When data protection laws are properly analysed the following key aspects become apparent:
The processing of personal data must be transparent.
The processing must comply with the general rules on lawfulness.
The data subject must be given a right to object.
Transborder flows of personal data are allowed, subject to a test of adequacy.
There must be appropriate remedies, sanctions and penalties.
However, there are some powerful exceptions. For example, the transparency provisions will not apply if they would defeat the purpose of the processing.
European data protection laws are structured around key principles, which the DPA calls the ‘data protection principles’. The DPA contains ...