When evaluating Data Protection laws and enforcement appetite, one sometimes needs to refer to the 7 principles. These were agreed by the OECD in 1980 and I summarise them below.
- Notice, Data subjects should be given notice when their data is being collected.
- Purpose, Data should only be used for the purpose stated
- Consent, Data should not be disclosed without the data subject’s consent
- Security, Collected data should be kept secure from potential abuses
- Disclosure, Data subjects should be informed as to who is collecting their data
- Access, Data subjects should be allowed to access their data and make corrections to any inaccurate data.
- Accountability, Data subjects should have a method available to them to hold data collectors accountable to the above principles.
Europe’s privacy laws are constructed by building legislative infrastructure based on treaties and then the creation of law. This diagram below shows the time line of European infrastructure (above the line) and law (below the line), it was made in a year or so ago and thus does not have the UK’s departure from the EU, nor the assignment of “Adequacy” by the Commission.
While much focus today is on the EU’s GDPR, the principles that underpin it, are more broadly accepted than that law, and in some areas, the GDPR maybe found wanting.
This blog post originally appeared on my LinkedIn blog.