IAPP Artificial Intelligence Governance Professional (AIGP) — Question 72

You are a privacy program manager at a large e-commerce company that uses an AI tool to deliver personalized product recommendations based on visitors’ personal information that has been collected from the company website, the chatbot and public data the company has scraped from social media.
A user submits a data access request under an applicable US state privacy law, specifically seeking a copy of their personal data, including information used to create their profile for product recommendations.
What is the most challenging aspect of managing this request?

Answer options

• A. Some of the visitor’s data is synthetic data that the company does not have to provide to the data subject.
• B. The data subject’s data is structured data that can be searched, compiled and reviewed only by an automated tool.
• C. The data subject is not entitled to receive a copy of their data because some of it was scraped from public sources.
• D. Some of the data subject’s data is unstructured data and you cannot untangle it from the other data, including information about other individuals.

Correct answer: D

Explanation

The correct answer is D because unstructured data often lacks a clear format, making it difficult to isolate the individual's information from data related to others. Options A and C are incorrect as they misinterpret the obligations under privacy laws regarding synthetic and publicly scraped data. Option B is misleading because structured data typically can be managed more easily, not just through automated tools.