IAPP Artificial Intelligence Governance Professional (AIGP) — Question 80

A French medical research center wishes to develop an AI-based system which will predict the risk of serious diseases based on the patient’s genetic data. In order to do so it contracts with a tech company and provides it with patients’ data previously obtained by the center during the research.
To guarantee compliance when processing special categories of personal data, the medical research center must ensure that:

Answer options

• A. The AI-based system is designed for the purposes of preventive medicine.
• B. The patients’ health and genetic data is anonymized.
• C. The patients have given explicit consent to using the data.
• D. The tech company is located in the EU and is not cloud-based.

Correct answer: C

Explanation

The correct answer is C because explicit consent is a fundamental requirement for processing sensitive data under regulations such as GDPR. Option A, while relevant to the purpose, does not address compliance. Option B, anonymization, is important but not a substitute for consent in this context. Option D is irrelevant as location and cloud status do not inherently guarantee compliance.