Question 17
UnclassifiedWhat is the main privacy concern when a company buys data from a broker?
Correct answer: B
Explanation
When a company buys data from a broker, the key privacy issue is whether the data was obtained and shared lawfully and whether its use matches what people were told. The company should check source legitimacy, notice, permitted uses, accuracy, and downstream uses because privacy law and fair-information principles require data use to align with expectations and legal limits.
Why each option is right or wrong
A. Brokered data is always illegal
B. The company should evaluate source legitimacy, notice, permitted uses, accuracy, and whether downstream uses match expectations and law
Under the GDPR’s accountability and fairness principles, the buyer cannot treat brokered data as automatically usable; it must verify that the broker had a lawful basis and that any onward disclosure is compatible with the original purpose under Articles 5(1)(a) and 6, with transparency obligations in Articles 13 and 14. In practice, that means checking where the data came from, what notice was given, whether the intended use is within the permitted scope, and whether the data is accurate enough for the new purpose, because a mismatch can create an unlawful secondary use even if the purchase itself was commercial.
C. Brokered data cannot be combined with first-party data
D. Brokered data is exempt from breach-notification duties