Rina Steenkamp - Privacy and technology

My annotated General Data Protection Regulation

Chapter II Principles

Article 5 Principles relating to personal data processing

October 2013

Article 5

Personal data shall be:

[Lawfulness, fairness and transparency]

[Purpose limitation]

[Data minimisation]

[Accuracy]

[Storage minimisation]

[Effectiveness]

[Integrity]

[Accountability]

[Source: October 2013]

Recital 30

(30) Any processing of personal data should be lawful, fair and transparent in relation to the individuals concerned. In particular, the specific purposes for which the data are processed should be explicit and legitimate and determined at the time of the collection of the data. The data should be adequate, relevant and limited to the minimum necessary for the purposes for which the data are processed; this requires in particular ensuring that the data collected are not excessive and that the period for which the data are stored is limited to a strict minimum. Personal data should only be processed if the purpose of the processing could not be fulfilled by other means. Every reasonable step should be taken to ensure that personal data which are inaccurate are rectified or deleted. In order to ensure that the data are not kept longer than necessary, time limits should be established by the controller for erasure or for a periodic review.

[Source: October 2013 | Notes: Recitals | Context: Recitals]

January 2012

Explanatory memorandum

3.4. Detailed explanation of the proposal

Article 5 sets out the principles relating to personal data processing, which correspond to those in Article 6 of Directive 95/46/EC. Additional new elements are in particular the transparency principle, the clarification of the data minimisation principle and the establishment of a comprehensive responsibility and liability of the controller.

[Source: January 2012 | Context: Proposal from the European Commission]

Article 5 [Amended: October 2013]

Personal data must be:

[Lawfulness, fairness and transparency]

[Purpose limitation]

[Data minimisation]

[Accuracy] [Amended: October 2013]

[Storage minimisation] [Amended: October 2013]

[Accountability] [Amended: October 2013]

[Source: January 2012 | Context: Proposal from the European Commission]

Recital 30

(30) Any processing of personal data should be lawful, fair and transparent in relation to the individuals concerned. In particular, the specific purposes for which the data are processed should be explicit and legitimate and determined at the time of the collection of the data. The data should be adequate, relevant and limited to the minimum necessary for the purposes for which the data are processed; this requires in particular ensuring that the data collected are not excessive and that the period for which the data are stored is limited to a strict minimum. Personal data should only be processed if the purpose of the processing could not be fulfilled by other means. Every reasonable step should be taken to ensure that personal data which are inaccurate are rectified or deleted. In order to ensure that the data are not kept longer than necessary, time limits should be established by the controller for erasure or for a periodic review.

[Source: January 2012 | Notes: Recitals | Context: Proposal from the European Commission, Recitals]

Directive 95/46/EC

Chapter II General rules on the lawfulness of the processing of personal data

Section I Principles relating to data quality

Article 6
Article 6(1)

1. Member States shall provide that personal data must be:

Article 6(2)

2. It shall be for the controller to ensure that paragraph 1 is complied with.

[Context: Article 6 Directive 95/46/EC]