Certified Information Privacy Professional – Europe (CIPP/E) — Question 288

A U.S.-based online shop uses sophisticated software to track the browsing behavior of its European customers and predict future purchases. It also shares this information with third parties. Under the GDPR, what is the online shop’s PRIMARY obligation while engaging in this kind of profiling?

Answer options

• A. It must solicit informed consent through a notice on its website
• B. It must seek authorization from the European supervisory authorities
• C. It must be able to demonstrate a prior business relationship with the customers
• D. It must prove that it uses sufficient security safeguards to protect customer data

Correct answer: A

Explanation

The correct answer is A because GDPR mandates that businesses obtain explicit consent from individuals before processing their personal data, especially for profiling. Options B, C, and D do not address the requirement for informed consent directly related to profiling activities under GDPR.