Title: .A.4. THE PROPORTIONALITY PRINCIPLE

This principle states that the data must be adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed (article 6.1.c). It again has an open texture (its meaning cannot be defined out of context). What is non-proportional data collection in the case of group or individual profiling? We are confronted with many subjects having an interest in their data being collected and processed extensively during their lifetime. A ‘vast collection of processed data’ can be very useful to build personal profiles, to create enhanced personal agents. The more relevant data the intelligent environment and/or personal agent collect and process, the more services and environments can be adapted to the user. 

Compliance with this principle is also difficult to enforce. So far this principle is hardly supported by technology, because the collection, storage and procession mainly depend on the data controller that establishes type 1 identity management systems (account management systems, as discussed in FIDIS deliverable 3.1). Widespread use of type 3 identity management devices (privacy enhanced personal digital assistants) could change this situation by redirecting control to the end user. So the question is whether today’s legislation offers enough protection: Should we respect its open texture and define what is proportional at the level of technology? If this takes away the citizen’s right to decide autonomously whether and to what extent her personal data can be used for profiling, the right to privacy and autonomy is clearly at stake. Insofar as a disproportional data- collection should be prohibited, even if consent has been given, legal support could be created in consumer protection law, stating e.g. that personal data may not be exchanged (‘traded’) for price reductions.