92
BIG BROTHER WATCH AND OTHERS v. THE UNITED KINGDOM JUDGMENT
long-term programme of work. The Secretariat’s supporting report
(Annex D) identifies a number of core principles of public international law:
Core principles
“23. A number of core principles are discernible from developments in this field in
almost forty-years. Such principles include the following:
Lawful and fair data collection and processing: This principle presupposes that the
collection of personal data would be restricted to a necessary minimum. In particular such
data should not be obtained unlawfully or through unfair means;
Accuracy: The information quality principle is a qualitative requirement and entails a
responsibility that the data be accurate, and necessarily complete and up to date for the
purpose intended.
Purpose specification and limitation: This principle establishes the requirement that the
purpose for which the data are collected should be specified to the data subject. Data should
not be disclosed, made available or otherwise used for purposes other than those specified.
It has to be done with the consent or knowledge of the data-subject or under the operation
of the law. Any subsequent use is limited to such purpose, or any other that is not
incompatible with such purpose. Differences lie in the approaches taken by States. Some
jurisdictions perceive the obligation for consent to be ex ante.
Proportionality: Proportionality requires that the necessary measure taken should be
proportionate to the legitimate claims being pursued.
Transparency: Denotes a general policy of openness regarding developments, practices
and policies with respect to protection of personal data.
Individual participation and in particular the right to access: This principle may be the
most important for purposes of data protection. The individual should have access to such
data; as well as to the possibility of determining whether or not the keeper of the file has
data concerning him; to obtain such information or to have it communicated to him in a
form, in a manner and at a cost that is reasonable. This accords with the right of an
individual to know about the existence of any data file, its contents, to challenge the data
and to have it corrected, amended or erased.
Non-discrimination: This principle connotes that data likely to give rise to unlawful and
arbitrary discrimination should not be compiled. This includes information collated on
racial or ethnic origin, colour, sex life, political opinions, religious, philosophical and other
beliefs as well as membership of an association or trade union.
Responsibility: This principle embraces data security; data should be protected by
reasonable and appropriate measures to prevent their loss, destruction, unauthorized access,
use, modification or disclosure and the keeper of the file should be accountable for it.
Independent supervision and legal sanction: Supervision and sanction require that there
should be a mechanism for ensuring due process and accountability. There should be an
authority accountable in law for giving effect to the requirements of data protection.
Data equivalency in the case of transborder flow of personal data: This is a principle of
compatibility; it is intended to avoid the creation of unjustified obstacles and restrictions to
the free flow of data, as long as the circulation is consistent with the standard or deemed
adequate for that purpose.
The principle of derogability: This entails power to make exceptions and impose
limitations if they are necessary to protect national security, public order, public health or
morality or to protect the rights of others.”
Derogability
“24. While privacy concerns are of critical importance, such concerns have to be
balanced with other value-interests. The privacy values to avoid embarrassment, to