I was pointed to Paolo Guardia’s excellent Data Protection, Information Privacy, and Security Measures: an Essay on the European and the Italian Legal Frameworks. Here’s an excerpt:
Data Protection Principles
Data protection regulations in the EU set the main principles that establish how data processing shall be performed. We can summarize privacy principles as follows:
• Fair and Lawful Processing: the collection and processing of personal data shall neither unreasonably intrude upon the data subjects’ privacy nor unreasonably interfere with their autonomy and integrity, and shall be compliant with the overall legal framework.
• Consent: personal data shall be collected and processed only if the data subject has given his explicit consent to their processing.
• Purpose Specification: personal data shall be collected for specified, lawful and legitimate purposes and not processed in ways that are incompatible with the purposes for which data have been collected.
• Minimality: the collection and processing of personal data shall be limited to the minimum necessary for achieving the specific purpose. This includes that personal data shall be retained only for the time necessary to achieve the specific purpose.
• Minimal Disclosure: the disclosure of personal data to third parties shall be restricted and only occur upon certain conditions.
• Information Quality: personal data shall be accurate, relevant, and complete with respect to the purposes for which they are collected and processed.
• Data Subject Control: the data subject shall be able to check and influence the processing of his personal data.
• Sensitivity: the processing of personal data, which are particularly sensitive for the data subject, shall be subject to more stringent protection measures than other personal data.
• Information Security: personal data shall be processed in a way that guarantees a level of security appropriate to the risks presented by the processing and the nature of the data.
Will the pervasive data mining on the web ever become compliant?