Bud P. Bruegger (ULD)
|Acknowledgements: The author thankfully acknowledges the contribution by Iñigo de Miguel Beriain (UPV/EHU) who wrote an analysis of this principle as input to the here presented description.|
The following discusses the principle of lawfulness, fairness and transparency that is defined in Art. 5(1)(a) GDPR.
Lawfulness, fairness and transparency at a glance:
According to the GDPR, processing must be lawful and in pursuit of legitimate purposes. It further has to be fair and transparent.
Lawfulness is defined very precisely in the GDPR and is achieved if the purpose of processing falls into one of the six categories (aka. legal bases) listed in Art. 6(1) GDPR.
Legitimate is a much wider concept, meaning compliance with the letter of the law the spirit of the law, the values of society (in particular, the European Charter of Fundamental Rights), and the principles of ethics.
Fairness is used in its common understanding. It prohibits for example manipulative practices on part of the controller, such as nudging. Arguably, most articles of the GDPR are about fairness. To name the principle explicitly may be a fallback for the case where a consequence of fairness may not be spelled out explicitly in the GDPR. This prevents any loop holes.
Transparency of processing is a main strategy to balance power between controller and data subject. It works by pulling everthing into the light and thus open it up to scrutiny. It is spelled out in the GDPR as detailed requirements of information that has to be provided by the controller to both, data subjects and supervisory authorities.