nerdexam
Isaca

CDPSE · Question #102

A technology company has just launched a mobile application tor tracking health symptoms_ This application is built on a mobile device technology stack that allows users to share their location and de

The correct answer is D. Data usage without consent. Collecting sensitive health and location data via a mobile app without user consent is the most serious privacy concern because it violates fundamental data subject rights and regulatory requirements.

Data Life Cycle

Question

A technology company has just launched a mobile application tor tracking health symptoms_ This application is built on a mobile device technology stack that allows users to share their location and details of their symptoms. Which of the following is the GREATEST privacy concern with collecting this data via mobile devices?

Options

  • AClient-side device ID
  • BData storage requirements
  • CEncryption of key data elements
  • DData usage without consent

How the community answered

(50 responses)
  • A
    6% (3)
  • B
    26% (13)
  • C
    14% (7)
  • D
    54% (27)

Why each option

Collecting sensitive health and location data via a mobile app without user consent is the most serious privacy concern because it violates fundamental data subject rights and regulatory requirements.

AClient-side device ID

Client-side device ID is a tracking identifier concern but is less critical than the absence of consent for collecting health and location data.

BData storage requirements

Data storage requirements are a technical and compliance consideration but do not represent the primary privacy risk at the point of data collection.

CEncryption of key data elements

Encryption of data elements is an important security control but does not address the fundamental issue of whether the user agreed to data collection in the first place.

DData usage without consentCorrect

Health symptom data combined with location data is highly sensitive, and its collection without explicit user consent violates core privacy principles and regulations such as GDPR Article 9 and HIPAA. Processing this category of sensitive data without a lawful basis - most critically, consent - exposes individuals to significant harm and creates serious legal liability for the organization.

Concept tested: Mobile health app - consent for sensitive data collection

Source: https://gdpr-info.eu/art-9-gdpr/

Topics

#Consent#Data Usage#Sensitive Data#Mobile Privacy

Community Discussion

No community discussion yet for this question.

Full CDPSE Practice