Transparency and accountability principles have been added to the data protection laws in Europe with the arrival of the GDPR in May 2018. The current Directive does not include them in the “Principles relating to data quality - article 6”.
Those two principles are so important that you could attempt to explain the GDPR by only referring to them:
- Be transparent with the personal data you are processing,
- Be accountable for your actions.
Take a step back from data protection regulations and you will see that those principles are now expected from businesses throughout the world. Looking at recent news tends to confirm this:
- Lactalis tainted milk: a particularly secretive organisation in France, Lactalis, has not been transparent and open on the actions it is taking to address the salmonella issues one of its factory have had. The CEO ended up giving one of its first interviews to a newspaper to explain the actions they were taking to tackle the issue. The lack of transparency here was not accepted by the general public, forcing the company with this move. A few years ago it could be argued that people might not have wanted as much transparency.
- Apple’s iPhone slowdown controversy highlights that people now demands companies to be transparent about their products. In this case this is not so much about degrading batteries, but rather what impact a degraded battery has on the product itself. Being transparent about it enables customers to make better decisions before they buy the product but also when they use it. Apple quickly put in place measures to address this and demonstrated they were accountable for this, which is to their credit.
Transparency is tightly linked with accountability, indeed, customers demanding more transparency are also expecting more accountability from companies. In the Lactalis case the CEO offered financial compensation to customers but the government - feeling the pressure from citizens - replied that “money can’t buy everything”.
Those two examples are indications that accountability and transparency are increasingly demanded by people on a wide range of cases. Not surprisingly this is reflected in the GDPR which is, in parts, designed to address concerns from European citizen about how their personal data are being processed.