Privacy, recognised as a fundamental right by the Treaty of the EU and the Universal Declaration of Human Rights, is a much debated concept in respect to the online world. Many services are provided free in exchange for personal information that is used to sell advertising. And emerging new technologies make it increasingly easy to collect, store and process huge amounts of personal data of Internet users. The challenge is to ensure that users are fully aware of what private information is being collected and what it is being used for and that they are empowered to make real choices about whether they want that to happen or not.

The ability to collate, mine and monetise data can deliver huge financial rewards – but, consumers must be able to trust those with access to personal data that are using it only in ways for which they have given express permission.

ICOMP believes that complying with privacy rules is not only respectful of users but is also a pre-condition for effective competition in the online marketplace. Competition based on the quality of the privacy practices can and will normally lead to continuous improvement of users’ privacy and stimulate innovation in this area. Those companies offer better privacy protection than their competitors will gain competitive advantage. However, appropriate enforcement of existing regulatory frameworks is required to ensure a fair playing field for all and to guard against a race to the bottom in terms of privacy protection.

ICOMP acknowledges that the current debate on the revision of the EU´s data protection legislation touches upon many of these issues. The complexity of this matter is often such that it is hard to find the right balance between guaranteeing adequate protection of privacy and allowing users access to the free services they love. It is for this reason that ICOMP formulated a number of principles for effective privacy protection, which should guide the deployment of online services and platforms alike.



  1. Data minimisation: only those data should be collected that are necessary for the service requested; this principle applies both to data expressly requested from the user and for all other data collected by the provider of the service.
  2. Proportionality: the “value” of the data to the person whose data are being collected should not exceed the advantage that he or she gains by using the service or “app”. This principle applies in addition to the principle of data minimisation.
  3. Proactive not Reactive: Privacy invasive events must be prevented and anticipated before they happen.
  4. Privacy by Default: No action should be required on the part of the individual to protect their privacy — it should be built into the system, by default.
  5. Privacy Embedded into Design: Privacy should be embedded into the design and architecture of IT systems and business practices, not bolted on as an add-on.
  6. Full Functionality: All legitimate interests and objectives should be accommodated in a positive-sum “win-win” manner.
  7. End-to-End Security – Lifecycle Protection: Ensures a secure lifecycle management of information, end-to-end.
  8. Visibility and Transparency: The privacy component parts and operations should remain visible and transparent to users and providers alike.
  9. Respect for User Privacy: Keep the interests of the individual uppermost by offering strong privacy defaults, such as appropriate notice and opt-out options, and empowering user-friendly options.


Jump to:

ICOMP Blogs on Privacy Relevant White Papers

ICOMP Blogs on Privacy

Revisiting the Safe Harbour – Promoting Trade and Trust in the Digital Economy November 19th, 2015 by admin The Initiative for a Competitive Online Marketplace (ICOMP), will be hosting a seminar entitled, Revisiting the Safe Harbour – Promoting ... read more
UK citizens are deeply concerned about data protection, a new Big Brother Watch polling shows March 31st, 2015 by admin The findings of recent polling, commissioned by privacy campaign group Big Brother Watch and carried out by ComRes, clearly show ... read more
Can the egg be unscrambled? January 30th, 2015 by admin Google’s cleverly constructed undertaking actually hides the fact that the largely cosmetic changes only apply to Google’s stated policy, not ... read more

Relevant White Papers

UK flag An Analysis of the ‘Right to be Forgotten’ JudgementJuly 14th, 2014
UK flag Google’s new Privacy Policy: European Privacy and Competition concernsFebruary 9th, 2012
UK flag What you don’t know can hurt you: How market concentration threatens internet diversityAugust 16th, 2011
UK flag Why Privacy by Design is the next crucial step for privacy protectionDecember 8th, 2010
UK flag Openness & the InternetOctober 6th, 2009