Question 24
Domain 3: The Privacy Technologist’s Role in the OrganizationA company is redesigning its preference center to support multiple U.S. opt-out rights in 2026. Which architecture is best?
Correct answer: A
Explanation
A single preference service centralizes consumer choices and can apply each state’s opt-out rules consistently across channels. It also supports “recognized signals” and distributes the resulting suppressions to downstream systems, which prevents conflicting records and ensures one source of truth for compliance.
Why each option is right or wrong
A. One preference service that records choices, accepts recognized signals, and pushes the resulting suppressions to downstream systems
The best architecture is a centralized consumer-choice layer because U.S. state privacy laws in force by 2026 require honoring universal opt-out mechanisms and propagating the resulting restriction across processing systems. For example, the California Consumer Privacy Act as amended by CPRA, Cal. Civ. Code § 1798.135, requires businesses to honor opt-out requests and opt-out preference signals, and the Colorado Privacy Act, Colo. Rev. Stat. § 6-1-1306, similarly requires recognition of universal opt-out mechanisms by July 1, 2024; a single service can record the election once and distribute suppressions to all downstream tools so the same choice is enforced everywhere.
B. Separate opt-out databases for each marketing tool with no central record
C. A PDF form that users print and mail to headquarters
D. A banner that saves the choice only in the current browser tab