|
GDPR Article 25(2) requires "that, by default, only personal data which are necessary for each specific purpose of the processing are processed."
UK Information Commissioner advises: "Consider adopting a 'privacy-first' approach with any default settings."
Reference and details: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/data-protection-by-design-and-default/
The European Data Protection Board points out: "Default settings include both parameters that can be set by controllers and data subjects."
Reference and details: https://edpb.europa.eu/sites/edpb/files/consultation/edpb_guidelines_201904_dataprotection_by_design_and_by_default.pdf
|