Mauritius Resolution on Big Data (Oct. 14, 2014) (full-text).
The Resolution sets out principles and recommendations designed to reduce the risks associated with the collection and use of data for players in the connected devices and big data ecosystems. The Resolution makes the following key observations and recommendations:
- Implement privacy by design.
- Be transparent about what data is collected, how data is processed, for what purposes data will be used, and whether data will be distributed to third parties.
- Define the purpose of collection at the time of collection and, at all times, limit use of the data to the defined purpose.
- Obtain consent.
- Collect and store only the amount of data necessary for the intended lawful purpose.
- Allow individuals access to data maintained about them, information on the source of the data, key inputs into their profile, and any algorithms used to develop their profile.
- Allow individuals to correct and control their information.
- Conduct a privacy impact assessment.
- Consider data anonymization.
- Limit and carefully control access to personal data.
- Conduct regular reviews to verify if results from profiling are responsible, fair and ethical and compatible with and proportionate to the purpose for which the profiles are being used.
- Allow for manual assessments of any algorithmic profiling outcomes with significant effects to individuals.