Fairness and the General Data Protection Regulation
Fairness and the General Data Protection Regulation – Operationalising Fairness in Data Protection Impact Assessments
Davidson Chalmers Stewart LLP commissioned by Office of the Data Protection Officer at Facebook
This report analyses the literature exploring the meaning of the fairness principle in EU data protection law. Fairness is included in both Article 8(2) of the Charter of Fundamental Rights of the European Union (the Charter) and Article 5(1)(a) of the General Data Protection Regulation (GDPR). Despite these foundations however, the fairness principle has been largely unexplored and remains broadly undefined in the data protection framework, case law and guidance literature. Indeed, it is well recognised that there is very little in the way of comprehensive and systematic guidance from Data Protection Authorities in the EU and the relevant EU Institutions, despite the fact that the requirement to process personal data ‘fairly’ is a standard-bearer in the data protection principles. This in turn, provides challenges for Data Protection Officers (DPOs) to fulfil their obligations and ensure that processing activities comply with the fairness principle, demonstrating the important connection between fairness and the accountability principle provided for in Article 5(2) of the Regulation.