Question 12
Domain 2 — Personal Data Lifecycle ManagementWhich of the following is a PRIMARY consideration to protect against privacy violations when utilizing arti cial intelligence (AI) driven business decisions?
Correct answer: B
Explanation
Privacy laws generally require a lawful basis for processing personal data, and consent is a primary safeguard when AI systems use data for business decisions. Verifying that data subjects have consented helps ensure the processing is authorized and limited to the purposes they agreed to, reducing the risk of privacy violations.
Why each option is right or wrong
A. De-identifying the data to be analyzed
De-identification reduces exposure, but does not replace lawful authorization for processing personal data.
B. Verifying the data subjects have consented to the processing
Under GDPR Article 6(1)(a), personal data processing is lawful only where the data subject has given consent for one or more specific purposes, and Article 7 requires the controller to be able to demonstrate that consent was obtained. For AI-driven business decisions that rely on personal data, confirming consent is a primary control because it establishes a lawful basis before processing begins and limits use to the agreed purpose, which is especially important where automated decision-making may otherwise create unauthorized secondary use or profiling risk.
C. De ning the intended objectives
Defined objectives support governance, but privacy violations hinge on whether data use is permitted.
D. Ensuring proper data sets are used to train the models
Training data quality affects model performance and bias more than core privacy authorization.