As a result, government agencies and companies are able to target citizens and consumers ever more precisely with offers of services and products, an arrangement people are often quite happy with. Sometimes, however, they find it extremely annoying to see that public bodies or companies know, or think they know, so much about them. If the information is used in a transparent manner, for example by offers on paper, the citizen or consumer can do something about it. If, however, profiles play a role behind the scenes - for example, an offer, loan, job or grant is refused on the basis of a profile - the situation is more complicated. For this reason transparency is an important principle of privacy legislation: a person whose data are being processed must know who is processing what data and for what purpose. If so desired, the data subject can then confront the 'all-knowing' organization and put an end to undesired and possibly unlawful infringement of his or her personal privacy.
Privacy legislation contains no ethical standards regarding the use of personal data, but lays down clear rules about how organizations must deal with the data. In order to provide the data subject with insight into the data processing, privacy legislation compels the person or organization who is responsible for processing the data to inform the data subject accordingly, unless the latter already has that information. When the data subject is duly informed, he or she can exercise the right of access and rectification, the right to receive an explanation of the logic involved in and the purpose of the processing, and, finally, the right to object.
Furthermore, privacy legislation places demands on information systems in order to protect the personal privacy of the data subjects. The processing must have a legitimate basis, which can mean that the data subject must give his or her consent. Additionally, the person or organization responsible for the processing must safeguard the quality of the data and may not use them for purposes other than those for which they were originally disclosed. The processing organization must also ensure that unauthorized persons or organizations do not have access to the personal data.
Setting up an information warehouse demands numerous technical and organizational measures. It is a good idea to incorporate privacy-enhancing technologies (PETs) into the early stages of setting up such a databank. Many aspects of a sound information policy in themselves contribute to good privacy protection. A good privacy policy follows on from a good information policy more closely than is generally assumed.
Citation
Borking, J., Artz, M., Almelo, L. van, Gouden bergen van gegevens. Over datawarehousing, datamining en privacy [Goldmines of data. On data-warehousing, data-mining and privacy] Dutch DPA, September 1998. Background studies & Investigations 10