The European Union (EU) has long recognized the importance of privacy as a human right. In 1980, the Organization for Economic Cooperation and Development (OECD) issued the “Recommendations of the Council Concerning Guidelines Governing the Protection of Privacy and Trans-Border Flows of Personal Data,” which laid out seven principles governing the OECD’s recommendations for protection of private personal data. These principles were then incorporated into the EU’s Data Protection Directive, which regulated the processing of personal data and was officially adopted in 1995. The principles included:
- Notice: data subjects should be given notice when their data is being collected;
- Purpose: data should only be used for the purpose stated and not for any other unstated purposes;
- Consent: data should not be disclosed without the data subject’s consent;
- Security: collected data should be kept secure from any potential abuses;
- Disclosure: data subjects should be informed as to who is collecting their data;
- Access: data subjects should be allowed to access their data and make corrections to any inaccurate data; and,
- Accountability: data subjects should have a method available to them to hold data collectors accountable for not following the above principles.