In Understanding data protection: the EU regulation in a nutshell above, accuracy (along with integrity) was motivated by the fact that accuracy of data is necessary in order to be fit for the declared purposes. Any processing that fails to be fit for purpose cannot justify a gain of power over a data subject. See Prohibition of processing that fails to be fit for purpose for detail.
In addition to fitness for purpose, the processing of inaccurate data may have negative consequences for data subjects. These may range from an increased effort that is necessary to exercise one’s rights, over the negation of rights and opportunities, up to negative financial or legal consequences. While processing that is affected by such flaws is arguably not fit for purpose, in addition it would violate the principle of fairness (see Fairness section).
The GDPR defines the principle as follows:
| Definition in Art.5(1)(d) GDPR:
Personal data shall be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’); |
The following discusses various aspects of accuracy in further detail:
How can accuracy be assessed?
The concept of accuracy must be objective. It must be possible to verify whether data is accurate or not without doubt and different verifiers must arrive at the same assessment. This is only possible when the data represents verifiable facts. This is for example not the case for data that represents an expression or a person’s opinion.
The verification of the accuracy of data therefore typically involves the verification of facts that underlie the data. For example, to verify that a mobile phone number actually belongs to a person, a test message with a random code could be sent and received back over another channel.
In some situations, it may be the data subject who provides the controller with the necessary documentation of facts that permit a verification. For example, a data subject may supply a certificate of residency issued by a trusted authority in order to support the verification of an address of residence.
What does “up to date” mean?
When assessing whether data is up to date, the purposes of processing have to be taken into account. For example, a vendor may store the delivery address of a data subject whereas the data subject has since moved to a new residence. If the purpose of processing is to actually deliver goods to the data subject, the address is evidently out of date and the data is unfit for purpose. If the purpose of processing is billing for already delivered goods, however, the old address must be considered to be up to date.
How is inaccuracy of data discovered?
Inaccurate (including out-of-date) data must be rectified or deleted by the controller without delay. But how is inaccuracy in the data actually discovered and what responsibilities do controllers?
The probably most important mechanism for controllers to detect inaccuracy in their data is by being notified by the concerned data subject[1]. In particular, data subject must be aware of the processing (see Art. 13 and 14 GDPR) and can access the data used by the controller (see Art. 15 GDPR). On this basis, they can verify the accuracy of their data and, if necessary, invoke their rightto request rectification of their data (see Art. 16 GDPR). In this case, a controller fulfills the obligation to ascertain accuracy by adequately supporting the right to rectification in their processing.
When data is collected directly from the data subjects, it is most reasonable for a controller to assume that the obtained data are accurate (at least at the time of collection). The situation may be different when the data is collected from another source. In this case, it is the controller’s obligation to verify the accuracy of the obtained data, at least in respect of fitness for the declared purposes of processing and to any negative consequences that inaccuracies may have for data subjects.
For some data elements, the fact that they were directly collected from the data subjects may not be sufficient for a controller to assume accuracy. This is in particular the case when a potentially inaccurate claim leads to benefits for the data subject. In these cases, the controller may need to conduct a verification of the data up front as an integral part of data collection. This is possible for example by requesting data subjects to provide certification by a trusted authority of the claimed facts.
References
1Other mechanisms include for example consistency checks, excessive variance, or a lack of expected correlation. ↑