than the absence of consent for collecting health and location data.
Data storage requirements are a technical and compliance consideration but do not represent the primary privacy risk at the point of data collection.
Encryption of data elements is an important security control but does not address the fundamental issue of whether the user agreed to data collection in the first place.
Health symptom data combined with location data is highly sensitive, and its collection without explicit user consent violates core privacy principles and regulations such as GDPR Article 9 and HIPAA. Processing this category of sensitive data without a lawful basis - most critically, consent - exposes individuals to significant harm and creates serious legal liability for the organization.
Concept tested: Mobile health app - consent for sensitive data collection
Source: https://gdpr-info.eu/art-9-gdpr/
Topics
Community Discussion
No community discussion yet for this question.