Issue
Protection of Personal Data
Election Parts
Criteria
- Personal data controllers complied with data minimization, accuracy, confidentiality, integrity, and storage limitation obligations
- Everyone had the right to know whether information about themselves was processed and to obtain it in an accessible format
- Personal data could be collected and processed based on informed consent
- Citizens that offered proof of identity had the right to rectify information about them that was inaccurate
- Personal data collected was not used for other purposes
- An independent, duly-resourced body oversaw compliance with data protection principles
- Personal data controllers provided clear and accessible information about their data collection and processing policies and practices
- Internet intermediaries were transparent and provided easy access to their policies and practice on online content management, distribution, and automated processing
- The legal framework protected the privacy of personal information
Summaries
- States should adopt laws protecting privacy of personal information.
- Personal data should not be stored longer than necessary for the purposes pursued.
- An independent, duly-resourced body should oversee compliance with data protection principles.
- Everyone who offers proof of identity has the right to have rectifications made to information about them in the case of unlawful, unnecessary, or inaccurate entries.
- Collection of personal data should be minimized, relevant, and limited to purposes pursued.
- Personal data controllers should provide clear and easily accessible information about their data collection and processing policies and practices.
- Unless provided for by law, or necessary to deliver a service or for other legitimate purposes, personal information may only be used based on informed consent.
- Everyone has the right to rectification of incorrect personal data.
- Internet intermediaries should recognize and protect human rights online, including through accessible and effective complaint and redress mechanisms.
- Internet intermediaries should ensure transparency and easy access to their policies and practices regarding online content management, strategic dissemination, and automated processing.
- Everyone who offers proof of identity has the right to know whether information concerning him/her is being processed, and to obtain it in an intelligible form.
- Personal data should only be collected for specified and legitimate purposes.
- Personal data controllers should ensure data accuracy and protect personal data from unauthorized disclosure, loss, modification, or other misuses.