Any breach of the right to privacy has to be proportional to the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others. When taking a decision, it needs to be analysed to ensure that the actions taken do not go beyond what is necessary to achieve the required goal. The principle is related to data minimization.

  • Ensure that risks involved for people involved in or impacted by the information sharing are proportional to the expected benefits of the sharing.


Langheinrich, M. (2001). Privacy by Design - Principles of Privacy-Aware Ubiquitous Systems. In Proceeding UbiComp ’01 Proceedings of the 3rd international conference on Ubiquitous Computing (pp. 273–291). [Link

Related Guidance

Protecting the Rights of Data Subjects

Exceptions and lawful processing

Privacy and Personal Data Protection