New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Exin PDPF Exam - Topic 1 Question 78 Discussion

Actual exam question for Exin's PDPF exam
Question #: 78
Topic #: 1
[All PDPF Questions]

A shopkeeper wants to register how many visitors enter his shop every day. A system detects the MAC- address of each visitor's smartphone. It is impossible for the shopkeeper to identify the owner of the phone from this signal, but telephone providers can link the MAC-address to the owner of the phone. According to the GDPR, is the shopkeeper allowed to use this method?

Show Suggested Answer Hide Answer
Suggested Answer: C

Yes, because the shopkeeper cannot identify the owner of the telephone. Incorrect. The issue is not whether the shopkeeper can identify the visitor, but that it is technically possible to do so.

Yes, because the visitor has automatically consented by connecting to the Wi-Fi. Incorrect. Consent must be an active, informed and free act of agreement to the processing. To see a MAC-address, the visitor does not need to be logged onto the Wi-Fi.

No, because the telephones MAC-address must be regarded as personal data. Correct. The phone's signal is a unique code that can be linked to the owner of the phone. The data must be regarded as personal data, because it is technically possible to identify the visitor. (Literature: A, Chapter 3; GDPR Article 26 and 30)

No, because the telephone providers are the owners of the MAC-addresses. Incorrect. The shopkeeper is not allowed to keep the data or process it because it must be regarded as personal data. The telephone provider is not the owner of the MAC-address, nor is the telephone provider protected by the GDPR.


by Bea at Jan 13, 2025, 02:36 AM

Limited Time Offer

25%

Off

Get Premium PDPF Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Aide
3 months ago
I thought it was fine if they can't identify the person directly.
upvoted 0 times
...
Rachael
4 months ago
No way, it's definitely not okay to use that data without consent.
upvoted 0 times
...
Alverta
4 months ago
Wait, so the shopkeeper can't even track foot traffic?
upvoted 0 times
...
Linette
4 months ago
Totally agree, they should be considered personal info!
upvoted 0 times
...
Werner
4 months ago
I think it's C, MAC addresses are personal data.
upvoted 0 times
...
Roosevelt
4 months ago
I thought that if the shopkeeper can't identify the owner directly, it might be okay, but I’m not confident. Maybe option A could be valid?
upvoted 0 times
...
Tamra
5 months ago
I practiced a similar question about data collection methods, and I think the key is whether the data can identify someone. So, I guess option C is the best choice here.
upvoted 0 times
...
Sharika
5 months ago
I'm not entirely sure, but I feel like the shopkeeper might need explicit consent from visitors to collect that data, which makes me lean towards option B.
upvoted 0 times
...
Whitney
5 months ago
I remember discussing how MAC addresses can be considered personal data under GDPR, so I think option C might be correct.
upvoted 0 times
...
Johnna
5 months ago
I'm pretty confident I know the right answer here. The MAC address is considered personal data under GDPR, so the shopkeeper can't use it without the visitor's consent. Option C looks like the way to go.
upvoted 0 times
...
Tamala
5 months ago
Okay, I think I've got a handle on this. The key is that the shopkeeper can't identify the owner from the MAC address alone, so that suggests it might be allowed. But I'll double-check the GDPR details to be sure.
upvoted 0 times
...
Sunny
5 months ago
Hmm, I'm a bit confused on this one. The question is asking about the shopkeeper's use of the MAC address, but it's not clear if that's allowed under GDPR. I'll need to think it through step-by-step.
upvoted 0 times
...
Dorsey
5 months ago
This seems like a tricky one. I'll need to carefully consider the GDPR implications and whether the MAC address counts as personal data.
upvoted 0 times
...
Rueben
1 year ago
I bet the shopkeeper is trying to catch people who shoplift by tracking their phones. Sneaky! But option C is probably the right answer here.
upvoted 0 times
...
Quiana
1 year ago
Haha, imagine the shopkeeper trying to call the phone provider and be like 'Hey, can you tell me who this MAC-address belongs to?' That's just not gonna work. I vote for C.
upvoted 0 times
Janey
1 year ago
Yeah, it's definitely a privacy concern. The shopkeeper shouldn't be able to use that information.
upvoted 0 times
...
Terina
1 year ago
I agree, the MAC-address should be considered personal data.
upvoted 0 times
...
...
Colette
1 year ago
But what if the visitor has consented by connecting to the Wi-Fi?
upvoted 0 times
...
Una
1 year ago
Hmm, I'm not so sure. The shopkeeper can't identify the owner directly, so I'm leaning towards option A. It's just a MAC-address, not a full name and address.
upvoted 0 times
...
Carline
1 year ago
I think option C is correct. The MAC-address is considered personal data, so the shopkeeper cannot use it without the visitor's consent.
upvoted 0 times
Tracey
1 year ago
C) No, because the telephone's MAC-address must be regarded as personal data.
upvoted 0 times
...
Lindsey
1 year ago
B) No, because the telephone providers are the owners of the MAC-addresses.
upvoted 0 times
...
Roosevelt
1 year ago
A) Yes, because the shopkeeper cannot identify the owner of the telephone
upvoted 0 times
...
...
Kathryn
1 year ago
I agree with Yoko. The MAC-address should be considered personal data.
upvoted 0 times
...
Yoko
1 year ago
I think the shopkeeper should not use this method.
upvoted 0 times
...

Save Cancel