Question 20
IIIAn online service lets users opt in to having their behavior used for personalization models and later revoke that permission. Which capability is central to effective consent management?
Correct answer: B
Explanation
Effective consent management requires tracking each user’s current permission state and honoring changes over time. Because users can “opt in” and later “revoke that permission,” the system must keep auditable records of consent status and ensure downstream collection, training, and inference follow the latest choice, including withdrawal of consent.
Why each option is right or wrong
A. Storing the initial consent flag but never updating it.
A stale consent record cannot reflect revocation, so downstream systems may keep using data improperly.
B. Maintaining auditable records of consent status and ensuring downstream data collection, training, and inference honor current user choices, including withdrawal of consent.
Under GDPR Article 7(1) and 7(3), the controller must be able to demonstrate that consent was given and must make withdrawal as easy as giving it, with withdrawal taking effect prospectively. In a personalization pipeline, that means keeping auditable consent-state records and propagating the current status to collection, training, and inference so processing stops once consent is revoked; otherwise the system cannot prove compliance with the user’s latest choice.
C. Assuming consent for all users unless they send a paper letter.
Consent generally requires an affirmative, accessible user choice rather than blanket assumption by default.
D. Asking once for consent and applying it to any future purpose without notice.
Consent for one purpose does not automatically cover unrelated future uses without updated notice or choice.