Part 4. Core International Data Protection Principles: Collection limitation, lawfulness and fairness

The principle of collection limitation with respect to personal data establishes that data should be collected by way of fair and lawful means, with the knowledge and when appropriate, the consent of the data subject as so to limit indiscriminate data collection.

In the Smart Data environment where it sometimes appears that as much data is collected as possible, legal limitations frequently relate to the  purposes and the grounds for the data processing, sensitivity of data, and data quality aspects.

Remember, personal data must be processed in a lawful way using either the grounds of consent, contractual purposes, compliance with legal obligations, the protection of vital interests of a data subject, as a task of public interest, or the legitimate interests of the data controller or third parties.

What is fairness? We could say that with respect to data processing, it means the adoption of a balanced and proportionate processing that takes into account the reasonable interests and expectations of data subjects with reference to their individual privacy. Processing should not intrude on the privacy, autonomy or integrity of data subjects in an unreasonable manner.  Like openness, fairness is fundamental in the Smart Data environment.  Fairness goes beyond legal compliance, taking an ethical dimension of data protection into consideration. 

If you are reading this blog you are probably well-aware that big data and data processing can provide decision makers, researchers and you and I with incredibly useful insights, but processing algorithms can also present significant risks insofar as they can be used to influence the fundamental principles of democratic society which must be protected.  Technologies, in order to be fair, must respect fundamental rights and freedoms and grant dignity in the digital society.  We can even think of fairness by design, building fairness into the  very design of data processing activities including services, applications, products and algorithms which allow information/data processing.  Algorithms can, in fact, be designed and developed in a way that is compatible with the concept of “fairness by design”.

Collection limitation 

The principle of collection limitation is related to the restrictions placed on the processing of predefined categories of personal data due to their nature.  We may think of sensitive data here where different requirements are applied for different types of data.

Generally speaking, sensitive data concern personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or  a natural person’s sex life or sexual orientation.  The processing of such data is often forbidden and explicit consent required unless such processing represents a legal obligation or is necessary to protect the vital interests of the data subject.

With respect to the data of children, collection is also restricted and processing is lawful only when the child is of at least 16 years of age.  Below 16 years processing is subject to the consent of the legal guardian of the child.