IAPP CIPP/US Practice Exam

Category - Professional

A vehicle manufacturer offers a “Connected Vehicle Experience” to drivers. This program creates a new business-to-business revenue stream for the manufacturer. The auto manufacturer plans to make revenue from retailers, restaurants, and other businesses. In addition, it will provide an opportunity to market to drivers from within the personal vehicles based on the driver’s location.
 
Which is
not necessary for the manufacturer to prevent liability under privacy law?
  1. Acquisition of driver/vehicle owner consent to collect PII and location
  2. Development of a privacy notice provides drivers/vehicle owners with information about collecting their location data, how the data will be processed, and how it will be shared.
  3. Acquisition of driver/vehicle owner's consent to share location data with retailers and other business partners
  4. Establish a Safe Harbor agreement with foreign retail partners with which the vehicle manufacturers will share driver’s information.
Explanation
Answer: D - Under this scenario, the vehicle manufacturers offering the “Connected vehicle experience” would face many risks of privacy and data protection law violations. It would be necessary for the vehicle manufacturer to obtain the driver’s consent to collect, use, process, and share personal information and location. The manufacturer would need to communicate through a comprehensive privacy notice, complying with federal, state, and local laws. Data security would also need to be addressed.
 
The manufacturer would not be required to establish a Safe Harbor agreement with foreign retail partners as these agreements have been invalidated. However, other means would be necessary to address the cross-border sharing of driver data.
Was this helpful? Upvote!
Login to contribute your own answer or details

Top questions

Related questions

Most popular on PracticeQuiz