Collection of personal data should be minimized, relevant, and limited to purposes pursued.
- Personal data shall be: (...) (b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’).
- Personal data shall be: (...) (c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’).
- The Committee of Ministers therefore, under the terms of Article 15.b of the Statute of the Council of Europe, recommends that member States, in consultation with private sector actors and civil society, develop and promote coherent strategies to protect freedom of expression, access to information and other human rights and fundamental freedoms in relation to search engines in line with the Convention for the Protection of Human Rights and Fundamental Freedoms (...), in particular by engaging with search engine providers to carry out the following actions: (...) – enhance transparency in the collection of personal data and the legitimate purposes for which they are being processed; – enable users to access easily, and, where appropriate, to correct or delete their personal data processed by search engine providers; – develop tools to minimise the collection and processing of personal data, including enforcing limited retention periods, adequate irreversible anonymisation, as well as tools for the deletion of data.
- Member States (through the designated authorities) should enforce compliance with the applicable data protection principles, in particular by engaging with search engine providers to carry out the following actions: – ensure that the collection of personal data by search engine providers is minimised. No user’s IP address should be stored when it is not necessary for the pursuit of a legitimate purpose and when the same results can be achieved by sampling or surveying, or by anonymising personal data. Innovative approaches promoting anonymous searches should also be encouraged; – ensure that retention periods are not longer than strictly necessary for the legitimate and specified purposes of the processing. Search engine providers should be in a position to justify with demonstrable reasons the collection and the retention of personal data. Information in this connection should be made publicly available and easily accessible; – ensure that search engine providers apply the most appropriate security measures to protect personal data against unlawful access by third parties and that appropriate data breach notification schemes are in place. Measures should include “end-to-end” encryption of the communication between the user and the search engine provider; – ensure that individuals are informed with regard to the processing of their personal data and the exercise of their rights, in an intelligible form, using clear and plain language, adapted to the data subject. Search engines should clearly inform users up front of all intended uses of their data (emphasising that the initial purpose of such processing is to better respond to their search requests) and respect the user’s right with regar to their personal data. They should inform individuals if their personal data has been compromised.
- Where appropriate, individuals should be provided with clear, prominent, easily understandable, accessible and affordable mechanisms to exercise choice in relation to the collection, use and disclosure of their personal information.
- Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up to date.
- The General Assembly (...) 7. Calls upon business enterprises: (...) (c) To implement administrative, technical and physical safeguards to ensure that data are processed lawfully and to ensure that such processing is limited to what is necessary in relation to the purposes of the processing and that the legitimacy of such purposes, as well as the accuracy, integrity and confidentiality of the processing, is ensured.
- The collection of personal information should be limited to information that is relevant to the purposes of collection and any such information should be obtained by lawful and fair means, and where appropriate, with notice to, or consent of, the individual concerned.
- Personal information collected should be used only to fulfill the purposes of collection and other compatible or related purposes except: a) with the consent of the individual whose personal information is collected; b) when necessary to provide a service or product requested by the individual; or, c) by the authority of law and other legal instruments, proclamations and pronouncements of legal effect.
- States should encourage social media, media, search and recommendation engines and other intermediaries which use algorithms, along with media actors, regulatory authorities, civil society, academia and other relevant stakeholders to engage in open, independent, transparent and participatory initiatives that: (...) – implement the principle of privacy by design in respect of any automated data processing techniques and ensure that such techniques are fully compliant with the relevant privacy and data protection laws and standards.
- Internet intermediaries should limit the processing of personal user data to what is necessary in the context of a clearly defined purpose, which is explicitly communicated to all users in a proactive manner. The processing, including collection, retention, aggregation, storage, adaptation, alteration, linking or sharing of personal data shall be based on the free, specific, informed and unambiguous consent of the user, with respect to a specific purpose, or on another legitimate basis laid down by law, as prescribed by Convention 108.
- Principle of respect for privacy 1. Public authorities shall have respect for privacy, particularly when processing personal data. 2. When public authorities are authorised to process personal data or files, particularly by electronic means, they shall take all necessary measures to guarantee privacy. 3. The rules relating to personal data protection, notably as regards the right to have access to personal data and secure the rectification or removal of any data that is inaccurate or shall not have been recorded, shall apply to personal data processed by public authorities.
- Personal data are processed lawfully (with the unambiguous consent of the data subject or on the basis of law) for legitimate purposes and not in excess of such purposes, accurately and securely. These conditions apply also to profiling (personal data automatic processing techniques that collect and use information about an individual in order to identify, analyse or predict his or her personal preferences, behaviour and attitudes).
- Online intermediaries and digital media should implement the UN Guiding Principles on Business and Human Rights and conduct due diligence to ensure that their products, policies and practices, including in the areas of collection of private data and microtargeting of messages, do not interfere with human rights.
- The data processing in both electoral and political advertising (in particular microtargeting advertising) context shall comply with data protection principles under Article 5 of Convention 108+. These personal data must be processed in compliance with purpose limitation and data minimisation principles. In particular, according to Recommendation CM/Rec(2012)4 of the Committee of Ministers on the protection of human rights with regard to social networking services, social networks should secure the informed consent of their users before their personal data is shared with other categories of people or companies or used in ways other than those necessary for the specified purposes for which they were originally collected.
- The legal framework should prohibit the collection, use or dissemination of personal data or information in any manner for any purpose other than the exercise of suffrage rights. In particular, care should be given to provisions that relate to fingerprints, photographs and personal identification numbers, as well as to ethnicity or other factors that could lead to discrimination or place the voter at risk of personal harm.
- Personal data that are processed must be adequate, relevant, correct and, if necessary, up to date; all reasonable measures must be taken to complete, correct, block or erase data that are incomplete or incorrect.
- Citizens need to be protected in the processing of personal data particularly during the election period when large amounts of personal data are processed, including those available in the electoral registers. As regards the registers data privacy has to be balanced against the transparency required for electoral integrity.