Privacy by Deletion: The Need for a Global Data Deletion Principle
With global personal information flows increasing, efforts have been made to develop principles to standardize data protection regulations. However, no set of principles has yet achieved universal adoption. This note proposes a principle mandating that personal data be securely destroyed when it is no longer necessary for the purpose for which it was collected. Including a data deletion principle in future data protection standards will increase respect for individual autonomy and decrease the risk of abuse of personal data. Though data deletion is already practiced by many data controllers, including it in legal data protection mandates will further the goal of establishing an effective global data protection regime.