To protect private data not violated immoderately, there are already some data protection principles existed.
Consent principle which the data subject (any information relating to an identified or identifiable natural person) has given his or her unambiguous consent. However, the effect is not as good as expected which has been discussed in last post.
Fairly and Lawful processing principle which means in general that processing shall not be contrary to any law. (Legislation) This is a broad principle and there shouldn’t be any doubt on this principle.
Purpose(specification and use) limitation principle which personal data may be collected for specified, explicit and legitimate purposes only and can only be processed(use, sharing, re-use) compatibly with these purposes. (OCED) But how we can apply the purpose limitation principle when many uses of data are not known at the time of collection is the challenge.
Data minimization and Data quality principles which the personal data processed must be adequate, relevant and not excessive in relation to the purposes for which it is collected and processed. (OCED) The collected data, the selection of data sources, the processing and etc. shall be fit and not excessive in relation to the purposes. Personal data must also be accurate and kept up to date and must not be kept longer than necessary for the purpose for which collected and processed. However, the challenges are how we can limit data collection when technology relies on inferences and thus on the potential of massive databases and the concept of adequate data for the purpose of the processing can not be accurate defined in such context.
Transparency principle which the controller has obligation to inform the data subject and notify the national Data Protection Authority prior to any processing activity. (Julia M. Fromholz, 2000) For example, many social media websites use profile setting dashboard to inform users the use of data.
Confidentiality and security of processing principle which implementation of appropriate technical and organizational measures to protect personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, or other forms of unlawful processing such as access control, logging, and encryption. (OCED)
As explained above, traditional data protection principles are working well in many situations, but still have some challenges to be met. Communication between data subject and data controller is needed frequently so that private data of data subject isn’t violated and data controller can have adequate data to improve service.
OCED. OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. From: http://www.oecd.org/internet/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm
Julia M. Fromholz, (2000) The European Union Data Privacy Directive, 15 Berkeley Tech. L.J. 471, 472
Legislation, USA (1992). CABLE TELEVISION CONSUMER PROTECTION AND COMPETITION ACT OF 1992. Retrieved 18 March 2010.