Free Access to DSCI.DCPP-01.v2022-05-14.q43 with Valid Practice Test (Page 8)

Question 31

A multinational company with operations in several parts within EU and outside EU, involves international data transfer of both its employees and customers. In some of its EU branches, which are relatively larger in size, the organization has a works council. Most of the data transferred is personal, and some of the data that the organization collects is sensitive in nature, the processing of some of which is also outsourced to its branches in Asian countries.
For exporting EU branch employees' data to Asian Countries for processing, which of the following instruments could be used for legal data transfer?

A.Standard Contractual Clauses
B.Binding Corporate Rules
C.Customized contracts mandating ISO 27001 certification by the data processor
D.Safe Harbor

Question 32

Regarding projects such as Aadhaar, the National Population Register (NPR), etc. that involve national government projects specific to India, which of the following statements is accurate?

A.Citizens can choose not to submit their biometric details to the environment and can complete the process without providing their biometrics
B.Prior to and during collection of data, data subjects are not properly notified
C.In India, biometric data collection is a statutory requirement
D.Once their personal information has been shared with the project, data subjects are not limited in how they can exercise control over how it will be used

Correct Answer: D

The requesting entity is expected to inform the individual, at the time of e-KYC authentication, what information will be shared with it by UIDAI on authentication and the purpose for which the information would be used. It is expected that notice is provided in the local language as well - to ensure that the individual understands clearly what he/she is getting into. Any other entity other than the requesting entity that collects individual's Aadhaar number or even a document containing the Aadhaar number is also required to inform the individual the purpose of collection, whether it is mandatory and what are the alternatives. Consent After providing notice, the requesting entity is required to obtain the consent of the individual before collecting the identity information. The information may be collected in physical or, preferably, in electronic form. A record or log of the consent is also required to be maintained in the format specified by UIDAI. A requesting entity can do e-KYC authentication on behalf of a third party and share the e-KYC data with the third party for a specific purpose. However, it needs to take consent of the individual for this purpose. For any sharing of e-KYC data with a third party, a separate consent for each such sharing is required. The individual himself/herself may share their data with other entities. However, those entities cannot further share the data with any other entity without obtaining the individual's consent every single time it does a share. Similarly, any other entity other than the requesting entity that collects individual's Aadhaar number or any document containing the Aadhaar number is also required to obtain the consent of the individual for the collection, storage and usage of the individual's Aadhaar number for the purpose specified. The individual has the freedom to revoke any of the earlier consent(s) given, and requesting entity would be required to delete e-KYC data along with ceasing its ability to share further. Usage and Purpose The requesting entity can use the identity information of an individual only for the purpose specified to the individual at the time of authentication or e-KYC. Similarly, any other entity other than the requesting entity that collects individual's Aadhaar number or any document containing the Aadhaar number can use the Aadhaar number only for those purposes specified to the individual at the time of obtaining his consent. Any other entity other than the requesting entity that collects individual's Aadhaar number or any document containing the Aadhaar number is not permitted to share the Aadhaar number with any other person without obtaining the consent of the individual. Disclosure The core biometric information collected under the Act is not allowed to be shared with anyone for any reason whatsoever. This is applicable to UIDAI as well as all agencies in the ecosystem. A requesting entity can share the identity data, including the e-KYC data, with third parties for any lawful purposes provided specific consent from the individual for the same has been obtained. However, the third party, in turn, cannot share it further with any other third party except to complete a transaction- that too only if the individual has given specific consent.

Question 33

Which type of data qualify as Sensitive Personal Data or Information under Section 43A of IT (Amendment) Act, 2008?

A.Sexual orientation
B.Political affiliation
C.Call Data Records (CDRs)
D.Religion and caste

Question 34

In relation to "Online Privacy" please pick the incorrect statement:

A.Online disclosure of "selective" information by a person that is publicly available
B.People's concern over the way their personal information is used during online activities
C.People's concerns over the license agreements they sign with any company
D.The process of obtaining information online that a person can control

Question 35

Rising economic value of personal information has stressed the need for a comprehensive __________ legislation in India.

A.Privacy
B.Dispute resolution
C.Right to Internet
D.Right to Information

Question 31

Question 32

Question 33

Question 34

Question 35

Download PDF File