The purpose of a data processing operation
They must not use personal data without establishing an exact purpose. The controller determines the purpose from the start, which will impact how the data processing operation is further carried out. Based on this purpose controllers will decide:
- which data they may process;
- what they will do with them;
- whether they can disclose them and to whom.
Subsequently, they may only carry out the operations that help them achieve their purpose and that are compatible with this purpose. Compatibility is assessed taking into account all relevant factors, particularly data subjects' reasonable expectations and applicable rules and legislation. If controllers use data for other purposes that are incompatible with the original purpose, this is punishable. For example:
- a fitness club selling its member list to a company selling diets;
- an ophtalmologist transmitting his patients' names to a company specialising in contact lenses (in comparison: the ophtalmologist may give medical records to colleagues to request their opinion).
The controller may not envisage any purpose. It is self-evident that the purpose must be legitimate, i.e. that the controller's interests and those of the data subject are balanced. A purpose that would imply an exaggerated violation of the data subject's privacy is not legitimate. Creating a file of individuals close to their sixtieth birthday, for instance, in order to send them information about a funeral insurance on the day of their birthday "because it is time to consider this", is not a legitimate purpose. In this case the disadvantage the data subjects experience is undoubtedly greater than the commercial interests of the person creating the file.
Once controllers have established a legitimate purpose, they must also ensure they meet one of the following conditions. They may only process data if:
- data subjects have given their unambiguous, free and informed consent;
- the processing is necessary for the performance of an agreement the data subject has entered into with the controller (e.g. a bank which has agreed to a mortgage);
- the processing is required by law. Employers, for example, must transmit certain data about their members of staff to social security institutions;
- the processing is of vital interest to the data subjects, for instance when they are unconscious after an accident and medical data need to be collected to provide care to patients;
- the processing must take place in the public interest. The postal services have the right to create a file with changes of address, for example, so that they can continue to deliver letters after the data subjects have moved;
- the processing is necessary with a view to the controller's or another individual's legitimate interest, at least if the data subject's interests are not more important.