2. End users must explicitly be asked to give consent for their data to be collected and allowed to opt-out;
3. Data must be used only for the purpose stated and may not be used for unlawful purposes;
4. Data that is collected should be tailored to the specific use and unnecessary information should not be collected;
5. Data should not be retained for any longer than needed to serve the purpose;
6. Data should be accurate and kept up-to-date, and there should be means for users to correct mistakes and to seek redress;
7. Data should be secured against unauthorised access and inadvertent disclosure, but also against loss or destruction;
8. There should be limits on sharing and transfer of data so that the other principles are not violated.